{"info":{"_postman_id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","name":"Customer API","description":"

The RocketCyber Customer API provides insight into our data without having to interact with the browser application.

Most Current Version: v3

Instructions on finding your API Token in the RocketCyber application can be found here:
https://helpdesk.kaseya.com/hc/en-gb/articles/9239984991505-Customer-API-Finding-Access-Token

\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"16064925","collectionId":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","publishedId":"UVR8oTBn","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"publishDate":"2025-12-12T18:34:06.000Z"},"item":[{"name":"v2","item":[{"name":"/account/:id","id":"96ca549c-0211-4b6e-9bc2-3e75cf0d5e6a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v2/account/:id","description":"

The account endpoint returns account information for the given account ID.

[Required] The account data will be retrieved for this account id.

\n","type":"text/plain"},"type":"any","value":"2","key":"id"}]}},"response":[{"id":"e1651636-6ba0-4ca7-bcf0-3e1fe9bd0560","name":"Success (Before Snowflake)","originalRequest":{"method":"GET","header":[],"url":{"raw":"https://api-us.rocketcyber.com/v2/account/:id","protocol":"https","host":["api-us","rocketcyber","com"],"path":["v2","account",":id"],"query":[{"key":"variable","value":"something","disabled":true}],"variable":[{"key":"id","value":"14559","description":"[Required] The account data will be retrieved for this account id."}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Cowboy"},{"key":"Connection","value":"keep-alive"},{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"607"},{"key":"Etag","value":"W/\"25f-P1bxoXx6JHmjA04b8AiTdBokAbk\""},{"key":"Date","value":"Thu, 14 Jul 2022 19:17:55 GMT"},{"key":"Via","value":"1.1 vegur"}],"cookie":[],"responseTime":null,"body":"{\n \"name\": \"Test Solutions\",\n \"hierarchy\": \"Kaseya Production Account Management -> Test Solutions\",\n \"path\": \"9578.145542119\",\n \"address\": {\n \"street1\": \"1407 ALways Way\",\n \"street2\": \"Suite E\",\n \"city\": \"Ceake\",\n \"state\": \"MA\",\n \"country\": \"United States of America\",\n \"zipCode\": \"23330\"\n },\n \"type\": \"Provider\",\n \"status\": \"Active\",\n \"emails\": null,\n \"customers\": [\n 12334,\n 12335\n ]\n}"},{"id":"04807046-1063-4b46-bb96-d363a7eda4aa","name":"Success (After Snowflake)","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id"],"query":[{"key":"variable","value":"something","disabled":true}],"variable":[{"key":"id","value":"14559","description":"[Required] The account data will be retrieved for this account id."}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Cowboy"},{"key":"Connection","value":"keep-alive"},{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"607"},{"key":"Etag","value":"W/\"25f-P1bxoXx6JHmjA04b8AiTdBokAbk\""},{"key":"Date","value":"Sat, 16 Jul 2022 16:49:09 GMT"},{"key":"Via","value":"1.1 vegur"}],"cookie":[],"responseTime":null,"body":"{\n \"name\": \"Test Solutions\",\n \"hierarchy\": \"Kaseya Production Account Management -> Test Solutions\",\n \"path\": \"9578.145542119\",\n \"address\": {\n \"street1\": \"1407 ALways Way\",\n \"street2\": \"Suite E\",\n \"city\": \"Ceake\",\n \"state\": \"MA\",\n \"country\": \"United States of America\",\n \"zipCode\": \"23330\"\n },\n \"type\": \"Provider\",\n \"status\": \"Active\",\n \"emails\": null,\n \"customers\": [\n 12334,\n 12335\n ]\n}"}],"_postman_id":"96ca549c-0211-4b6e-9bc2-3e75cf0d5e6a"},{"name":"/account/:id/agents","id":"4708a178-0f4f-4dea-a650-ab8086e14086","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v2/account/:id/agents","description":"

The agents endpoint returns all the device information for all devices associated to the account ID provided.

[Optional] The request will be filtered based on this property.\nOptions: connectivity

\n","type":"text/plain"},"key":"filterBy","value":"connectivity"},{"disabled":true,"description":{"content":"

[Optional] The request filterBy property will be filtered by this value.\nOptions: online, offline, isolated

\n","type":"text/plain"},"key":"filterValue","value":"offline"},{"disabled":true,"description":{"content":"

[Optional] Required if sortBy defined. Determine the order of the sort either descending or ascending.\nDefault: desc\nOptions: asc, desc

\n","type":"text/plain"},"key":"orderBy","value":"asc"},{"disabled":true,"description":{"content":"

[Optional] The agents will be sorted based on this property.\nDefault: id\nOptions: id, hostname, agentVersion, lastConnected

\n","type":"text/plain"},"key":"sortBy","value":"lastConnected"}],"variable":[{"description":{"content":"

[Required] The account id of the agents.

\n","type":"text/plain"},"type":"any","value":"2","key":"id"}]}},"response":[{"id":"862ea8bd-267f-4816-809d-7028feff7e46","name":"Success (Before Snowflake)","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/agents","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","agents"],"query":[{"key":"filterBy","value":"connectivity","description":"[Optional] The request will be filtered based on this property.\nOptions: connectivity","disabled":true},{"key":"filterValue","value":"offline","description":"[Optional] The request filterBy property will be filtered by this value.\nOptions: online, offline, isolated","disabled":true},{"key":"orderBy","value":"asc","description":"[Optional] Required if sortBy defined. Determine the order of the sort either descending or ascending.\nDefault: desc\nOptions: asc, desc","disabled":true},{"key":"sortBy","value":"lastConnected","description":"[Optional] The agents will be sorted based on this property.\nDefault: id\nOptions: id, hostname, agentVersion, lastConnected","disabled":true}],"variable":[{"key":"id","value":"23114","description":"[Required] The account id of the agents."}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Cowboy"},{"key":"Connection","value":"keep-alive"},{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"31148"},{"key":"Etag","value":"W/\"79ac-ju8S3gQJYqRz7j7uJHRfBlwws7c\""},{"key":"Date","value":"Thu, 14 Jul 2022 19:22:19 GMT"},{"key":"Via","value":"1.1 vegur"}],"cookie":[],"responseTime":null,"body":"{\n \"totalCount\": 1,\n \"currentPage\": 1,\n \"totalPages\": 1,\n \"dataCount\": 1,\n \"data\": [\n {\n \"id\": \"asda12341aasdafg1ag1llk412a\",\n \"customerId\": 2311414,\n \"hostname\": \"Test-PROBE02\",\n \"ipv4Address\": \"192.111.3.100\",\n \"macAddress\": \"C4:34:64:54:F4:D4\",\n \"createdAt\": \"2022-02-25T19:21:19.677Z\",\n \"platform\": \"Microsoft\",\n \"family\": \"Windows\",\n \"version\": \"10\",\n \"edition\": \"Pro\",\n \"architecture\": \"64-bit\",\n \"build\": \"19041\",\n \"release\": \"2009\",\n \"accountPath\": \"2.1123.145542119\",\n \"agentVersion\": \"v1.5 \\\"Release\\\" Build (22460)\",\n \"connectivity\": \"online\",\n \"lastConnected\": \"2022-07-14T19:18:14.794Z\"\n }\n ]\n}"},{"id":"514046b4-7d8f-4920-8b47-c549c261a188","name":"Success (After Snowflake)","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/agents","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","agents"],"query":[{"key":"filterBy","value":"connectivity","description":"[Optional] The request will be filtered based on this property.\nOptions: connectivity","disabled":true},{"key":"filterValue","value":"offline","description":"[Optional] The request filterBy property will be filtered by this value.\nOptions: online, offline, isolated","disabled":true},{"key":"orderBy","value":"asc","description":"[Optional] Required if sortBy defined. Determine the order of the sort either descending or ascending.\nDefault: desc\nOptions: asc, desc","disabled":true},{"key":"sortBy","value":"lastConnected","description":"[Optional] The agents will be sorted based on this property.\nDefault: id\nOptions: id, hostname, agentVersion, lastConnected","disabled":true}],"variable":[{"key":"id","value":"23114","description":"[Required] The account id of the agents."}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Cowboy"},{"key":"Connection","value":"keep-alive"},{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"31195"},{"key":"Etag","value":"W/\"79db-MV0bwOypdkg74ogvS1t0mg6toQs\""},{"key":"Date","value":"Sat, 16 Jul 2022 20:21:15 GMT"},{"key":"Via","value":"1.1 vegur"}],"cookie":[],"responseTime":null,"body":"{\n \"totalCount\": 1,\n \"currentPage\": 1,\n \"totalPages\": 1,\n \"dataCount\": 1,\n \"data\": [\n {\n \"id\": \"asda12341aasdafg1ag1llk412a\",\n \"customerId\": 2311414,\n \"hostname\": \"Test-PROBE02\",\n \"ipv4Address\": \"192.111.3.100\",\n \"macAddress\": \"C4:34:64:54:F4:D4\",\n \"createdAt\": \"2022-02-25T19:21:19.677Z\",\n \"platform\": \"Microsoft\",\n \"family\": \"Windows\",\n \"version\": \"10\",\n \"edition\": \"Pro\",\n \"architecture\": \"64-bit\",\n \"build\": \"19041\",\n \"release\": \"2009\",\n \"accountPath\": \"2.1123.145542119\",\n \"agentVersion\": \"v1.5 \\\"Release\\\" Build (22460)\",\n \"connectivity\": \"online\",\n \"lastConnected\": \"2022-07-14T19:18:14.794Z\"\n }\n ]\n}"}],"_postman_id":"4708a178-0f4f-4dea-a650-ab8086e14086"},{"name":"/account/:id/apps","id":"1d99b869-ec6c-4a81-b4d8-ecd6070bdfa8","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v2/account/:id/apps","auth":{"type":"bearer","bearer":{"token":""},"isInherited":true,"source":{"_postman_id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","name":"Customer API","type":"collection"}},"urlObject":{"path":["v2","account",":id","apps"],"host":["{{CUSTOMER_API_URL}}"],"query":[{"disabled":true,"description":{"content":"

[Optional] The apps will be in sorted based on this property.\nDefault: id\nOptions: id, name

\n","type":"text/plain"},"key":"sortBy","value":"name"},{"disabled":true,"description":{"content":"

[Optional] Required if sortBy defined. Determine the order of the sort either descending or ascending.\nDefault: asc\nOptions: asc, desc

\n","type":"text/plain"},"key":"orderBy","value":"desc"},{"disabled":true,"description":{"content":"

[Optional] The type of apps to request.\nDefault: active\nOptions: active, inactive

\n","type":"text/plain"},"key":"status","value":"inactive"}],"variable":[{"description":{"content":"

[Required] The account id of the apps.

\n","type":"text/plain"},"type":"any","value":"2","key":"id"}]}},"response":[{"id":"e7ef3fb4-5fa7-4eb3-93b9-b7e77b5ac596","name":"Success (Before Snowflake)","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/apps","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","apps"],"query":[{"key":"sortBy","value":"name","description":"[Optional] The apps will be in sorted based on this property.\nDefault: id\nOptions: id, name","disabled":true},{"key":"orderBy","value":"desc","description":"[Optional] Required if sortBy defined. Determine the order of the sort either descending or ascending.\nDefault: asc\nOptions: asc, desc","disabled":true},{"key":"status","value":"inactive","description":"[Optional] The type of apps to request.\nDefault: active\nOptions: active, inactive","disabled":true}],"variable":[{"key":"id","value":"2","description":"[Required] The account id of the apps."}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Cowboy"},{"key":"Connection","value":"keep-alive"},{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"6624"},{"key":"Etag","value":"W/\"19e0-21UZhtVUpWJ/eYj8eiNJ2MhB2lQ\""},{"key":"Date","value":"Thu, 14 Jul 2022 19:23:04 GMT"},{"key":"Via","value":"1.1 vegur"}],"cookie":[],"responseTime":null,"body":"{\n \"totalCount\": 37,\n \"currentPage\": 1,\n \"totalPages\": 1,\n \"dataCount\": 37,\n \"data\": [\n {\n \"id\": 2,\n \"name\": \"Advanced Breach Detection\",\n \"description\": \"This app identifies computers that are compromised where security defenses have been circumvented. Malicious activity reported by this app requires immediate investigation.\"\n },\n {\n \"id\": 3,\n \"name\": \"System Process Verifier\",\n \"description\": \"Detects and analyzes system processes for known suspicious or malicious behaviors based on various factors including disk image location, timestamp fingerprinting and Levenshtein distance calculations.\"\n },\n {\n \"id\": 4,\n \"name\": \"Cyber Terrorist Network Connections\",\n \"description\": \"This app detects network connections to various nation states that have been known to engage in cyberterrorist activities.\"\n },\n {\n \"id\": 5,\n \"name\": \"Endpoint Event Log Monitor\",\n \"description\": \"The app monitors the Microsoft Windows, macOS and Linux Event Logs for suspicious events. Detected events are security related activities such as failed logins, clearing security logs, unauthorized activity, etc.\\r\\n\"\n },\n {\n \"id\": 6,\n \"name\": \"Crypto Mining Detection\",\n \"description\": \"Detects crypto mining activity form browser based crypto miners as well as common crypto mining client software.\"\n },\n {\n \"id\": 7,\n \"name\": \"Suspicious Network Services\",\n \"description\": \"This app detects suspicious network services running on an endpoint. While there are 65,535 available network services for legitimate use, suspicious detections are defined as well known ports and services that are leveraged for malicious intent.\"\n },\n {\n \"id\": 8,\n \"name\": \"Suspicious Tools\",\n \"description\": \"This app detects programs that can negatively impact the security of the system and business network. Detected suspicious tools should be investigated and are categorized as hacking utilities, password crackers, or other tools used by attackers for malicious purposes.\"\n },\n {\n \"id\": 9,\n \"name\": \"Malicious File Detection\",\n \"description\": \"Monitors and detects suspicious and malicious files that are written to disk or executed.\"\n },\n {\n \"id\": 10,\n \"name\": \"Active Directory Monitor and Sync\",\n \"description\": \"This app will monitor for changes to user accounts in Active Directory and synchronize changes to the Breach Secure Now Cloud. Optionally reporting changes to the Console.\"\n },\n {\n \"id\": 11,\n \"name\": \"Defender Manager\",\n \"description\": \"This App provides full multi-tenant command and control of Microsoft Defender. Now you have the power to utilize the advanced capabilities found in Microsoft Defender including Attack Surface Reduction, Advanced Ransomware protection and more.\"\n },\n {\n \"id\": 12,\n \"name\": \"Firewall Log Analyzer\",\n \"description\": \"This app acts as a syslog server collecting log messages from edge devices on your network. Messages are parsed and analyzed for potential threat indicators. \\r\\nWhen a potential threat or security related event is detected, this app will report the message in the Cloud Console.\\r\\n\\r\\n\"\n },\n {\n \"id\": 18,\n \"name\": \"Office 365 Secure Score\",\n \"description\": \"Overall description of cloud security posture with itemized remediation plans across all Office365 tenants\"\n },\n {\n \"id\": 19,\n \"name\": \"Office 365 Log Monitor\",\n \"description\": \"Multi-tenant event log monitor for aggregated data representing all accounts linked to Microsoft365\"\n },\n {\n \"id\": 20,\n \"name\": \"Office 365 Login Analyzer\",\n \"description\": \"Detects logins outside the expected countries or known malicious IP addresses\"\n },\n {\n \"id\": 21,\n \"name\": \"Data Discovery\",\n \"description\": \"This app will discover unprotected sensitive data on devices.\"\n },\n {\n \"id\": 22,\n \"name\": \"SentinelOne Monitor\",\n \"description\": \"This app reports on detections from Sentinel One\"\n },\n {\n \"id\": 24,\n \"name\": \"Cylance Monitor\",\n \"description\": \"This app reports on detections from Cylance Protect\"\n },\n {\n \"id\": 60,\n \"name\": \"Office 365 Risk Detection\",\n \"description\": \"Focus on the riskiest accounts, users, and behaviors. Determined risk through a combination of industry heuristics and machine learning.\"\n },\n {\n \"id\": 61,\n \"name\": \"Bitdefender Monitor\",\n \"description\": \"This app reports on detections from Bitdefender\"\n },\n {\n \"id\": 62,\n \"name\": \"IronScales Monitor\",\n \"description\": \"Collects data from IronScales email security\"\n },\n {\n \"id\": 63,\n \"name\": \"Deep Instinct Monitor\",\n \"description\": \"This app reports on detections from Deep Instinct\"\n },\n {\n \"id\": 64,\n \"name\": \"Pwnd Monitor\",\n \"description\": \"Check if your email and domain accounts have been compromised in a data breach.\"\n },\n {\n \"id\": 65,\n \"name\": \"DNS Filter Monitor\",\n \"description\": \"Collects information from DNS Filter\"\n },\n {\n \"id\": 66,\n \"name\": \"Passly Monitor\",\n \"description\": \"This app will monitor the logon data from Passly.\"\n },\n {\n \"id\": 67,\n \"name\": \"Sophos Monitor\",\n \"description\": \"This app reports on detections from Sophos\"\n },\n {\n \"id\": 68,\n \"name\": \"Barracuda ESS Monitor\",\n \"description\": \"This app monitors your Barracuda ESS email security detections\"\n },\n {\n \"id\": 69,\n \"name\": \"Barracuda Sentinel Monitor\",\n \"description\": \"This app monitors Barracuda Sentinel email protection.\\r\\n\"\n },\n {\n \"id\": 70,\n \"name\": \"Cisco Duo Monitor\",\n \"description\": \"This app monitors logons via Cisco Duo\"\n },\n {\n \"id\": 72,\n \"name\": \"Host Vulnerability Scanner\",\n \"description\": \"This app scans windows desktops and servers for known vulnerabilities.\\r\\n\"\n },\n {\n \"id\": 73,\n \"name\": \"Microsoft Exchange Hafnium Exploit Detection\",\n \"description\": \"This app will look for specific IOC's related to exploitation of Microsoft Exchange 2010, 2013, 2016 and 2019 via CVE CVE-2021-26855 , CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.\\r\\nIt will also report the patch status for mitigations against these vulnerabilities.\"\n },\n {\n \"id\": 74,\n \"name\": \"Cisco Umbrella\",\n \"description\": \"\"\n },\n {\n \"id\": 75,\n \"name\": \"VSA Threat Hunt\",\n \"description\": \"This app monitors the Kaseya VSA Kworking folder looking for known malware attack files.\"\n },\n {\n \"id\": 76,\n \"name\": \"Print Nightmare Hunt\",\n \"description\": \"This app performs the following checks for the Windows Remote Code Execution Print Spooler Vulnerability CVE-2021-34527\\r\\n\\r\\n1. Checks if the print spooler service is enabled\\r\\n2. Scans the %SystemRoot%\\\\System32\\\\spool\\\\drivers for suspicious files\\r\\n3. Checks the windows registry for PointAndPrint settings\\r\\n4. Checks for the presence of patches related to CVE-2021-34527\\r\\n\"\n },\n {\n \"id\": 77,\n \"name\": \"Threat Hunt App\",\n \"description\": \"This app collects positive threat hunt results from custom hunts or from threat hunt feeds. \"\n },\n {\n \"id\": 80,\n \"name\": \"Graphus\",\n \"description\": \"This app will collect alerts from Graphus Email Security\"\n },\n {\n \"id\": 113,\n \"name\": \"VulScan Collector\",\n \"description\": \"This app taps into the internal and external vulnerability scans generated by Vulscan and feeds back details on all issues including remediation recommendations.\"\n },\n {\n \"id\": 114,\n \"name\": \"Defender for Business\",\n \"description\": \"This app collects detection data and events from Microsoft Defender for Business\"\n }\n ]\n}"},{"id":"3704818d-1a20-4ebd-82c6-3e4bdd681076","name":"Success (After Snowflake)","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/apps","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","apps"],"query":[{"key":"sortBy","value":"name","description":"[Optional] The apps will be in sorted based on this property.\nDefault: id\nOptions: id, name","disabled":true},{"key":"orderBy","value":"desc","description":"[Optional] Required if sortBy defined. Determine the order of the sort either descending or ascending.\nDefault: asc\nOptions: asc, desc","disabled":true},{"key":"status","value":"inactive","description":"[Optional] The type of apps to request.\nDefault: active\nOptions: active, inactive","disabled":true}],"variable":[{"key":"id","value":"2","description":"[Required] The account id of the apps."}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Cowboy"},{"key":"Connection","value":"keep-alive"},{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"6078"},{"key":"Etag","value":"W/\"17be-RDphRrxpjRWBPlG2G/6xO8M628E\""},{"key":"Date","value":"Sat, 16 Jul 2022 18:38:11 GMT"},{"key":"Via","value":"1.1 vegur"}],"cookie":[],"responseTime":null,"body":"{\n \"totalCount\": 37,\n \"currentPage\": 1,\n \"totalPages\": 1,\n \"dataCount\": 37,\n \"data\": [\n {\n \"id\": 2,\n \"name\": \"Advanced Breach Detection\",\n \"description\": \"This app identifies computers that are compromised where security defenses have been circumvented. Malicious activity reported by this app requires immediate investigation. \"\n },\n {\n \"id\": 3,\n \"name\": \"System Process Verifier\",\n \"description\": \"Detects and analyzes system processes for known suspicious or malicious behaviors based on various factors including disk image location, timestamp fingerprinting and Levenshtein distance calculations.\"\n },\n {\n \"id\": 4,\n \"name\": \"Cyber Terrorist Network Connections\",\n \"description\": \"This app detects network connections to various nation states that have been known to engage in cyberterrorist activities.\"\n },\n {\n \"id\": 5,\n \"name\": \"Endpoint Event Log Monitor\",\n \"description\": \"The app monitors the Microsoft Windows, macOS and Linux Event Logs for suspicious events. Detected events are security related activities such as failed logins, clearing security logs, unauthorized activity, etc.\\r\\n\"\n },\n {\n \"id\": 6,\n \"name\": \"Crypto Mining Detection\",\n \"description\": \"Detects crypto mining activity form browser based crypto miners as well as common crypto mining client software.\"\n },\n {\n \"id\": 7,\n \"name\": \"Suspicious Network Services\",\n \"description\": \"This app detects suspicious network services running on an endpoint. While there are 65,535 available network services for legitimate use, suspicous detections are defined as well known ports and services that are leveraged for malicious intent.\"\n },\n {\n \"id\": 8,\n \"name\": \"Suspicious Tools\",\n \"description\": \"This app detects programs that can negatively impact the security of the system and business network. Detected suspicious tools should be investigated and are categorized as hacking utlities, password crackers, or other tools used by attackers for malicious purposes.\"\n },\n {\n \"id\": 9,\n \"name\": \"Malicious File Detection\",\n \"description\": \"Monitors and detects suspicious and malicious files that are written to disk or executed.\"\n },\n {\n \"id\": 10,\n \"name\": \"Active Directory Monitor and Sync\",\n \"description\": \"This app will monitor for changes to user accounts in Active Directory and synchronize changes to the Breach Secure Now Cloud. Optionally reporting changes to the Console.\\r\\n\"\n },\n {\n \"id\": 11,\n \"name\": \"Defender Manager\",\n \"description\": \"Provides full Muti-tenant command, control and reporting of Windows Defender Advanced Threat Protection.\"\n },\n {\n \"id\": 12,\n \"name\": \"Firewall Log Analyzer\",\n \"description\": \"This app acts as a syslog server collecting log messages from edge devices on your network. Messages are parsed and analyzed for potential threat indicators. When a potential threat or security related event is detected, this app will report the message in the Cloud Console.\"\n },\n {\n \"id\": 18,\n \"name\": \"Office 365 Secure Score\",\n \"description\": \"Overall description of cloud security posture with itemized remediation plans across all Office365 tenants\"\n },\n {\n \"id\": 19,\n \"name\": \"Office 365 Log Monitor\",\n \"description\": \"Multi-tenant event log monitor for aggregated data representing all accounts linked to Microsoft365\"\n },\n {\n \"id\": 20,\n \"name\": \"Office 365 Login Analyzer\",\n \"description\": \"Detects logins outside the expected countries or known malicious IP addresses\"\n },\n {\n \"id\": 21,\n \"name\": \"Data Discovery\",\n \"description\": \"This app will discover unprotected sensitive data such as credit card information\"\n },\n {\n \"id\": 22,\n \"name\": \"SentinelOne Monitor\",\n \"description\": \"This app reports on detections from Sentinel One\"\n },\n {\n \"id\": 24,\n \"name\": \"Cylance Monitor\",\n \"description\": \"This app reports on detections from Cylance Protect\"\n },\n {\n \"id\": 60,\n \"name\": \"Office 365 Risk Detection\",\n \"description\": \"Focus on the riskiest accounts, users, and behaviors. Determined risk through a combination of industry heuristics and machine learning.\"\n },\n {\n \"id\": 61,\n \"name\": \"Bitdefender Monitor\",\n \"description\": \"This app reports on detections from Bitdefender\"\n },\n {\n \"id\": 62,\n \"name\": \"IronScales Monitor\",\n \"description\": \"Collects data from IronScales email security\"\n },\n {\n \"id\": 63,\n \"name\": \"Deep Instinct Monitor\",\n \"description\": \"This app reports on detections from Deep Instinct\"\n },\n {\n \"id\": 64,\n \"name\": \"Pwnd Monitor\",\n \"description\": \"Uses haveibeenpwned? to monitor for signs that email addresses/domains have been compromised as part of a known hack.\"\n },\n {\n \"id\": 65,\n \"name\": \"DNS Filter Monitor\",\n \"description\": \"Collects information from DNS Filter\"\n },\n {\n \"id\": 66,\n \"name\": \"Passly Monitor\",\n \"description\": \"\"\n },\n {\n \"id\": 67,\n \"name\": \"Sophos Monitor\",\n \"description\": \"\"\n },\n {\n \"id\": 68,\n \"name\": \"Barracuda ESS Monitor\",\n \"description\": \"\"\n },\n {\n \"id\": 69,\n \"name\": \"Barracuda Sentinel Monitor\",\n \"description\": \"\"\n },\n {\n \"id\": 70,\n \"name\": \"Cisco Duo Monitor\",\n \"description\": \"This app monitors logons via Cisco Duo\"\n },\n {\n \"id\": 72,\n \"name\": \"Host Vulnerability Scanner\",\n \"description\": \"Host Vulnerability Devel and Testing\"\n },\n {\n \"id\": 73,\n \"name\": \"Microsoft Exchange Hafnium Exploit Detection\",\n \"description\": \"This app will look for specific IOC's related to exploitation of Microsoft Exchange 2010, 2013, 2016 and 2019 via CVE CVE-2021-26855 , CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.\\r\\nIt will also report the patch status for mitigations against these vulnerabilities.\"\n },\n {\n \"id\": 74,\n \"name\": \"Cisco Umbrella\",\n \"description\": \"CiscoUmbrella\"\n },\n {\n \"id\": 75,\n \"name\": \"VSA Threat Hunt\",\n \"description\": \"This app monitors the Kaseya VSA Kworking folder looking for known malware attack files.\"\n },\n {\n \"id\": 76,\n \"name\": \"Print Nightmare Hunt\",\n \"description\": \"This app performs the following checks for the Windows Remote Code Execution Print Spooler Vulnerability CVE-2021-34527\\r\\n\\r\\n1. Checks if the print spooler service is enabled\\r\\n2. Scans the %SystemRoot%\\\\System32\\\\spool\\\\drivers for suspicious files\\r\\n3. Checks the windows registry for PointAndPrint settings\\r\\n4. Checks for the presence of patches related to CVE-2021-34527\\r\\n\"\n },\n {\n \"id\": 77,\n \"name\": \"Threat Hunt\",\n \"description\": \"The Threat Hunting App\"\n },\n {\n \"id\": 80,\n \"name\": \"Graphus\",\n \"description\": \"Graphus email monitoring\"\n },\n {\n \"id\": 113,\n \"name\": \"VulScan Collector\",\n \"description\": \"This app will received scan results from VulScan\"\n },\n {\n \"id\": 114,\n \"name\": \"Defender for Business\",\n \"description\": \"This app collects detection data and events from Microsoft Defender for Business\"\n }\n ]\n}"}],"_postman_id":"1d99b869-ec6c-4a81-b4d8-ecd6070bdfa8"},{"name":"/account/:id/defender/health","id":"41c5ed2b-b707-4524-9133-4bc0bccb69de","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v2/account/:id/defender/health","auth":{"type":"bearer","bearer":{"token":""},"isInherited":true,"source":{"_postman_id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","name":"Customer API","type":"collection"}},"urlObject":{"path":["v2","account",":id","defender","health"],"host":["{{CUSTOMER_API_URL}}"],"query":[],"variable":[{"description":{"content":"

[Required] The customer account id.

\n","type":"text/plain"},"type":"string","value":"2","key":"id"}]}},"response":[{"id":"5f1c88d3-f996-4e34-9565-e00a171e1575","name":"Success (Before Snowflake)","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/defender/health","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","defender","health"],"variable":[{"key":"id","value":"2","description":"[Required] The customer account id.","type":"string"}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Cowboy"},{"key":"Connection","value":"keep-alive"},{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"75"},{"key":"Etag","value":"W/\"4b-ROjgXLnV4yLOpW1IRylG+ibv8ek\""},{"key":"Date","value":"Thu, 14 Jul 2022 19:23:36 GMT"},{"key":"Via","value":"1.1 vegur"}],"cookie":[],"responseTime":null,"body":"{\n \"totalDevices\": 66,\n \"totalHealthy\": 34,\n \"totalUnhealthy\": 12,\n \"totalUnknown\": 20\n}"},{"id":"4a0e22b5-db76-40d2-9ff6-763ea60b8914","name":"Success (After Snowflake)","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/defender/health","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","defender","health"],"variable":[{"key":"id","value":"2","description":"[Required] The customer account id.","type":"string"}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Cowboy"},{"key":"Connection","value":"keep-alive"},{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"75"},{"key":"Etag","value":"W/\"4b-ROjgXLnV4yLOpW1IRylG+ibv8ek\""},{"key":"Date","value":"Sat, 16 Jul 2022 20:22:32 GMT"},{"key":"Via","value":"1.1 vegur"}],"cookie":[],"responseTime":null,"body":"{\n \"totalDevices\": 66,\n \"totalHealthy\": 34,\n \"totalUnhealthy\": 12,\n \"totalUnknown\": 20\n}"}],"_postman_id":"41c5ed2b-b707-4524-9133-4bc0bccb69de"},{"name":"/account/:id/defender/risk","id":"03a5e3cf-03be-4be6-b8c0-6c00a7a1ada5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v2/account/:id/defender/risk","auth":{"type":"bearer","bearer":{"token":""},"isInherited":true,"source":{"_postman_id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","name":"Customer API","type":"collection"}},"urlObject":{"path":["v2","account",":id","defender","risk"],"host":["{{CUSTOMER_API_URL}}"],"query":[],"variable":[{"description":{"content":"

[Required] The customer account id.

\n","type":"text/plain"},"type":"any","value":"2","key":"id"}]}},"response":[{"id":"7fd0c2e1-b49a-4d8d-aa4e-5cfa8e1e9922","name":"Success (Before Snowflake)","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/defender/risk","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","defender","risk"],"variable":[{"key":"id","value":"2","description":"[Required] The customer account id."}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Cowboy"},{"key":"Connection","value":"keep-alive"},{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"7228"},{"key":"Etag","value":"W/\"1c3c-oHWDYyTDtnf2JHRbvxvNwo4xD98\""},{"key":"Date","value":"Sun, 17 Jul 2022 17:18:50 GMT"},{"key":"Via","value":"1.1 vegur"}],"cookie":[],"responseTime":null,"body":"{\n \"detectionSummary\": {\n \"totalEvents\": 1,\n \"totalMalicious\": 1,\n \"totalSuspicious\": 1,\n \"totalInformational\": 0\n },\n \"devicesAtRisk\": {\n \"total\": 1,\n \"data\": [\n {\n \"deviceId\": \"137f76ff100ced611380278140f11d5d\",\n \"hostname\": \"well-LT-34\",\n \"ipAddress\": \"192.11.11.147\",\n \"operatingSystem\": {\n \"platform\": \"Microsoft\",\n \"family\": \"Windows\",\n \"version\": \"10\",\n \"edition\": \"Enterprise\"\n },\n \"detections\": {\n \"malicious\": 2,\n \"suspicious\": 180,\n \"informational\": 0\n }\n } \n ]\n },\n \"devicesWithPoorHealth\": {\n \"total\": 1,\n \"data\": [\n {\n \"deviceId\": \"1f6013fc0722519410f70cfde0408b4b\",\n \"hostname\": \"Vwell-LT-041\",\n \"ipAddress\": \"192.1.1.9\",\n \"operatingSystem\": {\n \"platform\": \"Microsoft\",\n \"family\": \"Windows\",\n \"version\": \"10\",\n \"edition\": \"Enterprise\"\n }\n }\n ]\n },\n \"devicesWithUnknownHealth\": {\n \"total\": 1,\n \"data\": [\n {\n \"deviceId\": \"38c29171c3d8f295a74a1796d9e247fd\",\n \"hostname\": \"Vweeee-LT-204\",\n \"ipAddress\": \"192.1.1.1\",\n \"operatingSystem\": {\n \"platform\": \"Microsoft\",\n \"family\": \"Windows\",\n \"version\": \"10\",\n \"edition\": \"Enterprise\"\n }\n }\n ]\n }\n}"},{"id":"ea618cba-d0b6-4630-a2d5-04bcda988cfb","name":"Success (After Snowflake)","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/defender/risk","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","defender","risk"],"variable":[{"key":"id","value":"2","description":"[Required] The customer account id."}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Cowboy"},{"key":"Connection","value":"keep-alive"},{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"4880"},{"key":"Etag","value":"W/\"1310-95A6ihfFX61OqhetWpICOKgM7Ok\""},{"key":"Date","value":"Sun, 17 Jul 2022 17:19:29 GMT"},{"key":"Via","value":"1.1 vegur"}],"cookie":[],"responseTime":null,"body":"{\n \"detectionSummary\": {\n \"totalEvents\": 1,\n \"totalMalicious\": 1,\n \"totalSuspicious\": 1,\n \"totalInformational\": 0\n },\n \"devicesAtRisk\": {\n \"total\": 1,\n \"data\": [\n {\n \"deviceId\": \"137f76ff100ced611380278140f11d5d\",\n \"hostname\": \"well-LT-34\",\n \"ipAddress\": \"192.11.11.147\",\n \"operatingSystem\": {\n \"platform\": \"Microsoft\",\n \"family\": \"Windows\",\n \"version\": \"10\",\n \"edition\": \"Enterprise\"\n },\n \"detections\": {\n \"malicious\": 2,\n \"suspicious\": 180,\n \"informational\": 0\n }\n } \n ]\n },\n \"devicesWithPoorHealth\": {\n \"total\": 1,\n \"data\": [\n {\n \"deviceId\": \"1f6013fc0722519410f70cfde0408b4b\",\n \"hostname\": \"Vwell-LT-041\",\n \"ipAddress\": \"192.1.1.9\",\n \"operatingSystem\": {\n \"platform\": \"Microsoft\",\n \"family\": \"Windows\",\n \"version\": \"10\",\n \"edition\": \"Enterprise\"\n }\n }\n ]\n },\n \"devicesWithUnknownHealth\": {\n \"total\": 1,\n \"data\": [\n {\n \"deviceId\": \"38c29171c3d8f295a74a1796d9e247fd\",\n \"hostname\": \"Vweeee-LT-204\",\n \"ipAddress\": \"192.1.1.1\",\n \"operatingSystem\": {\n \"platform\": \"Microsoft\",\n \"family\": \"Windows\",\n \"version\": \"10\",\n \"edition\": \"Enterprise\"\n }\n }\n ]\n }\n}"},{"id":"9673bdd8-aeca-49ea-8aa9-eb476706803f","name":"before defender risk bugfix","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/defender/risk","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","defender","risk"],"variable":[{"key":"id","value":"25156","description":"[Required] The customer account id."}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Cowboy"},{"key":"Connection","value":"keep-alive"},{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"4878"},{"key":"Etag","value":"W/\"130e-uFvOXzS6MmYhtO5+jmZANLwhwvo\""},{"key":"Date","value":"Fri, 05 Aug 2022 17:01:25 GMT"},{"key":"Via","value":"1.1 vegur"}],"cookie":[],"responseTime":null,"body":"{\n \"detectionSummary\": {\n \"totalEvents\": 1,\n \"totalMalicious\": 1,\n \"totalSuspicious\": 1,\n \"totalInformational\": 0\n },\n \"devicesAtRisk\": {\n \"total\": 7,\n \"data\": [\n {\n \"deviceId\": \"1b9926c916a2ce004dd1f3ba9f4eb140\",\n \"hostname\": \"Well-LT-149\",\n \"ipAddress\": \"192.1.1.1\",\n \"operatingSystem\": {\n \"platform\": \"Microsoft\",\n \"family\": \"Windows\",\n \"version\": \"10\",\n \"edition\": \"Enterprise\"\n },\n \"detections\": {\n \"malicious\": 60,\n \"suspicious\": 0,\n \"informational\": 0\n }\n }\n ]\n },\n \"devicesWithPoorHealth\": {\n \"total\": 1,\n \"data\": [\n {\n \"deviceId\": \"1a967806748f650335e42b6c66bc8826\",\n \"hostname\": \"Vwell-LT-29\",\n \"ipAddress\": \"192.1.1.1\",\n \"operatingSystem\": {\n \"platform\": \"Microsoft\",\n \"family\": \"Windows\",\n \"version\": \"10\",\n \"edition\": \"Enterprise\"\n }\n }\n ]\n },\n \"devicesWithUnknownHealth\": {\n \"total\": 1,\n \"data\": [\n {\n \"deviceId\": \"1646af2edb210fcec7b85b3adbb76692\",\n \"hostname\": \"WEEEEEE-LT-174\",\n \"ipAddress\": \"10.1.1.1\",\n \"operatingSystem\": {\n \"platform\": \"Microsoft\",\n \"family\": \"Windows\",\n \"version\": \"10\",\n \"edition\": \"Pro\"\n }\n }\n ]\n }\n}"},{"id":"18f3a737-a258-4a03-a7dd-e2cfe7a0800d","name":"after defender risk bugfix","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/defender/risk","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","defender","risk"],"variable":[{"key":"id","value":"25156","description":"[Required] The customer account id."}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"4884"},{"key":"ETag","value":"W/\"1314-YVmOwYvKECtlr16oS/rFI8Rbsms\""},{"key":"Date","value":"Fri, 05 Aug 2022 17:16:20 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"detectionSummary\": {\n \"totalEvents\": 1,\n \"totalMalicious\": 1,\n \"totalSuspicious\": 1,\n \"totalInformational\": 0\n },\n \"devicesAtRisk\": {\n \"total\": 7,\n \"data\": [\n {\n \"deviceId\": \"1b9926c916a2ce004dd1f3ba9f4eb140\",\n \"hostname\": \"Well-LT-149\",\n \"ipAddress\": \"192.1.1.1\",\n \"operatingSystem\": {\n \"platform\": \"Microsoft\",\n \"family\": \"Windows\",\n \"version\": \"10\",\n \"edition\": \"Enterprise\"\n },\n \"detections\": {\n \"malicious\": 60,\n \"suspicious\": 0,\n \"informational\": 0\n }\n }\n ]\n },\n \"devicesWithPoorHealth\": {\n \"total\": 1,\n \"data\": [\n {\n \"deviceId\": \"1a967806748f650335e42b6c66bc8826\",\n \"hostname\": \"Vwell-LT-29\",\n \"ipAddress\": \"192.1.1.1\",\n \"operatingSystem\": {\n \"platform\": \"Microsoft\",\n \"family\": \"Windows\",\n \"version\": \"10\",\n \"edition\": \"Enterprise\"\n }\n }\n ]\n },\n \"devicesWithUnknownHealth\": {\n \"total\": 1,\n \"data\": [\n {\n \"deviceId\": \"1646af2edb210fcec7b85b3adbb76692\",\n \"hostname\": \"WEEEEEE-LT-174\",\n \"ipAddress\": \"10.1.1.1\",\n \"operatingSystem\": {\n \"platform\": \"Microsoft\",\n \"family\": \"Windows\",\n \"version\": \"10\",\n \"edition\": \"Pro\"\n }\n }\n ]\n }\n}"}],"_postman_id":"03a5e3cf-03be-4be6-b8c0-6c00a7a1ada5"},{"name":"/account/:id/events","id":"bc60b029-4765-4764-bcbd-40e55af2f3a4","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v2/account/:id/events?startDate=2022-06-08","description":"

The events endpoint returns event information for all events associated to the account ID provided.

[Optional] The events will be in sorted based on this property.\nDefault: [appId, detectionDate]\nOptions: appId, deviceId, incidentId, verdict, detectionDate, createdDate

\n","type":"text/plain"},"key":"sortBy","value":"createdDate"},{"disabled":true,"description":{"content":"

[Optional] Required if sortBy defined. Determine the order of the sort either descending or ascending.\nDefault: [desc, desc]\nOptions: asc, desc

\n","type":"text/plain"},"key":"orderBy","value":"asc"},{"description":{"content":"

[Optional] The starting date to search for events from.

\n","type":"text/plain"},"key":"startDate","value":"2022-06-08"},{"disabled":true,"description":{"content":"

[Optional] The ending date to search for events from.

\n","type":"text/plain"},"key":"endDate","value":"2022-07-05 21:46:37.851"},{"disabled":true,"description":{"content":"

[Optional] The request will be filtered based on this property.\nOptions: appId, deviceId, incidentId, verdict

\n","type":"text/plain"},"key":"filterBy","value":"appId"},{"disabled":true,"description":{"content":"

[Optional] The request filterBy property will be filtered by this value.

\n","type":"text/plain"},"key":"filterValue","value":"76"},{"disabled":true,"description":{"content":"

[Optional] The number of items to return from this request.\nDefault: 1000\nMax: 1000

\n","type":"text/plain"},"key":"pageSize","value":"17"},{"disabled":true,"description":{"content":"

[Optional] The current page of the items. The number of pages is dependent on the selected pageSize.\nDefault: 1

\n","type":"text/plain"},"key":"page","value":"1"},{"disabled":true,"key":"filterBy","value":"verdict"},{"disabled":true,"key":"filterValue","value":"2"},{"disabled":true,"key":"filterBy","value":"deviceId"},{"disabled":true,"key":"filterValue","value":""}],"variable":[{"description":{"content":"

[Required] The account id of the events.

\n","type":"text/plain"},"type":"any","value":"2","key":"id"}]}},"response":[{"id":"5849c15a-4ace-48e6-8580-f0db7f3d6b4a","name":"example before snowflake","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/events","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","events"],"query":[{"key":"sortBy","value":"detectionDate","disabled":true},{"key":"orderBy","value":"desc","disabled":true},{"key":"startDate","value":"2021-12-10T00:00:00.000Z","disabled":true},{"key":"endDate","value":"2021-12-13T00:00:00.000Z","disabled":true},{"key":"filterBy","value":"appId","disabled":true},{"key":"filterValue","value":"20","disabled":true},{"key":"sortBy","value":"appId","disabled":true},{"key":"orderBy","value":"desc","disabled":true},{"key":"pageSize","value":"1000","disabled":true},{"key":"page","value":"1","disabled":true}],"variable":[{"key":"id","value":"2"}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Cowboy"},{"key":"Connection","value":"keep-alive"},{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"168832"},{"key":"Etag","value":"W/\"29380-79gtmZfN+6rwEiV7MHrTZme1Wl4\""},{"key":"Date","value":"Wed, 15 Dec 2021 21:11:07 GMT"},{"key":"Via","value":"1.1 vegur"}],"cookie":[],"responseTime":null,"body":"{\n \"totalCount\": 1,\n \"currentPage\": 1,\n \"totalPages\": 1,\n \"dataCount\": 1,\n \"data\": [\n {\n \"appId\": 60,\n \"deviceId\": null,\n \"verdict\": 3,\n \"detectionDate\": \"2022-07-12T16:29:47.555Z\",\n \"value\": \"\",\n \"valueType\": \"signin\",\n \"details\": {\n \"time\": \"2022-07-12T16:29:47.5550826Z\",\n \"result\": null,\n \"source\": \"IdentityProtection\",\n \"activity\": \"signin\",\n \"location\": {\n \"city\": \"New York\",\n \"state\": \"New York\",\n \"geoCoordinates\": {\n \"latitude\": 40.720392,\n \"longitude\": -24.030888\n },\n \"countryOrRegion\": \"US\"\n },\n \"ipAddress\": \"217.1.1.1\",\n \"riskLevel\": \"medium\",\n \"riskState\": \"atRisk\",\n \"riskDetail\": \"none\",\n \"description\": \"none\",\n \"resultReason\": null,\n \"riskEventType\": \"anonymizedIPAddress\",\n \"additionalInfo\": {\n \"Key\": \"userAgent\",\n \"Value\": \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36\"\n },\n \"loggingService\": null,\n \"tokenIssuerType\": \"AzureAD\",\n \"userDisplayName\": \"Test Guy\",\n \"detectedDateTime\": \"2022-07-12T16:29:47.5550826Z\",\n \"userPrincipalName\": \"test@rocketcyber.com\",\n \"detectionTimingType\": \"realtime\"\n },\n \"createdAt\": \"2022-07-12T16:49:11.876Z\",\n \"updatedAt\": \"2022-07-12T16:49:11.876Z\",\n \"customerId\": 123,\n \"accountPath\": \"2.4.123\",\n \"incidentId\": null,\n \"archived\": false\n }\n ]\n}"},{"id":"5b796e6b-bb37-4837-864f-dac7c9bfb6ef","name":"example after snowflake","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/events","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","events"],"query":[{"key":"sortBy","value":"createdDate","description":"[Optional] The events will be in sorted based on this property.\nDefault: [appId, detectionDate]\nOptions: appId, deviceId, incidentId, verdict, detectionDate, createdDate","disabled":true},{"key":"orderBy","value":"desc","description":"[Optional] Determine the order of the sort either descending or ascending.\nDefault: [desc, desc]\nOptions: asc, desc","disabled":true},{"key":"startDate","value":"2022-06-08","description":"[Optional] The starting date to search for events from.","disabled":true},{"key":"endDate","value":"2022-07-05 21:46:37.851","description":"[Optional] The ending date to search for events from.","disabled":true},{"key":"filterBy","value":"deviceId","description":"[Optional] The request will be filtered based on this property.\nOptions: appId, deviceId, incidentId, verdict","disabled":true},{"key":"filterValue","value":"0dcf5996a8f28b687c2e56d591afa2dd","description":"[Optional] The request filterBy property will be filtered by this value.","disabled":true},{"key":"page","value":"2","description":"[Optional] The current page of the items. The number of pages is dependent on the selected pageSize.\nDefault: 1","disabled":true},{"key":"pageSize","value":"10","description":"[Optional] The number of items to return from this request.\nDefault: 1000\nMax: 1000","disabled":true},{"key":"filterBy","value":"appId","disabled":true},{"key":"filterValue","value":"5","disabled":true}],"variable":[{"key":"id","value":"23114","description":"[Required] The account id of the events."}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"39358"},{"key":"ETag","value":"W/\"99be-bPB1MZdYnW9rLr4BM6JXxiazXBg\""},{"key":"Date","value":"Thu, 14 Jul 2022 13:48:55 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"totalCount\": 1,\n \"currentPage\": 1,\n \"totalPages\": 1,\n \"dataCount\": 1,\n \"data\": [\n {\n \"appId\": 60,\n \"deviceId\": null,\n \"verdict\": 3,\n \"detectionDate\": \"2022-07-12T16:29:47.555Z\",\n \"value\": \"\",\n \"valueType\": \"signin\",\n \"details\": {\n \"time\": \"2022-07-12T16:29:47.5550826Z\",\n \"result\": null,\n \"source\": \"IdentityProtection\",\n \"activity\": \"signin\",\n \"location\": {\n \"city\": \"New York\",\n \"state\": \"New York\",\n \"geoCoordinates\": {\n \"latitude\": 40.720392,\n \"longitude\": -24.030888\n },\n \"countryOrRegion\": \"US\"\n },\n \"ipAddress\": \"217.1.1.1\",\n \"riskLevel\": \"medium\",\n \"riskState\": \"atRisk\",\n \"riskDetail\": \"none\",\n \"description\": \"none\",\n \"resultReason\": null,\n \"riskEventType\": \"anonymizedIPAddress\",\n \"additionalInfo\": {\n \"Key\": \"userAgent\",\n \"Value\": \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36\"\n },\n \"loggingService\": null,\n \"tokenIssuerType\": \"AzureAD\",\n \"userDisplayName\": \"Test Guy\",\n \"detectedDateTime\": \"2022-07-12T16:29:47.5550826Z\",\n \"userPrincipalName\": \"test@rocketcyber.com\",\n \"detectionTimingType\": \"realtime\"\n },\n \"createdAt\": \"2022-07-12T16:49:11.876Z\",\n \"updatedAt\": \"2022-07-12T16:49:11.876Z\",\n \"customerId\": 123,\n \"accountPath\": \"2.4.123\",\n \"incidentId\": null,\n \"archived\": false\n }\n ]\n}"}],"_postman_id":"bc60b029-4765-4764-bcbd-40e55af2f3a4"},{"name":"/account/:id/firewalls","id":"7ec536f8-2e91-46ce-a501-c5a3763979bb","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v2/account/:id/firewalls","auth":{"type":"bearer","bearer":{"token":""},"isInherited":true,"source":{"_postman_id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","name":"Customer API","type":"collection"}},"urlObject":{"path":["v2","account",":id","firewalls"],"host":["{{CUSTOMER_API_URL}}"],"query":[{"disabled":true,"description":{"content":"

[Optional] The firewalls will be in sorted based on this property.\nDefault: id\nOptions: id, createdAt

\n","type":"text/plain"},"key":"sortBy","value":"id"},{"disabled":true,"description":{"content":"

[Optional] Required if sortBy defined. Determine the order of the sort either descending or ascending.\nDefault: asc\nOptions: asc, desc

\n","type":"text/plain"},"key":"orderBy","value":"desc"},{"disabled":true,"description":{"content":"

[Optional] The current page of the items. The number of pages is dependent on the selected pageSize.\nDefault: 1

\n","type":"text/plain"},"key":"page","value":"1"},{"disabled":true,"description":{"content":"

[Optional] The number of items to return from this request.\nDefault: 1000\nMax: 1000

\n","type":"text/plain"},"key":"pageSize","value":"2"},{"disabled":true,"description":{"content":"

[Optional] The starting date to search for events from.

\n","type":"text/plain"},"key":"startDate","value":null},{"disabled":true,"description":{"content":"

[Optional] The ending date to search for events from.

\n","type":"text/plain"},"key":"endDate","value":null}],"variable":[{"description":{"content":"

[Required] The account id of the firewalls.

\n","type":"text/plain"},"type":"any","value":"2","key":"id"}]}},"response":[{"id":"8be4c8eb-9126-4e23-bb79-b48e2fdca83d","name":"Success (Before Snowflake)","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/firewalls","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","firewalls"],"query":[{"key":"sortBy","value":"id","description":"[Optional] The firewalls will be in sorted based on this property.\nDefault: id\nOptions: id, createdAt","disabled":true},{"key":"orderBy","value":"desc","description":"[Optional] Required if sortBy defined. Determine the order of the sort either descending or ascending.\nDefault: asc\nOptions: asc, desc","disabled":true},{"key":"page","value":"1","description":"[Optional] The current page of the items. The number of pages is dependent on the selected pageSize.\nDefault: 1","disabled":true},{"key":"pageSize","value":"2","description":"[Optional] The number of items to return from this request.\nDefault: 1000\nMax: 1000","disabled":true},{"key":"startDate","value":null,"description":"[Optional] The starting date to search for events from.","disabled":true},{"key":"endDate","value":null,"description":"[Optional] The ending date to search for events from.","disabled":true}],"variable":[{"key":"id","value":"23114","description":"[Required] The account id of the firewalls."}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Cowboy"},{"key":"Connection","value":"keep-alive"},{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"328"},{"key":"Etag","value":"W/\"148-OnbulUmOCpJaW56M4zFLDBNUeSQ\""},{"key":"Date","value":"Thu, 14 Jul 2022 20:15:39 GMT"},{"key":"Via","value":"1.1 vegur"}],"cookie":[],"responseTime":null,"body":"{\n \"totalCount\": 1,\n \"currentPage\": 1,\n \"totalPages\": 1,\n \"counters\": {\n \"received\": 26075587,\n \"parsed\": 26075587,\n \"filtered\": 26074536,\n \"reported\": 1051\n },\n \"dataCount\": 1,\n \"data\": [\n {\n \"id\": \"386890\",\n \"accountPath\": \"2.4.123\",\n \"details\": {\n \"mac\": \"11:b1:11:11:3a:ec\",\n \"type\": \"sonicwall\"\n },\n \"createdAt\": \"2022-03-01T15:49:25.115Z\",\n \"instanceType\": \"firewall\"\n }\n ]\n}"},{"id":"96b1293a-af72-4df2-8202-4750129fa194","name":"Success (After Snowflake)","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/firewalls","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","firewalls"],"query":[{"key":"sortBy","value":"id","description":"[Optional] The firewalls will be in sorted based on this property.\nDefault: id\nOptions: id, createdAt","disabled":true},{"key":"orderBy","value":"desc","description":"[Optional] Required if sortBy defined. Determine the order of the sort either descending or ascending.\nDefault: asc\nOptions: asc, desc","disabled":true},{"key":"page","value":"1","description":"[Optional] The current page of the items. The number of pages is dependent on the selected pageSize.\nDefault: 1","disabled":true},{"key":"pageSize","value":"2","description":"[Optional] The number of items to return from this request.\nDefault: 1000\nMax: 1000","disabled":true},{"key":"startDate","value":null,"description":"[Optional] The starting date to search for events from.","disabled":true},{"key":"endDate","value":null,"description":"[Optional] The ending date to search for events from.","disabled":true}],"variable":[{"key":"id","value":"23114","description":"[Required] The account id of the firewalls."}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Cowboy"},{"key":"Connection","value":"keep-alive"},{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"328"},{"key":"Etag","value":"W/\"148-WV3l1L/6I9ewakMRcUtS9yMA6rc\""},{"key":"Date","value":"Sat, 16 Jul 2022 20:39:34 GMT"},{"key":"Via","value":"1.1 vegur"}],"cookie":[],"responseTime":null,"body":"{\n \"totalCount\": 1,\n \"currentPage\": 1,\n \"totalPages\": 1,\n \"counters\": {\n \"received\": 26075587,\n \"parsed\": 26075587,\n \"filtered\": 26074536,\n \"reported\": 1051\n },\n \"dataCount\": 1,\n \"data\": [\n {\n \"id\": \"386890\",\n \"accountPath\": \"2.4.123\",\n \"details\": {\n \"mac\": \"11:b1:11:11:3a:ec\",\n \"type\": \"sonicwall\"\n },\n \"createdAt\": \"2022-03-01T15:49:25.115Z\",\n \"instanceType\": \"firewall\"\n }\n ]\n}"}],"_postman_id":"7ec536f8-2e91-46ce-a501-c5a3763979bb"},{"name":"/account/:id/incidents","id":"7d244dde-43c7-4e1d-9a20-08897531cab4","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v2/account/:id/incidents","description":"

The incidents endpoint returns the incident information for all incidents associated to the account ID provided.

[Optional] {date.iso} The date to stop getting information from.

\n","type":"text/plain"},"key":"endDate","value":"2021-06-01T00:00:00.000Z"},{"disabled":true,"description":{"content":"

[Optional] Determine the order of the sort either descending or ascending.\nDefault: desc\nOptions: asc, desc

\n","type":"text/plain"},"key":"orderBy","value":"asc"},{"disabled":true,"description":{"content":"

[Optional] The current page of the items. The number of pages is dependent on the selected pageSize.\nDefault: 1

\n","type":"text/plain"},"key":"page","value":"2"},{"disabled":true,"description":{"content":"

[Optional] The number of items to return from this request.\nDefault: 1000\nMax: 1000

\n","type":"text/plain"},"key":"pageSize","value":"2"},{"disabled":true,"description":{"content":"

[Optional] How to sort the incident results.\nDefault: created\nOptions: created, closed, updated

\n","type":"text/plain"},"key":"sortBy","value":"updated"},{"disabled":true,"description":{"content":"

[Optional] The type of incidents to request.\nDefault: all\nOptions: all, open, closed

\n","type":"text/plain"},"key":"status","value":"open"},{"disabled":true,"description":{"content":"

[Optional] {date.iso} The date to start getting infromation from

\n","type":"text/plain"},"key":"startDate","value":"2021-01-01T00:00:00.000Z"}],"variable":[{"type":"any","value":"2","key":"id"}]}},"response":[{"id":"63a8fd10-a596-4114-8011-ccae59ea90a0","name":"Success (Before Snowflake)","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/incidents","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","incidents"],"query":[{"key":"endDate","value":"","description":"[OPTIONAL] The date to stop getting infromation from","disabled":true},{"key":"startDate","value":"","description":"[OPTIONAL] The date to start getting infromation from","disabled":true},{"key":"sortBy","value":"","description":"{OPTIONAL] How to sort the incident results\nDefault: created\nOptions: created, closed, updated\n","disabled":true},{"key":"status","value":"","description":"[OPTIONAL] How to filter the incident results\nDefault: all\nOptions: all, open, closed","disabled":true},{"key":"page","value":"","description":"[OPTIONAL] For paginating: the page number to return the rsults from starting from 1\nDefault: 1","disabled":true},{"key":"pageSize","value":"","description":"[OPTIONAL] For paginating: the number of items to receive at one time\nDefault: 1000","disabled":true},{"key":"orderBy","value":"","description":"[OPTIONAL] The order by which to return the results\nDefault: desc\nOptions: asc, desc","type":"text","disabled":true}],"variable":[{"key":"id","value":"2","description":"The account id to retrieve the incidents from"}]}},"_postman_previewlanguage":null,"header":null,"cookie":[],"responseTime":null,"body":"{\n \"totalCount\": 1,\n \"currentPage\": 1,\n \"totalPages\": 1,\n \"dataCount\": 1,\n \"data\": [\n {\n \"id\": \"123\",\n \"title\": \"Webroot Detection - \",\n \"description\": \"Webroot detected and remediated the following file:\\r\\n\",\n \"remediation\": \"Review the detection.\\r\\nRun a full AV scan of the system.\\r\\nWhitelist if appropriate.\",\n \"resolvedAt\": \"2001-03-10T21:02:18.112Z\",\n \"publishedAt\": \"2001-03-06T03:07:06.389Z\",\n \"createdAt\": \"2001-03-06T03:07:06.371Z\",\n \"updatedAt\": \"2001-07-29T21:50:13.848Z\",\n \"status\": \"closed\"\n }\n ]\n}"},{"id":"059bddf0-a988-441e-ad52-9e35ad7680a3","name":"Succes (After Snowflake)","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/incidents","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","incidents"],"query":[{"key":"endDate","value":"2021-06-01T00:00:00.000Z","description":"[Optional] {date.iso} The date to stop getting information from.","disabled":true},{"key":"orderBy","value":"asc","description":"[Optional] Determine the order of the sort either descending or ascending.\nDefault: desc\nOptions: asc, desc","disabled":true},{"key":"page","value":"2","description":"[Optional] The current page of the items. The number of pages is dependent on the selected pageSize.\nDefault: 1","disabled":true},{"key":"pageSize","value":"2","description":"[Optional] The number of items to return from this request.\nDefault: 1000\nMax: 1000","disabled":true},{"key":"sortBy","value":"updated","description":"[Optional] How to sort the incident results.\nDefault: created\nOptions: created, closed, updated","disabled":true},{"key":"status","value":"open","description":"[Optional] The type of incidents to request.\nDefault: all\nOptions: all, open, closed","disabled":true},{"key":"startDate","value":"2021-01-01T00:00:00.000Z","description":"[Optional] {date.iso} The date to start getting infromation from","disabled":true}],"variable":[{"key":"id","value":"3","description":"[Required] The account id of the incidents."}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Cowboy"},{"key":"Connection","value":"keep-alive"},{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"17508"},{"key":"Etag","value":"W/\"4464-oVMY/XvtMnsqsI/rzJlFXWmVeR0\""},{"key":"Date","value":"Sat, 16 Jul 2022 20:36:03 GMT"},{"key":"Via","value":"1.1 vegur"}],"cookie":[],"responseTime":null,"body":"{\n \"totalCount\": 1,\n \"currentPage\": 1,\n \"totalPages\": 1,\n \"dataCount\": 1,\n \"data\": [\n {\n \"id\": 123,\n \"title\": \"Sophos Event::Endpoint::CoreCleanFailed - high Severity\",\n \"description\": \"Manual malware cleanup required: 'Troj/JenxLnk-N' at 'E:\\\\TWM - Mr. Arnold Enriquez.pdf.lnk'\",\n \"remediation\": \"Review the detection.\\r\\nInstigate manual removal / recovery efforts\\r\\n\",\n \"resolvedAt\": null,\n \"publishedAt\": \"2022-07-14T21:26:36.219Z\",\n \"createdAt\": \"2022-07-14T21:26:36.170Z\",\n \"updatedAt\": \"2022-07-14T21:26:42.805Z\",\n \"status\": \"open\"\n }\n ]\n}"}],"_postman_id":"7d244dde-43c7-4e1d-9a20-08897531cab4"},{"name":"/account/:id/office","id":"72df9d14-17f2-4239-8d0c-3464a4005e42","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v2/account/:id/office","auth":{"type":"bearer","bearer":{"token":""},"isInherited":true,"source":{"_postman_id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","name":"Customer API","type":"collection"}},"urlObject":{"path":["v2","account",":id","office"],"host":["{{CUSTOMER_API_URL}}"],"query":[],"variable":[{"description":{"content":"

[Required] The account id.

\n","type":"text/plain"},"type":"any","value":"2","key":"id"}]}},"response":[{"id":"f3602ad8-01dd-4924-88ff-9a8b1f85ef6f","name":"Success (Before Snowflake)","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/office","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","office"],"variable":[{"key":"id","value":"23114","description":"[Required] The account id."}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Cowboy"},{"key":"Connection","value":"keep-alive"},{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"33101"},{"key":"Etag","value":"W/\"814d-UpZKFGRrIOddWhg9NZHuIBRRubw\""},{"key":"Date","value":"Sun, 17 Jul 2022 17:20:38 GMT"},{"key":"Via","value":"1.1 vegur"}],"cookie":[],"responseTime":null,"body":"{\n \"secureScoreProgress\": {\n \"startDate\": \"2022-06-04T00:00:00.000Z\",\n \"endDate\": \"2022-07-15T00:00:00.000Z\",\n \"totalDays\": 40,\n \"minScore\": 44.85,\n \"maxScore\": 48.92,\n \"averageScore\": 48.36,\n \"data\": [\n {\n \"detectionDate\": \"2022-06-04T00:00:00.000Z\",\n \"secureScorePercentage\": 36.76\n },\n {\n \"detectionDate\": \"2022-06-05T00:00:00.000Z\",\n \"secureScorePercentage\": 36.76\n },\n {\n \"detectionDate\": \"2022-06-06T00:00:00.000Z\",\n \"secureScorePercentage\": 36.76\n },\n {\n \"detectionDate\": \"2022-06-07T00:00:00.000Z\",\n \"secureScorePercentage\": 36.76\n },\n {\n \"detectionDate\": \"2022-06-08T00:00:00.000Z\",\n \"secureScorePercentage\": 36.76\n },\n {\n \"detectionDate\": \"2022-06-11T00:00:00.000Z\",\n \"secureScorePercentage\": 37.63\n },\n {\n \"detectionDate\": \"2022-06-12T00:00:00.000Z\",\n \"secureScorePercentage\": 37.63\n },\n {\n \"detectionDate\": \"2022-06-13T00:00:00.000Z\",\n \"secureScorePercentage\": 37.63\n },\n {\n \"detectionDate\": \"2022-06-14T00:00:00.000Z\",\n \"secureScorePercentage\": 37.63\n },\n {\n \"detectionDate\": \"2022-06-15T00:00:00.000Z\",\n \"secureScorePercentage\": 37.63\n },\n {\n \"detectionDate\": \"2022-06-16T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-06-17T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-06-18T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-06-19T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-06-20T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-06-21T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-06-22T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-06-23T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-06-24T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-06-25T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-06-26T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-06-27T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-06-28T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-06-29T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-06-30T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-07-01T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-07-02T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-07-03T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-07-04T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-07-05T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-07-06T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-07-07T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-07-08T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-07-09T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-07-10T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-07-11T00:00:00.000Z\",\n \"secureScorePercentage\": 37.55\n },\n {\n \"detectionDate\": \"2022-07-12T00:00:00.000Z\",\n \"secureScorePercentage\": 37.55\n },\n {\n \"detectionDate\": \"2022-07-13T00:00:00.000Z\",\n \"secureScorePercentage\": 37.55\n },\n {\n \"detectionDate\": \"2022-07-14T00:00:00.000Z\",\n \"secureScorePercentage\": 37.55\n },\n {\n \"detectionDate\": \"2022-07-15T00:00:00.000Z\",\n \"secureScorePercentage\": 37.52\n }\n ]\n },\n \"monitoredAccounts\": {\n \"total\": 1,\n \"data\": [\n {\n \"id\": \"DontHackME@rocketcyber.com\",\n \"mfaStatus\": \"unknown\",\n \"licenses\": [\n \"TEAMS_EXPLORATORY\"\n ]\n }\n ]\n },\n \"secureScoreToDo\": {\n \"total\": 22,\n \"data\": [\n {\n \"maxScore\": 50,\n \"control\": \"AdminMFAV2\",\n \"description\": \"Requiring multi-factor authentication (MFA) for all administrative roles makes it harder for attackers to access accounts. Administrative roles have higher permissions than typical users. If any of those accounts are compromised, critical devices and data is open to attack.\\n \",\n \"remediation\": \"Set up Azure Multi-Factor Authentication policies to protect devices and data that are accessible by your users with administrative roles

In the Azure portal Conditional Access page
1. Select + New Policy
2. Go to Assignments > Users and groups > Include > Select users and groups > check Directory roles
3. At a minimum, select the following roles:

Security administrator
Exchange service administrator
Global administrator
Conditional Access Administrator
SharePoint administrator
Helpdesk Administrator
Billing Administrator
User administrator
Authentication Administrator

4. Go to Cloud apps or actions > Cloud apps > Include > select All cloud apps (and don't exclude any apps)
5. Under Access controls > Grant > select Grant Access > check Require multi-factor authentication (and nothing else)
6. Enable policy > On
7. Create\"\n },\n {\n \"maxScore\": 30,\n \"control\": \"UserRiskPolicy\",\n \"description\": \"With the user risk policy turned on, Azure Active Directory detects the probability that a user account has been compromised. As an administrator, you can configure a user risk conditional access policy to automatically respond to a specific user risk level. For example, you can block access to your resources or require a password change to get a user account back into a clean state.\",\n \"remediation\": \"In Azure AD Identity Protection you can configure the user risk remediation policy. For the users in this policy, you need to set the conditions (risk level) under which the policy triggers and whether access is blocked when the policy is triggered. Switch the state of the policy to ON.\"\n },\n {\n \"maxScore\": 30,\n \"control\": \"MFARegistrationV2\",\n \"description\": \"Multi-factor authentication (MFA) helps protect devices and data that are accessible to these users. Adding more authentication methods, such as the Microsoft Authenticator app or a phone number, increases the level of protection if one factor is compromised.\",\n \"remediation\": \"In the Azure portal Conditional Access page
1. Select +New policy
2. Cloud apps > All cloud apps (and don't exclude any apps)
3. Conditions > Client apps > Configure (Yes)
4. Grant > Require multi-factor authentication (and nothing else)
5. Select only the following: Browser, Mobile apps and desktop clients, Modern authentication clients, Exchange ActiveSync clients, Other clients
6. Enable policy > On
7. Create

Optionally, if you have Azure AD Premium P2, you can set up an Azure Multi-Factor Authentication registration policy to help you manage the rollout of Azure MFA in your environment.
In the Azure portal, configure the MFA registration policy by going to the MFA registration page.
1. Under Assignments > Users - Choose All users or choose Select individuals and groups if limiting your rollout
2. Under Controls - Ensure the checkbox Require Azure MFA registration is checked and choose Select
3. Enforce policy > On
4. Save\"\n },\n {\n \"maxScore\": 30,\n \"control\": \"MFARegistrationV2\",\n \"description\": null,\n \"remediation\": \"In the Azure portal Conditional Access page
1. Select +New policy
2. Cloud apps > All cloud apps (and don't exclude any apps)
3. Conditions > Client apps > Configure (Yes)
4. Grant > Require multi-factor authentication (and nothing else)
5. Select only the following: Browser, Mobile apps and desktop clients, Modern authentication clients, Exchange ActiveSync clients, Other clients
6. Enable policy > On
7. Create

Optionally, if you have Azure AD Premium P2, you can set up an Azure Multi-Factor Authentication registration policy to help you manage the rollout of Azure MFA in your environment.
In the Azure portal, configure the MFA registration policy by going to the MFA registration page.
1. Under Assignments > Users - Choose All users or choose Select individuals and groups if limiting your rollout
2. Under Controls - Ensure the checkbox Require Azure MFA registration is checked and choose Select
3. Enforce policy > On
4. Save\"\n },\n {\n \"maxScore\": 30,\n \"control\": \"MFARegistrationV2\",\n \"description\": \"Multi-factor authentication (MFA) helps protect devices and data that are accessible to these users. Adding more authentication methods, such as the Microsoft Authenticator app or a phone number, increases the level of protection if one factor is compromised.\",\n \"remediation\": \"In the Azure portal Conditional Access page
1. Select +New policy
2. Cloud apps > All cloud apps (and don't exclude any apps)
3. Conditions > Client apps > Configure (Yes)
4. Grant > Require multi-factor authentication (and nothing else)
5. Select only the following: Browser, Mobile apps and desktop clients, Modern authentication clients, Exchange ActiveSync clients, Other clients
6. Enable policy > On
7. Create

Optionally, if you have Azure AD Premium P2, you can set up an Azure Multi-Factor Authentication registration policy to help you manage the rollout of Azure MFA in your environment.
In the Azure portal, configure the MFA registration policy by going to the MFA registration page.
1. Under Assignments > Users - Choose All users or choose Select individuals and groups if limiting your rollout
2. Under Controls - Ensure the checkbox Require Azure MFA registration is checked and choose Select
3. Enforce policy > On
4. Save\"\n },\n {\n \"maxScore\": 30,\n \"control\": \"MFARegistrationV2\",\n \"description\": \"Multi-factor authentication (MFA) helps protect devices and data that are accessible to these users. Adding more authentication methods, such as the Microsoft Authenticator app or a phone number, increases the level of protection if one factor is compromised.\",\n \"remediation\": \"In the Azure portal Conditional Access page
1. Select +New policy
2. Cloud apps > All cloud apps (and don't exclude any apps)
3. Conditions > Client apps > Configure (Yes)
4. Grant > Require multi-factor authentication (and nothing else)
5. Select only the following: Browser, Mobile apps and desktop clients, Modern authentication clients, Exchange ActiveSync clients, Other clients
6. Enable policy > On
7. Create

Optionally, if you have Azure AD Premium P2, you can set up an Azure Multi-Factor Authentication registration policy to help you manage the rollout of Azure MFA in your environment.
In the Azure portal, configure the MFA registration policy by going to the MFA registration page.
1. Under Assignments > Users - Choose All users or choose Select individuals and groups if limiting your rollout
2. Under Controls - Ensure the checkbox Require Azure MFA registration is checked and choose Select
3. Enforce policy > On
4. Save\"\n },\n {\n \"maxScore\": 30,\n \"control\": \"SigninRiskPolicy\",\n \"description\": \"Turning on the sign-in risk policy ensures that suspicious sign-ins are challenged for multi-factor authentication (MFA).\",\n \"remediation\": \"In Azure AD Identity Protection you can configure the sign-in risk remediation policy. For the users in this policy, you need to set the conditions (risk level) under which the policy triggers. Switch the state of the policy to ON. It is important to configure the MFA registration policy for all users who are a part of the sign-in risk policy to ensure that they have registered MFA.\"\n },\n {\n \"maxScore\": 30,\n \"control\": \"MFARegistrationV2\",\n \"description\": \"Multi-factor authentication (MFA) helps protect devices and data that are accessible to these users. Adding more authentication methods, such as the Microsoft Authenticator app or a phone number, increases the level of protection if one factor is compromised.\",\n \"remediation\": \"In the Azure portal Conditional Access page
1. Select +New policy
2. Cloud apps > All cloud apps (and don't exclude any apps)
3. Conditions > Client apps > Configure (Yes)
4. Grant > Require multi-factor authentication (and nothing else)
5. Select only the following: Browser, Mobile apps and desktop clients, Modern authentication clients, Exchange ActiveSync clients, Other clients
6. Enable policy > On
7. Create

Optionally, if you have Azure AD Premium P2, you can set up an Azure Multi-Factor Authentication registration policy to help you manage the rollout of Azure MFA in your environment.
In the Azure portal, configure the MFA registration policy by going to the MFA registration page.
1. Under Assignments > Users - Choose All users or choose Select individuals and groups if limiting your rollout
2. Under Controls - Ensure the checkbox Require Azure MFA registration is checked and choose Select
3. Enforce policy > On
4. Save\"\n },\n {\n \"maxScore\": 20,\n \"control\": \"McasOAuthAppNotification\",\n \"description\": \"OAuth app policies can help you manage app permission and notify you when a user or an admin consents to a new Open Authorization (OAuth) app. With this information, you can investigate which permissions each app requested and which users authorized them.\",\n \"remediation\": \"Create an OAuth app policy through Cloud App Security. In the policy page you can create filters and manage alert creation.\"\n },\n {\n \"maxScore\": 20,\n \"control\": \"BlockLegacyAuthentication\",\n \"description\": \"Today, most compromising sign-in attempts come from legacy authentication. Older office clients such as Office 2010 don’t support modern authentication and use legacy protocols such as IMAP, SMTP, and POP3. Legacy authentication does not support multi-factor authentication (MFA). Even if an MFA policy is configured in your environment, bad actors can bypass these enforcements through legacy protocols.\",\n \"remediation\": \"In the Azure AD conditional access portal
1. Select +New policy
2. Conditions > Client Apps > Configure (Yes)
3. Select only Mobile apps and desktop clients and Other clients
4. Next go to Grant > Block access.
5. Enable policy > On
6. Create.\"\n },\n {\n \"maxScore\": 15,\n \"control\": \"McasCloudAppNotification\",\n \"description\": \"App discovery policies can notify you when new apps or abnormal usage is observed within your organization, based on traffic logs data.\",\n \"remediation\": \"Create an app discovery policy through Cloud App Security. In the policy page you can create filters and manage alert creation.\"\n },\n {\n \"maxScore\": 10,\n \"control\": \"PasswordHashSync\",\n \"description\": \"Password hash synchronization is one of the sign-in methods used to accomplish hybrid identity. Azure AD Connect synchronizes a hash, of the hash, of a user's password from an on-premises Active Directory instance to a cloud-based Azure AD instance. Password hash synchronization helps by reducing the number of passwords your users need to maintain to just one. Enabling password hash synchronization also allows for leaked credential reporting.\",\n \"remediation\": \"To use password hash synchronization in your organization, you need to install Azure AD Connect and configure directory synchronization between your on-premises Active Directory instance and your Azure Active Directory instance. The \\\"Enable password hash synchronization\\\" documentation explains password hash synchronization and how to enable it.\"\n },\n {\n \"maxScore\": 10,\n \"control\": \"McasCutomActivityPolicy\",\n \"description\": \"Activity policies help you monitor specific activities carried out by users, or follow unexpectedly high rates of certain types of activities. After you set an activity detection policy, it starts to generate alerts. Alerts are only generated on activities that occur after you create the policy.\",\n \"remediation\": \"Create an activity policy within Cloud App Security to specify user and activity attributes, and define alert & governance settings.\"\n },\n {\n \"maxScore\": 10,\n \"control\": \"IntegratedApps\",\n \"description\": \"Tighten the security of your services by regulating the access of third-party integrated apps. Only allow access to necessary apps that support robust security controls. Third-party applications are not created by Microsoft, so there is a possibility they could be used for malicious purposes like exfiltrating data from your tenancy. Attackers can maintain persistent access to your services through these integrated apps, without relying on compromised accounts.\",\n \"remediation\": \"To prevent users in your organization from allowing third-party apps to access their Office 365 info, go to the Microsoft 365 admin center and then navigate to Settings > Services & add-ins. Select Integrated Apps and clear the associated check box.\"\n },\n {\n \"maxScore\": 10,\n \"control\": \"PWAgePolicyNew\",\n \"description\": \"Research has found that when periodic password resets are enforced, passwords become less secure. Users tend to pick a weaker password and vary it slightly for each reset. If a user creates a strong password (long, complex and without any pragmatic words present) it should remain just as strong in the future as it is today. It is Microsoft's official security position to not expire passwords periodically without a specific reason, and recommends that cloud-only tenants set the password policy to never expire.\",\n \"remediation\": \"In the Microsoft 365 admin center go to Settings > Security & privacy. Then Edit the password policy to never let passwords expire. You must be a global admin to edit the password policy.\"\n },\n {\n \"maxScore\": 5,\n \"control\": \"TLSDeprecation\",\n \"description\": \"Review all your clients to check which ones use TLS 1.0/1.1 and 3DES to communicate with Office 365. The goal is to upgrade your clients to move away from using weaker protocols and cipher. You can access a report showing all the TLS 1.0/1.1 and 3DES connections in your tenants grouped by user and agent information. After all your clients are migrated and the usage below is zero, you will be awarded full points. \",\n \"remediation\": \"All clients using TLS 1.0/1.1 and 3DES to connect to Office 365 need to be upgraded to better protocols (TLS 1.2 or higher) and cipher. In the Microsoft Service Trust Portal, download the TLS depreciation report to see the details of your TLS and 3DES usage. \"\n },\n {\n \"maxScore\": 5,\n \"control\": \"OneAdmin\",\n \"description\": \"Having more than one global administrator helps if you are unable to fulfill the needs or obligations of your organization. It's important to have a delegate or an emergency account someone from your team can access if necessary. It also allows admins the ability to monitor each other for signs of a breach.\",\n \"remediation\": \"Manage user permissions and assign global admin roles in the Microsoft 365 admin center by going to \\\"Active users.\\\" Elevating any users/custom admins to global admins gives them access to all administrative features, including the ability to assign admin roles to other users. We recommend you enforce secure account authentication (for example, MFA) with global admins, because they have more permissions that an attacker can use in the event of a breach. Remember to designate fewer than 5 global admins in your organization to reduce the likelihood of admin accounts being compromised.\"\n },\n {\n \"maxScore\": 5,\n \"control\": \"SelfServicePasswordReset\",\n \"description\": \"With self-service password reset in Azure Active Directory, users no longer need to engage help desk to reset passwords. This feature works well with Azure AD dynamically banned passwords, which prevents easily guessable passwords from being used.\",\n \"remediation\": \"In the Password Reset Azure AD blade you can enable self-service password reset. On the properties page, select All or Selected to choose the users to apply your policy to. Configure your authentication methods for users to reset their passwords. On the Registration page, select Yes under \\\"Require users to register when signing in\\\" and set a number of days before users are asked to re-confirm their authentication information.\"\n },\n {\n \"maxScore\": 5,\n \"control\": \"McasFirewallLogUpload\",\n \"description\": \"Log collectors provide visibility into cloud app usage so you can identify if there are any apps that run without official approval, or if there is anomalous behavior. Log collectors automatically upload reports and parse the firewall/ proxy traffic logs to see if there is a match with your services in the Cloud App Catalog.\",\n \"remediation\": \"Create and manage your organization's data sources in the Automatic log upload page in Cloud Discovery. Make sure you have already created a snapshot Cloud Discovery report, as it's important to upload a log manually and let Microsoft Cloud App Security parse it before trying to use the automatic log collector. After you are ready to do an automatic log upload, define connectivity settings with on-premises firewall appliances by selecting Add data source. Next, use log collectors to easily automate log upload from firewall appliances in your network. Your tenant will have continuous discovery reports when automatic log upload has been configured.\"\n },\n {\n \"maxScore\": 5,\n \"control\": \"CustomerLockBoxEnabled\",\n \"description\": \"Turning on the customer lockbox feature requires that approval is obtained for datacenter operations that grants a Microsoft employee direct access to your content. Access may be needed by Microsoft support engineers if an issue arises. There's an expiration time on the request and content access is removed after the support engineer has fixed the issue.\",\n \"remediation\": \"Turn on customer lockbox by going to the Microsoft 365 admin center and then navigating to Settings > Security & privacy. Select the Edit button to require approval for all data access requests.\"\n },\n {\n \"maxScore\": 1,\n \"control\": \"RoleOverlap\",\n \"description\": \"Limited administrators are users who have more privileges than standard users, but not as many privileges as global admins. Leveraging limited administrator roles to perform required administrative work reduces the number of high value, high impact global admin role holders you have. Assigning users roles like Password Administrator or Exchange Online Administrator, instead of Global Administrator, reduces the likelihood of a global administrative privileged account being breached.\",\n \"remediation\": \"Designate alternate roles for global admins in the Microsoft 365 admin center by going to \\\"Active users\\\" so admins can complete necessary tasks with the least amount of privilege required. For example, if a user is primarily responsible for Exchange Online administration, they should be assigned that role instead. Be sure to have at least two global admins designated to allow for full access to the network if one of the accounts is compromised.\"\n },\n {\n \"maxScore\": 1,\n \"control\": \"meeting_restrictanonymousjoin_v1\",\n \"description\": \"By restricting anonymous users from joining Microsoft Teams meetings, you have full control over meeting access. Anonymous users may not be from your organization and could have joined for malicious purposes, such as gaining information about your organization through conversations.\",\n \"remediation\": \"1. Log into Microsoft Teams admin center
2. In the left navigation, go to Meetings > Meeting Settings
3. Under the Participants section, toggle “Anonymous users can join a meeting” to Off\\r\\n \"\n }\n ]\n }\n}"},{"id":"d0989171-54dd-4819-a4d9-350b360bf30c","name":"Success (After Snowflake)","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{CUSTOMER_API_URL}}/v2/account/:id/office","host":["{{CUSTOMER_API_URL}}"],"path":["v2","account",":id","office"],"variable":[{"key":"id","value":"23114","description":"[Required] The account id."}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Cowboy"},{"key":"Connection","value":"keep-alive"},{"key":"X-Powered-By","value":"Express"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"70249"},{"key":"Etag","value":"W/\"11269-w9GXC8M28Iot4qsdsUyCU9cG7c0\""},{"key":"Date","value":"Sun, 17 Jul 2022 17:21:13 GMT"},{"key":"Via","value":"1.1 vegur"}],"cookie":[],"responseTime":null,"body":"{\n \"secureScoreProgress\": {\n \"startDate\": \"2022-06-04T00:00:00.000Z\",\n \"endDate\": \"2022-07-15T00:00:00.000Z\",\n \"totalDays\": 40,\n \"minScore\": 44.85,\n \"maxScore\": 48.92,\n \"averageScore\": 48.36,\n \"data\": [\n {\n \"detectionDate\": \"2022-06-04T00:00:00.000Z\",\n \"secureScorePercentage\": 36.76\n },\n {\n \"detectionDate\": \"2022-06-05T00:00:00.000Z\",\n \"secureScorePercentage\": 36.76\n },\n {\n \"detectionDate\": \"2022-06-06T00:00:00.000Z\",\n \"secureScorePercentage\": 36.76\n },\n {\n \"detectionDate\": \"2022-06-07T00:00:00.000Z\",\n \"secureScorePercentage\": 36.76\n },\n {\n \"detectionDate\": \"2022-06-08T00:00:00.000Z\",\n \"secureScorePercentage\": 36.76\n },\n {\n \"detectionDate\": \"2022-06-11T00:00:00.000Z\",\n \"secureScorePercentage\": 37.63\n },\n {\n \"detectionDate\": \"2022-06-12T00:00:00.000Z\",\n \"secureScorePercentage\": 37.63\n },\n {\n \"detectionDate\": \"2022-06-13T00:00:00.000Z\",\n \"secureScorePercentage\": 37.63\n },\n {\n \"detectionDate\": \"2022-06-14T00:00:00.000Z\",\n \"secureScorePercentage\": 37.63\n },\n {\n \"detectionDate\": \"2022-06-15T00:00:00.000Z\",\n \"secureScorePercentage\": 37.63\n },\n {\n \"detectionDate\": \"2022-06-16T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-06-17T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-06-18T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-06-19T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-06-20T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-06-21T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-06-22T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-06-23T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-06-24T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-06-25T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-06-26T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-06-27T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-06-28T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-06-29T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-06-30T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-07-01T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-07-02T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-07-03T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-07-04T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-07-05T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-07-06T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-07-07T00:00:00.000Z\",\n \"secureScorePercentage\": 37.58\n },\n {\n \"detectionDate\": \"2022-07-08T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-07-09T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-07-10T00:00:00.000Z\",\n \"secureScorePercentage\": 37.61\n },\n {\n \"detectionDate\": \"2022-07-11T00:00:00.000Z\",\n \"secureScorePercentage\": 37.55\n },\n {\n \"detectionDate\": \"2022-07-12T00:00:00.000Z\",\n \"secureScorePercentage\": 37.55\n },\n {\n \"detectionDate\": \"2022-07-13T00:00:00.000Z\",\n \"secureScorePercentage\": 37.55\n },\n {\n \"detectionDate\": \"2022-07-14T00:00:00.000Z\",\n \"secureScorePercentage\": 37.55\n },\n {\n \"detectionDate\": \"2022-07-15T00:00:00.000Z\",\n \"secureScorePercentage\": 37.52\n }\n ]\n },\n \"monitoredAccounts\": {\n \"total\": 1,\n \"data\": [\n {\n \"id\": \"DontHackME@rocketcyber.com\",\n \"mfaStatus\": \"unknown\",\n \"licenses\": [\n \"TEAMS_EXPLORATORY\"\n ]\n }\n ]\n },\n \"secureScoreToDo\": {\n \"total\": 22,\n \"data\": [\n {\n \"maxScore\": 50,\n \"control\": \"AdminMFAV2\",\n \"description\": \"Requiring multi-factor authentication (MFA) for all administrative roles makes it harder for attackers to access accounts. Administrative roles have higher permissions than typical users. If any of those accounts are compromised, critical devices and data is open to attack.\\n \",\n \"remediation\": \"Set up Azure Multi-Factor Authentication policies to protect devices and data that are accessible by your users with administrative roles

In the Azure portal Conditional Access page
1. Select + New Policy
2. Go to Assignments > Users and groups > Include > Select users and groups > check Directory roles
3. At a minimum, select the following roles:

Security administrator
Exchange service administrator
Global administrator
Conditional Access Administrator
SharePoint administrator
Helpdesk Administrator
Billing Administrator
User administrator
Authentication Administrator

4. Go to Cloud apps or actions > Cloud apps > Include > select All cloud apps (and don't exclude any apps)
5. Under Access controls > Grant > select Grant Access > check Require multi-factor authentication (and nothing else)
6. Enable policy > On
7. Create\"\n },\n {\n \"maxScore\": 30,\n \"control\": \"UserRiskPolicy\",\n \"description\": \"With the user risk policy turned on, Azure Active Directory detects the probability that a user account has been compromised. As an administrator, you can configure a user risk conditional access policy to automatically respond to a specific user risk level. For example, you can block access to your resources or require a password change to get a user account back into a clean state.\",\n \"remediation\": \"In Azure AD Identity Protection you can configure the user risk remediation policy. For the users in this policy, you need to set the conditions (risk level) under which the policy triggers and whether access is blocked when the policy is triggered. Switch the state of the policy to ON.\"\n },\n {\n \"maxScore\": 30,\n \"control\": \"MFARegistrationV2\",\n \"description\": \"Multi-factor authentication (MFA) helps protect devices and data that are accessible to these users. Adding more authentication methods, such as the Microsoft Authenticator app or a phone number, increases the level of protection if one factor is compromised.\",\n \"remediation\": \"In the Azure portal Conditional Access page
1. Select +New policy
2. Cloud apps > All cloud apps (and don't exclude any apps)
3. Conditions > Client apps > Configure (Yes)
4. Grant > Require multi-factor authentication (and nothing else)
5. Select only the following: Browser, Mobile apps and desktop clients, Modern authentication clients, Exchange ActiveSync clients, Other clients
6. Enable policy > On
7. Create

Optionally, if you have Azure AD Premium P2, you can set up an Azure Multi-Factor Authentication registration policy to help you manage the rollout of Azure MFA in your environment.
In the Azure portal, configure the MFA registration policy by going to the MFA registration page.
1. Under Assignments > Users - Choose All users or choose Select individuals and groups if limiting your rollout
2. Under Controls - Ensure the checkbox Require Azure MFA registration is checked and choose Select
3. Enforce policy > On
4. Save\"\n },\n {\n \"maxScore\": 30,\n \"control\": \"MFARegistrationV2\",\n \"description\": null,\n \"remediation\": \"In the Azure portal Conditional Access page
1. Select +New policy
2. Cloud apps > All cloud apps (and don't exclude any apps)
3. Conditions > Client apps > Configure (Yes)
4. Grant > Require multi-factor authentication (and nothing else)
5. Select only the following: Browser, Mobile apps and desktop clients, Modern authentication clients, Exchange ActiveSync clients, Other clients
6. Enable policy > On
7. Create

Optionally, if you have Azure AD Premium P2, you can set up an Azure Multi-Factor Authentication registration policy to help you manage the rollout of Azure MFA in your environment.
In the Azure portal, configure the MFA registration policy by going to the MFA registration page.
1. Under Assignments > Users - Choose All users or choose Select individuals and groups if limiting your rollout
2. Under Controls - Ensure the checkbox Require Azure MFA registration is checked and choose Select
3. Enforce policy > On
4. Save\"\n },\n {\n \"maxScore\": 30,\n \"control\": \"MFARegistrationV2\",\n \"description\": \"Multi-factor authentication (MFA) helps protect devices and data that are accessible to these users. Adding more authentication methods, such as the Microsoft Authenticator app or a phone number, increases the level of protection if one factor is compromised.\",\n \"remediation\": \"In the Azure portal Conditional Access page
1. Select +New policy
2. Cloud apps > All cloud apps (and don't exclude any apps)
3. Conditions > Client apps > Configure (Yes)
4. Grant > Require multi-factor authentication (and nothing else)
5. Select only the following: Browser, Mobile apps and desktop clients, Modern authentication clients, Exchange ActiveSync clients, Other clients
6. Enable policy > On
7. Create

Optionally, if you have Azure AD Premium P2, you can set up an Azure Multi-Factor Authentication registration policy to help you manage the rollout of Azure MFA in your environment.
In the Azure portal, configure the MFA registration policy by going to the MFA registration page.
1. Under Assignments > Users - Choose All users or choose Select individuals and groups if limiting your rollout
2. Under Controls - Ensure the checkbox Require Azure MFA registration is checked and choose Select
3. Enforce policy > On
4. Save\"\n },\n {\n \"maxScore\": 30,\n \"control\": \"MFARegistrationV2\",\n \"description\": \"Multi-factor authentication (MFA) helps protect devices and data that are accessible to these users. Adding more authentication methods, such as the Microsoft Authenticator app or a phone number, increases the level of protection if one factor is compromised.\",\n \"remediation\": \"In the Azure portal Conditional Access page
1. Select +New policy
2. Cloud apps > All cloud apps (and don't exclude any apps)
3. Conditions > Client apps > Configure (Yes)
4. Grant > Require multi-factor authentication (and nothing else)
5. Select only the following: Browser, Mobile apps and desktop clients, Modern authentication clients, Exchange ActiveSync clients, Other clients
6. Enable policy > On
7. Create

Optionally, if you have Azure AD Premium P2, you can set up an Azure Multi-Factor Authentication registration policy to help you manage the rollout of Azure MFA in your environment.
In the Azure portal, configure the MFA registration policy by going to the MFA registration page.
1. Under Assignments > Users - Choose All users or choose Select individuals and groups if limiting your rollout
2. Under Controls - Ensure the checkbox Require Azure MFA registration is checked and choose Select
3. Enforce policy > On
4. Save\"\n },\n {\n \"maxScore\": 30,\n \"control\": \"SigninRiskPolicy\",\n \"description\": \"Turning on the sign-in risk policy ensures that suspicious sign-ins are challenged for multi-factor authentication (MFA).\",\n \"remediation\": \"In Azure AD Identity Protection you can configure the sign-in risk remediation policy. For the users in this policy, you need to set the conditions (risk level) under which the policy triggers. Switch the state of the policy to ON. It is important to configure the MFA registration policy for all users who are a part of the sign-in risk policy to ensure that they have registered MFA.\"\n },\n {\n \"maxScore\": 30,\n \"control\": \"MFARegistrationV2\",\n \"description\": \"Multi-factor authentication (MFA) helps protect devices and data that are accessible to these users. Adding more authentication methods, such as the Microsoft Authenticator app or a phone number, increases the level of protection if one factor is compromised.\",\n \"remediation\": \"In the Azure portal Conditional Access page
1. Select +New policy
2. Cloud apps > All cloud apps (and don't exclude any apps)
3. Conditions > Client apps > Configure (Yes)
4. Grant > Require multi-factor authentication (and nothing else)
5. Select only the following: Browser, Mobile apps and desktop clients, Modern authentication clients, Exchange ActiveSync clients, Other clients
6. Enable policy > On
7. Create

Optionally, if you have Azure AD Premium P2, you can set up an Azure Multi-Factor Authentication registration policy to help you manage the rollout of Azure MFA in your environment.
In the Azure portal, configure the MFA registration policy by going to the MFA registration page.
1. Under Assignments > Users - Choose All users or choose Select individuals and groups if limiting your rollout
2. Under Controls - Ensure the checkbox Require Azure MFA registration is checked and choose Select
3. Enforce policy > On
4. Save\"\n },\n {\n \"maxScore\": 20,\n \"control\": \"McasOAuthAppNotification\",\n \"description\": \"OAuth app policies can help you manage app permission and notify you when a user or an admin consents to a new Open Authorization (OAuth) app. With this information, you can investigate which permissions each app requested and which users authorized them.\",\n \"remediation\": \"Create an OAuth app policy through Cloud App Security. In the policy page you can create filters and manage alert creation.\"\n },\n {\n \"maxScore\": 20,\n \"control\": \"BlockLegacyAuthentication\",\n \"description\": \"Today, most compromising sign-in attempts come from legacy authentication. Older office clients such as Office 2010 don’t support modern authentication and use legacy protocols such as IMAP, SMTP, and POP3. Legacy authentication does not support multi-factor authentication (MFA). Even if an MFA policy is configured in your environment, bad actors can bypass these enforcements through legacy protocols.\",\n \"remediation\": \"In the Azure AD conditional access portal
1. Select +New policy
2. Conditions > Client Apps > Configure (Yes)
3. Select only Mobile apps and desktop clients and Other clients
4. Next go to Grant > Block access.
5. Enable policy > On
6. Create.\"\n },\n {\n \"maxScore\": 15,\n \"control\": \"McasCloudAppNotification\",\n \"description\": \"App discovery policies can notify you when new apps or abnormal usage is observed within your organization, based on traffic logs data.\",\n \"remediation\": \"Create an app discovery policy through Cloud App Security. In the policy page you can create filters and manage alert creation.\"\n },\n {\n \"maxScore\": 10,\n \"control\": \"PasswordHashSync\",\n \"description\": \"Password hash synchronization is one of the sign-in methods used to accomplish hybrid identity. Azure AD Connect synchronizes a hash, of the hash, of a user's password from an on-premises Active Directory instance to a cloud-based Azure AD instance. Password hash synchronization helps by reducing the number of passwords your users need to maintain to just one. Enabling password hash synchronization also allows for leaked credential reporting.\",\n \"remediation\": \"To use password hash synchronization in your organization, you need to install Azure AD Connect and configure directory synchronization between your on-premises Active Directory instance and your Azure Active Directory instance. The \\\"Enable password hash synchronization\\\" documentation explains password hash synchronization and how to enable it.\"\n },\n {\n \"maxScore\": 10,\n \"control\": \"McasCutomActivityPolicy\",\n \"description\": \"Activity policies help you monitor specific activities carried out by users, or follow unexpectedly high rates of certain types of activities. After you set an activity detection policy, it starts to generate alerts. Alerts are only generated on activities that occur after you create the policy.\",\n \"remediation\": \"Create an activity policy within Cloud App Security to specify user and activity attributes, and define alert & governance settings.\"\n },\n {\n \"maxScore\": 10,\n \"control\": \"IntegratedApps\",\n \"description\": \"Tighten the security of your services by regulating the access of third-party integrated apps. Only allow access to necessary apps that support robust security controls. Third-party applications are not created by Microsoft, so there is a possibility they could be used for malicious purposes like exfiltrating data from your tenancy. Attackers can maintain persistent access to your services through these integrated apps, without relying on compromised accounts.\",\n \"remediation\": \"To prevent users in your organization from allowing third-party apps to access their Office 365 info, go to the Microsoft 365 admin center and then navigate to Settings > Services & add-ins. Select Integrated Apps and clear the associated check box.\"\n },\n {\n \"maxScore\": 10,\n \"control\": \"PWAgePolicyNew\",\n \"description\": \"Research has found that when periodic password resets are enforced, passwords become less secure. Users tend to pick a weaker password and vary it slightly for each reset. If a user creates a strong password (long, complex and without any pragmatic words present) it should remain just as strong in the future as it is today. It is Microsoft's official security position to not expire passwords periodically without a specific reason, and recommends that cloud-only tenants set the password policy to never expire.\",\n \"remediation\": \"In the Microsoft 365 admin center go to Settings > Security & privacy. Then Edit the password policy to never let passwords expire. You must be a global admin to edit the password policy.\"\n },\n {\n \"maxScore\": 5,\n \"control\": \"TLSDeprecation\",\n \"description\": \"Review all your clients to check which ones use TLS 1.0/1.1 and 3DES to communicate with Office 365. The goal is to upgrade your clients to move away from using weaker protocols and cipher. You can access a report showing all the TLS 1.0/1.1 and 3DES connections in your tenants grouped by user and agent information. After all your clients are migrated and the usage below is zero, you will be awarded full points. \",\n \"remediation\": \"All clients using TLS 1.0/1.1 and 3DES to connect to Office 365 need to be upgraded to better protocols (TLS 1.2 or higher) and cipher. In the Microsoft Service Trust Portal, download the TLS depreciation report to see the details of your TLS and 3DES usage. \"\n },\n {\n \"maxScore\": 5,\n \"control\": \"OneAdmin\",\n \"description\": \"Having more than one global administrator helps if you are unable to fulfill the needs or obligations of your organization. It's important to have a delegate or an emergency account someone from your team can access if necessary. It also allows admins the ability to monitor each other for signs of a breach.\",\n \"remediation\": \"Manage user permissions and assign global admin roles in the Microsoft 365 admin center by going to \\\"Active users.\\\" Elevating any users/custom admins to global admins gives them access to all administrative features, including the ability to assign admin roles to other users. We recommend you enforce secure account authentication (for example, MFA) with global admins, because they have more permissions that an attacker can use in the event of a breach. Remember to designate fewer than 5 global admins in your organization to reduce the likelihood of admin accounts being compromised.\"\n },\n {\n \"maxScore\": 5,\n \"control\": \"SelfServicePasswordReset\",\n \"description\": \"With self-service password reset in Azure Active Directory, users no longer need to engage help desk to reset passwords. This feature works well with Azure AD dynamically banned passwords, which prevents easily guessable passwords from being used.\",\n \"remediation\": \"In the Password Reset Azure AD blade you can enable self-service password reset. On the properties page, select All or Selected to choose the users to apply your policy to. Configure your authentication methods for users to reset their passwords. On the Registration page, select Yes under \\\"Require users to register when signing in\\\" and set a number of days before users are asked to re-confirm their authentication information.\"\n },\n {\n \"maxScore\": 5,\n \"control\": \"McasFirewallLogUpload\",\n \"description\": \"Log collectors provide visibility into cloud app usage so you can identify if there are any apps that run without official approval, or if there is anomalous behavior. Log collectors automatically upload reports and parse the firewall/ proxy traffic logs to see if there is a match with your services in the Cloud App Catalog.\",\n \"remediation\": \"Create and manage your organization's data sources in the Automatic log upload page in Cloud Discovery. Make sure you have already created a snapshot Cloud Discovery report, as it's important to upload a log manually and let Microsoft Cloud App Security parse it before trying to use the automatic log collector. After you are ready to do an automatic log upload, define connectivity settings with on-premises firewall appliances by selecting Add data source. Next, use log collectors to easily automate log upload from firewall appliances in your network. Your tenant will have continuous discovery reports when automatic log upload has been configured.\"\n },\n {\n \"maxScore\": 5,\n \"control\": \"CustomerLockBoxEnabled\",\n \"description\": \"Turning on the customer lockbox feature requires that approval is obtained for datacenter operations that grants a Microsoft employee direct access to your content. Access may be needed by Microsoft support engineers if an issue arises. There's an expiration time on the request and content access is removed after the support engineer has fixed the issue.\",\n \"remediation\": \"Turn on customer lockbox by going to the Microsoft 365 admin center and then navigating to Settings > Security & privacy. Select the Edit button to require approval for all data access requests.\"\n },\n {\n \"maxScore\": 1,\n \"control\": \"RoleOverlap\",\n \"description\": \"Limited administrators are users who have more privileges than standard users, but not as many privileges as global admins. Leveraging limited administrator roles to perform required administrative work reduces the number of high value, high impact global admin role holders you have. Assigning users roles like Password Administrator or Exchange Online Administrator, instead of Global Administrator, reduces the likelihood of a global administrative privileged account being breached.\",\n \"remediation\": \"Designate alternate roles for global admins in the Microsoft 365 admin center by going to \\\"Active users\\\" so admins can complete necessary tasks with the least amount of privilege required. For example, if a user is primarily responsible for Exchange Online administration, they should be assigned that role instead. Be sure to have at least two global admins designated to allow for full access to the network if one of the accounts is compromised.\"\n },\n {\n \"maxScore\": 1,\n \"control\": \"meeting_restrictanonymousjoin_v1\",\n \"description\": \"By restricting anonymous users from joining Microsoft Teams meetings, you have full control over meeting access. Anonymous users may not be from your organization and could have joined for malicious purposes, such as gaining information about your organization through conversations.\",\n \"remediation\": \"1. Log into Microsoft Teams admin center
2. In the left navigation, go to Meetings > Meeting Settings
3. Under the Participants section, toggle “Anonymous users can join a meeting” to Off\\r\\n \"\n }\n ]\n }\n}"}],"_postman_id":"72df9d14-17f2-4239-8d0c-3464a4005e42"}],"id":"729ce267-bc6a-48c4-9f64-05bdc238d711","_postman_id":"729ce267-bc6a-48c4-9f64-05bdc238d711","description":"","auth":{"type":"bearer","bearer":{"token":""},"isInherited":true,"source":{"_postman_id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","name":"Customer API","type":"collection"}}},{"name":"v3","item":[{"name":"/agents","id":"3828523f-9bfa-4552-b818-033bcb35e06b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v3/agents","description":"

The agents endpoint returns all the device information for all devices associated to the account ID provided.

\n","auth":{"type":"bearer","bearer":{"token":""},"isInherited":true,"source":{"_postman_id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","name":"Customer API","type":"collection"}},"urlObject":{"path":["v3","agents"],"host":["{{CUSTOMER_API_URL}}"],"query":[{"disabled":true,"key":"id","value":""},{"disabled":true,"key":"hostname","value":"*-REL-*"},{"disabled":true,"key":"hostname","value":"test-PC"},{"disabled":true,"key":"ip","value":"132.1.1.1"},{"disabled":true,"key":"created","value":"2022-06-18T05:00:00.000Z|"},{"disabled":true,"key":"os","value":"Windows*"},{"disabled":true,"key":"version","value":"Server 2019"},{"disabled":true,"key":"connectivity","value":"online"},{"disabled":true,"key":"sort","value":"accountId:desc"},{"disabled":true,"key":"sort","value":"hostname"},{"disabled":true,"key":"page","value":"1"},{"disabled":true,"key":"accountId","value":"2"},{"disabled":true,"key":"accountId","value":"3"},{"disabled":true,"key":"config","value":"true"}],"variable":[]}},"response":[],"_postman_id":"3828523f-9bfa-4552-b818-033bcb35e06b"},{"name":"/firewalls","id":"6993f073-bb31-4226-b76c-836e9055cd83","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v3/firewalls","auth":{"type":"bearer","bearer":{"token":""},"isInherited":true,"source":{"_postman_id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","name":"Customer API","type":"collection"}},"urlObject":{"path":["v3","firewalls"],"host":["{{CUSTOMER_API_URL}}"],"query":[{"disabled":true,"description":{"content":"

string -- details.device_id

\n","type":"text/plain"},"key":"deviceId","value":"afgasdasd1241231254123"},{"disabled":true,"description":{"content":"

string -- details.ip

\n","type":"text/plain"},"key":"ipAddress","value":""},{"disabled":true,"description":{"content":"

string -- details.mac

\n","type":"text/plain"},"key":"macAddress","value":""},{"disabled":true,"description":{"content":"

string -- details.type

\n","type":"text/plain"},"key":"type","value":""},{"disabled":true,"description":{"content":"

boolean (defaults to false if not included in the query params)

\n","type":"text/plain"},"key":"config","value":"true"},{"disabled":true,"description":{"content":"

number (positive) - defaults to 1 if not included in query params

\n","type":"text/plain"},"key":"page","value":""},{"disabled":true,"description":{"content":"

number (positive) - defaults to 1000 if not included in query params

\n","type":"text/plain"},"key":"pageSize","value":""},{"disabled":true,"description":{"content":"

[key]:[asc or desc] -- defaults to asc

\n","type":"text/plain"},"key":"sort","value":""},{"disabled":true,"key":"accountId","value":"2"},{"disabled":true,"key":"counters","value":"true"}],"variable":[]}},"response":[],"_postman_id":"6993f073-bb31-4226-b76c-836e9055cd83"},{"name":"/events","id":"8e4a6280-ad16-49a2-8a26-b1253997770c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"token":""},"isInherited":false},"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v3/events?appId=21&pageSize=1","description":"

The events endpoint returns event information for all events associated to the account ID provided.

\n","urlObject":{"path":["v3","events"],"host":["{{CUSTOMER_API_URL}}"],"query":[{"disabled":true,"key":"accountId","value":"1"},{"key":"appId","value":"21"},{"disabled":true,"key":"userId","value":"11"},{"disabled":true,"key":"dates","value":"2022-07-01|"},{"disabled":true,"key":"sort","value":"dates:desc"},{"disabled":true,"key":"config","value":"true"},{"disabled":true,"key":"verdict","value":"suspicious"},{"disabled":true,"key":"page","value":"1"},{"disabled":true,"key":"pageSize","value":"20"},{"disabled":true,"key":"sort","value":"deviceId:desc"},{"disabled":true,"key":"deviceId","value":"124123154aadasd11"},{"disabled":true,"key":"details","value":"attributes.city:Redmond"},{"key":"pageSize","value":"1"}],"variable":[]}},"response":[],"_postman_id":"8e4a6280-ad16-49a2-8a26-b1253997770c"},{"name":"/events/with queries","id":"6ce5b7c4-ab98-434c-b369-5a36dfddeb8f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v3/events?config=true&appId=173&accountId=2&page=1&pageSize=20","description":"

The events endpoint returns event information for all events associated to the account ID provided.

The account endpoint returns account information for the given account ID.

[Optional] The account ID to pull data for.\nNOTE: If not provided, data will be pulled for all data accessible by the bearer token.

\n","type":"text/plain"},"key":"accountId","value":"2"}],"variable":[]}},"response":[],"_postman_id":"21b4f765-fb12-462a-bcb4-fedd78d4fde0"},{"name":"/office","id":"aeea8b6c-3fd4-4c61-b113-f3e115d6ac62","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v3/office?accountId=2","auth":{"type":"bearer","bearer":{"token":""},"isInherited":true,"source":{"_postman_id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","name":"Customer API","type":"collection"}},"urlObject":{"path":["v3","office"],"host":["{{CUSTOMER_API_URL}}"],"query":[{"description":{"content":"

[Optional] The account ID to pull data for.\nNOTE: If not provided, data will be pulled for all data accessible by the bearer token.

\n","type":"text/plain"},"key":"accountId","value":"2"}],"variable":[]}},"response":[],"_postman_id":"aeea8b6c-3fd4-4c61-b113-f3e115d6ac62"},{"name":"/account","id":"df977a5d-f245-4211-bb85-46e0afaa1587","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"token":""},"isInherited":false},"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v3/account?accountId=2&details=false","urlObject":{"path":["v3","account"],"host":["{{CUSTOMER_API_URL}}"],"query":[{"description":{"content":"

[Optional] The account ID to pull data for.\nNOTE: If not provided, data will be pulled for all accounts accessible by the bearer token.

\n","type":"text/plain"},"key":"accountId","value":"2"},{"key":"details","value":"false"}],"variable":[]}},"response":[],"_postman_id":"df977a5d-f245-4211-bb85-46e0afaa1587"},{"name":"/defender","id":"9d3b3952-aa1d-4973-9215-28e0e8323fe8","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v3/defender?accountId=2","auth":{"type":"bearer","bearer":{"token":""},"isInherited":true,"source":{"_postman_id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","name":"Customer API","type":"collection"}},"urlObject":{"path":["v3","defender"],"host":["{{CUSTOMER_API_URL}}"],"query":[{"key":"accountId","value":"2"}],"variable":[]}},"response":[],"_postman_id":"9d3b3952-aa1d-4973-9215-28e0e8323fe8"},{"name":"/apps","id":"a3cb76b0-4397-4c6e-bb79-c241daa07122","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v3/apps?accountId=2","auth":{"type":"bearer","bearer":{"token":""},"isInherited":true,"source":{"_postman_id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","name":"Customer API","type":"collection"}},"urlObject":{"path":["v3","apps"],"host":["{{CUSTOMER_API_URL}}"],"query":[{"disabled":true,"description":{"content":"

[Optional] The apps will be in sorted based on this property.\nDefault: id\nOptions: id, name

\n","type":"text/plain"},"key":"sort","value":"name"},{"disabled":true,"description":{"content":"

[Optional] Required if sortBy defined. Determine the order of the sort either descending or ascending.\nDefault: asc\nOptions: asc, desc

\n","type":"text/plain"},"key":"order","value":"desc"},{"disabled":true,"description":{"content":"

[Optional] The type of apps to request.\nDefault: active\nOptions: active, inactive

\n","type":"text/plain"},"key":"status","value":"inactive"},{"key":"accountId","value":"2"}],"variable":[]}},"response":[],"_postman_id":"a3cb76b0-4397-4c6e-bb79-c241daa07122"},{"name":"/incidents","id":"7ac12e38-0942-4d10-b1c3-6a19812de317","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"token":""},"isInherited":false},"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v3/incidents?accountId=2&page=1&pageSize=10&sort=createdAt&order=ASC","urlObject":{"path":["v3","incidents"],"host":["{{CUSTOMER_API_URL}}"],"query":[{"disabled":true,"key":"status","value":"suppressed"},{"disabled":true,"key":"sort","value":"autotaskId:desc"},{"disabled":true,"key":"sort","value":"createdAt:desc"},{"disabled":true,"key":"id","value":"607945"},{"disabled":true,"key":"title","value":""},{"disabled":true,"key":"description","value":""},{"disabled":true,"key":"createdAt","value":""},{"disabled":true,"key":"publishedAt","value":""},{"disabled":true,"key":"resolvedAt","value":""},{"disabled":true,"key":"remediation","value":""},{"disabled":true,"key":"config","value":"true"},{"key":"accountId","value":"2"},{"key":"page","value":"1"},{"key":"pageSize","value":"10"},{"key":"sort","value":"createdAt"},{"key":"order","value":"ASC"}],"variable":[]}},"response":[],"_postman_id":"7ac12e38-0942-4d10-b1c3-6a19812de317"},{"name":"/reportApi","id":"2cf71992-b85c-45f6-868f-79fef3544643","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"source-key","value":"84c33c4600204E698E9r578913aED601","description":"

console-report-key

\n","type":"text"}],"url":"{{CUSTOMER_API_URL}}/v3/reportApi?userId=3389&fileType=csv&itemType=events&accountId=2&appId=5&dates=2022-04-12|2022-05-11","auth":{"type":"bearer","bearer":{"token":""},"isInherited":true,"source":{"_postman_id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","name":"Customer API","type":"collection"}},"urlObject":{"path":["v3","reportApi"],"host":["{{CUSTOMER_API_URL}}"],"query":[{"key":"userId","value":"3389"},{"description":{"content":"

csv, json

\n","type":"text/plain"},"key":"fileType","value":"csv"},{"description":{"content":"

incidents, agents, firewalls, events, suppressionRules

\n","type":"text/plain"},"key":"itemType","value":"events"},{"disabled":true,"key":"title","value":"*Office*"},{"disabled":true,"key":"description","value":"*administrative*"},{"disabled":true,"key":"remediation","value":"*permission."},{"disabled":true,"key":"createdAt","value":"|2022-05-01"},{"disabled":true,"key":"ruleName","value":"2022-01-01|"},{"key":"accountId","value":"2"},{"disabled":true,"key":"ipAddress","value":"64*"},{"key":"appId","value":"5"},{"disabled":true,"key":"id","value":""},{"disabled":true,"key":"deviceId","value":""},{"disabled":true,"key":"eventId","value":"4625"},{"disabled":true,"key":"creatorId","value":"2360"},{"key":"dates","value":"2022-04-12|2022-05-11"}],"variable":[]}},"response":[],"_postman_id":"2cf71992-b85c-45f6-868f-79fef3544643"},{"name":"/reportApi-type","id":"c5a57113-3efc-4456-8bf8-f05dfd2ee931","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"source-key","value":"84c33c4600204E698E9r578913aED601","description":"

console-report-key

\n","type":"text"}],"url":"{{CUSTOMER_API_URL}}/v3/reportApi?userId=123&fileType=csv&itemType=events&accountId=2&appId=2","auth":{"type":"bearer","bearer":{"token":""},"isInherited":true,"source":{"_postman_id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","name":"Customer API","type":"collection"}},"urlObject":{"path":["v3","reportApi"],"host":["{{CUSTOMER_API_URL}}"],"query":[{"key":"userId","value":"123"},{"description":{"content":"

csv, json

\n","type":"text/plain"},"key":"fileType","value":"csv"},{"description":{"content":"

incidents, agents, firewalls, events

\n","type":"text/plain"},"key":"itemType","value":"events"},{"disabled":true,"key":"title","value":"*Office*"},{"disabled":true,"key":"description","value":"*administrative*"},{"disabled":true,"key":"remediation","value":"*permission."},{"disabled":true,"key":"createdAt","value":"|2022-05-01"},{"disabled":true,"key":"","value":"2022-01-01|"},{"key":"accountId","value":"2"},{"disabled":true,"key":"ipAddress","value":"64*"},{"key":"appId","value":"2"}],"variable":[]}},"response":[],"_postman_id":"c5a57113-3efc-4456-8bf8-f05dfd2ee931"},{"name":"/suppression/rules","id":"555cedb5-c315-4783-a645-1227741a27e0","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v3/suppression/rules?config=true&sort=ruleId:desc&sort=modifiedBy:asc&userId=335&status=active&ruleId=100&ruleName=brett&accountId=14559&stopDate=2023-01-01|&modifiedBy=563&updatedAt=|2023-03-22&ruleName=tony","auth":{"type":"bearer","bearer":{"token":""},"isInherited":true,"source":{"_postman_id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","name":"Customer API","type":"collection"}},"urlObject":{"path":["v3","suppression","rules"],"host":["{{CUSTOMER_API_URL}}"],"query":[{"description":{"content":"

[Optional] true, false\nDefault: false\nIf true, response body will contain the config object

\n","type":"text/plain"},"key":"config","value":"true"},{"disabled":true,"description":{"content":"

[Optional] The target page of data. This is used with pageSize parameter to determine how many and which items to return.\n[Default] 1

\n","type":"text/plain"},"key":"page","value":"2"},{"disabled":true,"description":{"content":"

[Optional] The number of items to return from the data set. This is used with the parameter size to determine how many and which items to return.\n[Default] 1000\n[Max] 1000

\n","type":"text/plain"},"key":"pageSize","value":"1"},{"description":{"content":"

[Optional] The sort order for the items queried.\nFormat: [filter type]:[asc,desc]\nDefaults to asc if none specified

\n","type":"text/plain"},"key":"sort","value":"ruleId:desc"},{"key":"sort","value":"modifiedBy:asc"},{"description":{"content":"

[Optional] If included, timezone conversions will be performed.

\n","type":"text/plain"},"key":"userId","value":"335"},{"description":{"content":"

[Optional] active, expired

\n","type":"text/plain"},"key":"status","value":"active"},{"key":"ruleId","value":"100"},{"key":"ruleName","value":"brett"},{"key":"accountId","value":"14559"},{"description":{"content":"

[Optional] This returns suppression rules that expire between the start and end date.\nNOTE: Both the start and end dates are optional, but at least one is required to use this parameter.\nFormat: start date | stop date

\n","type":"text/plain"},"key":"stopDate","value":"2023-01-01|"},{"key":"modifiedBy","value":"563"},{"description":{"content":"

[Optional] This returns suppression rules that were modified between the start and end date.\nNOTE: Both the start and end dates are optional, but at least one is required to use this parameter.\nFormat: start date | stop date

\n","type":"text/plain"},"key":"updatedAt","value":"|2023-03-22"},{"disabled":true,"key":"ruleId","value":"82"},{"key":"ruleName","value":"tony"}],"variable":[]}},"response":[],"_postman_id":"555cedb5-c315-4783-a645-1227741a27e0"},{"name":"/suppression/rule/:ruleId","id":"f1269e41-219b-40b9-b0fd-a9f85ef1b0ae","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{CUSTOMER_API_URL}}/v3/suppression/rule/:ruleId?accountId=2&userId=132","auth":{"type":"bearer","bearer":{"token":""},"isInherited":true,"source":{"_postman_id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","name":"Customer API","type":"collection"}},"urlObject":{"path":["v3","suppression","rule",":ruleId"],"host":["{{CUSTOMER_API_URL}}"],"query":[{"description":{"content":"

OPTIONAL

\n","type":"text/plain"},"key":"accountId","value":"2"},{"key":"userId","value":"132"}],"variable":[{"type":"any","value":"2","key":"ruleId"}]}},"response":[],"_postman_id":"f1269e41-219b-40b9-b0fd-a9f85ef1b0ae"}],"id":"d4541b08-ff0b-44df-a0cf-a0c32f44339d","event":[{"listen":"prerequest","script":{"id":"55d2adf1-3c44-4099-a367-d965e083a4e4","type":"text/javascript","exec":[""]}},{"listen":"test","script":{"id":"360681a6-33e2-4d49-9151-313ad83bc8a7","type":"text/javascript","exec":[""]}}],"_postman_id":"d4541b08-ff0b-44df-a0cf-a0c32f44339d","description":"","auth":{"type":"bearer","bearer":{"token":""},"isInherited":true,"source":{"_postman_id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","id":"15e5f89f-0ca7-4545-9dc3-b15644ddcb77","name":"Customer API","type":"collection"}}}],"auth":{"type":"bearer","bearer":{"token":""}},"event":[{"listen":"prerequest","script":{"id":"70bb9311-b562-43ec-8797-7ed93ea5ae66","type":"text/javascript","exec":[""]}},{"listen":"test","script":{"id":"6277437d-d4e1-4d66-83c3-c36c3b51805a","type":"text/javascript","exec":[""]}}],"variable":[{"key":"customerApiKey","value":"","type":"string"},{"key":"CustomerApiToken","value":"","type":"string"}]}