Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Doc: GYT-TEC-014

Release: 2

Date: 22th November 2023

Easy heading
linkText4
linkText10
linkText3
linkText6
linkText5
relatedLinksLabels
linkText2
linkText1
headingTagsH1,H2,H3
sidebarMaxHeight450
linkType2Page
linkType3Page
linkType1Page
linkType10Page
sidebarTitleON THIS PAGE
linkUrl3
linkUrl4
linkUrl1
linkUrl2
linkUrl10
includedPageModeDisable_Included_Pages
linkText8
linkText7
relatedLinksOrderLabels_First
sidebarModeOpened
headingNumberingModeDisable_Numbering
linkText9
sidebarMarginRight20
relatedLinksTargetNew_Window
relatedLinksTitleRELATED LINKS
linkUrl9
linkUrl7
linkUrl8
numberedHeadingTagsH1,H2,H3
linkUrl5
linkUrl6
linkType8Page
linkType9Page
linkType6Page
headingLinkTextModeWrap
linkType7Page
linkType4Page
linkType5Page
sidebarWidth240
sidebarTop160
headingLinkExpandModeCollapse_All_By_Default
headingLinkIndent10

Introduction

The purpose of this document is to provide instructions to apply API (Application Programming Interface) connection to GYTPOL server from a third-party tools.

Overview

Gytpol API v1.0 covers the following use cases:

...

  • get_miscon_by_computer

  • get_misconfigurations_start to set a filter and get a token for following calls to get_misconfigurations_next

  • get_miscon_computers_start to set a filter and get a token for following calls to get_miscon_computers_next

  • add_to_group - to add computers to your custom group

All methods are POST.

API Keys

All HTTPS requests for REST API functions must include the x-api-key parameter in the request header, as illustrated in the examples below.

...

SaaS customers are advised to reach out to their customer success manager to obtain the necessary x-api-key.

API Port

For On-Prem customers, the default port for API access is 9191. If you wish to use a different port, you can make the adjustment by modifying the port in the file located at c:\gytpol\data\webserv_config.json.

...

For SaaS customers, there is no need to specify a port, as the URL utilizes port 443.

get_miscon_by_computer

This REST API function returns misconfigurations given a computer name and optionally Windows domain name.

Request Structure

JSON string of the following structure:

...

computer

string

mandatory

Computer name

domainName

string

optional

For windows computers, Windows domain name

Response Structure

JSON string of the following structure:

...

computers

object array

latestHostReportingDt

datetime

Latest date and time the computer reported to Gytpol

latestScanDt

datetime

Gytpol client scans computers for misconfigurations and sends the report to Gytpol backend. This is the date and time of the latest misconfiguration scan reported for this computer.

computer

string

Computer name

computerOu

string

Name of organizational unit define on this computer

domainName

string

For windows computers, Windows domain name

clientVer

string

Gytpol client version currently installed on this computer

ipAddress

string

Computer’s IP address

os

string

Computer’s operating system

isVdi

bool

Is this computer a VDI

isServer

bool

Is this computer a server

isDC

bool

Is this computer a domain controller

miscon

object array

Array of misconfigurations reported for this computer

topicCode

string

user

string

Username logged into the computer when this misconfiguration had been found

severity

string

Specifies minimal severity of returned misconfigurations. Supported values are:

Low

Medium

High

addInfo

string

Additional information describing this misconfiguration (this is json string) with \ before “ in order to prevent breaking the structure of the response json

param

string

Parameter providing more details for the misconfiguration

paramExtra

string

Parameter providing even more details for the misconfiguration

isRemediable

bool

Is this misconfiguration remediable

isMuted

bool

Is this misconfiguration muted by one of the mute rules

mutedByRuleId

number

The Id of the mute rule that muted this misconfiguration

hostReportingDt

datetime

Datetime when computer reported this misconfiguration to Gytpol backend

scanTimeDt

datetime

Datetime when Gytpol client installed on the computer found this misconfiguration

Anchor
_Toc151990466
_Toc151990466
Request Example

curl --location --request POST "{BASE-URL}/gytpolapi/v2.0/get_miscon_by_computer" --header "x-api-key: jyUbUQNuVjClzQ5f6sXgmcgGzyoFiaYXA+OvxObvLV8="--data-raw "{ \"computer\": \"YOUR-COMPUTER-NAME\"}"

...

For On-prem customers, please incorporate your port (i.e., 9191) into the BASE-URL as follows: BASE-URL:PORT.

Response Example

{

"computers": [

{

"latestHostReportingDt": "2023-01-17T18:25:05.5389826+02:00",

"latestScanTimeDt": "2023-01-17T18:24:47.4503679+02:00",

"computer": "YOUR-COMPUTER-NAME",

"computerOu": "COMPUTER-OU",

"domainName": "YOUR-DOMAIN-NAME",

"clientVer": "2.26.1.0",

"ipAddress": "10.67.137.160",

"os": "Win 10 Enterprise",

"isVdi": false,

"isServer": false,

"isDC": false,

"miscon": [

{

"topicCode": "gytPSVerIssue",

"user": null,

"severity": "Medium",

"addInfo": "{\"PSversions\":\"2; 5.1.19041.2364\",\"occurrences\":1}",

"param": "2; 5.1.19041.2364",

"paramExtra": null,

"isRemediable": true,

"isMuted": false,

"mutedByRuleId": 0,

"hostReportingDt": "2023-01-17T18:25:05.5389826+02:00",

"scanTimeDt": "2023-01-17T18:24:47.4503679+02:00"

},

{

"topicCode": "gytSmbAnonymous",

"user": null,

"severity": "Medium",

"addInfo": "{\"Current Value\":0,\"Expected Value\":\"1\",\"Registry Name\":\"RestrictAnonymous\",\"Registry Path\":\"HKLM:\\\\System\\\\CurrentControlSet\\\\Control\\\\Lsa\",\"Shares with Everyone\":\"N/A\",\"Shares without Everyone\":\"N/A\",\"occurrences\":1}",

"param": "No shares; The configured value is not secure",

"paramExtra": null,

"isRemediable": true,

"isMuted": false,

"mutedByRuleId": 0,

"hostReportingDt": "2023-01-17T18:25:05.5389826+02:00",

"scanTimeDt": "2023-01-17T18:24:47.4503679+02:00"

}

]

}]

}

HTTP Return Codes

200 Ok

400 Bad Request

401 Unauthorized

429 Too Many Requests

get_misconfigurations_start

Use this function to initiate a series of calls to get misconfigurations by computer.

Request Structure

Request body should contain json object of the following structure:

...

{

"computer": "<string> Optional",

"domainName": "<string> Optional",

"selTarget": "<string> Optional",

"severity": "<string> Optional",

"computerOu": "<string> Optional",

"topicCodes": ["<string> topic code", "<string> topic code"],

"fromHostReportingDt": "<string> that contains datetime Optional",

"toHostReportingDt": "<string> that contains datetime Optional",

"returnMutedTopics": "boolean default is false Optional"

}

Response Structure

token

string

Encrypted string to use for following calls to the get_misconfigurations_next function

Request Example

curl --location --request POST "{BASE-URL}/gytpolapi/v2.0/get_misconfigurations_start" --header "x-api-key: jyUbUQNuVjClzQ5f6sXgmcgGzyoFiaYXA+OvxObvLV8=" --data-raw "{ \"computer\": null, \"domainName\": null, \"selTarget\": null, \"severity\": \"Medium\", \"computerOu\": null, \"topicCodes\": null, \"fromHostReportingDt\": \"2023-01-10T19:43:46+02:00\", \"toHostReportingDt\": null, \"returnMutedTopics\": false}"

...

For On-prem customers, please incorporate your port (i.e., 9191) into the BASE-URL as follows: BASE-URL:PORT.

Response Example

{"token":"7h5vmgiKQgvFiTb3xhrSyum52cbfh77xexcus8kGtOP03mliJxbJL99q8wfC2d8kwpNGXa0QF1VuycY6xnosSJePUkaGGUgCQ61rBmVcJI1J6RkUZMWmmGGD3R/+e9b2SrRlamRNusqUBOCphAeyDpBGb7uliNLpfn7wB2JiDGDJRu73Im6UIt3V7ITZDehfsb+JkWXVLlKNIv9+RvxrBCxVa/7StHvyW10cpGF67P9HfLZFbQOCjFsFOs8Mn6amZJrh1bkpasAblUWI0toXZVrlLHr6lfEYZMRnTadcBNTNIUBBWr6ptLUvdcWqEukmdaBublWIQBpAI++Seqc9rMF2WEex9o2n+5NyQBp8+OnuvsUcUybW/MfjG6J/06d07Tf/ks9mQJgZO2vnuJQAPA=="}

HTTP Return Codes

200 Ok

400 Bad Request

401 Unauthorized

429 Too Many Requests

get_misconfigurations_next

Use this function to initiate a series of calls to get misconfigurations by computer

Request Structure

token

string

Mandatory

Encrypted string to use for following calls to the get_misconfigurations_next function

...

{

"token": "<string> Mandatory

}

Response Structure

computers

object array

Same structure as presented in get_miscon_by_computer Response Structure

Keep calling to get_misconfigurations_next each time with the new token until returned computers array is empty, e.g. []

token

string

Encrypted string to use for following calls to the get_misconfigurations_next function

Request Example

curl --location --request POST "{BASE-URL}/gytpolapi/v2.0/get_misconfigurations_next" --header "x-api-key: jyUbUQNuVjClzQ5f6sXgmcgGzyoFiaYXA+OvxObvLV8=" --data-raw "{ \"token\": \"7h5vmgiKQgvFiTb3xhrSyum52cbfh77xexcus8kGtOP03mliJxbJL99q8wfC2d8kwpNGXa0QF1VuycY6xnosSJePUkaGGUgCQ61rBmVcJI1J6RkUZMWmmGGD3R/+e9b2SrRlamRNusqUBOCphAeyDpBGb7uliNLpfn7wB2JiDGDJRu73Im6UIt3V7ITZDehfsb+JkWXVLlKNIv9+RvxrBCxVa/7StHvyW10cpGF67P9HfLZFbQOCjFsFOs8Mn6amZJrh1bkpasAblUWI0toXZVrlLHr6lfEYZMRnTadcBNTNIUBBWr6ptLUvdcWqEukmdaBublWIQBpAI++Seqc9rMF2WEex9o2n+5NyQBp8+OnuvsUcUybW/MfjG6J/06d07Tf/ks9mQJgZO2vnuJQAPA==\"}"

...

For On-prem customers, please incorporate your port (i.e., 9191) into the BASE-URL as follows: BASE-URL:PORT.

Response Example

{

"computers": “same structure as show in Response Example”,

“token” : “new encrypted string for the following call to get_misconfigurations_next”

}

HTTP Return Codes

200 Ok

400 Bad Request

401 Unauthorized

429 Too Many Requests

get_miscon_computers_start

Use this function to initiate a series of calls to get the list of computers that have misconfigurations. Computers will be returned in alphabetical order:

Request Structure

Request body should contain json object of the following structure:

...

{

"computer": "<string> Optional",

"domainName": "<string> Optional",

"selTarget": "<string> Optional",

"computerOu": "<string> Optional

}

Response Structure

token

string

Encrypted string to use for following calls to the get_misconfigurations_next function

Request Example

curl --location --request POST "{BASE-URL}/gytpolapi/v2.0/get_miscon_computers_start" --header "x-api-key: jyUbUQNuVjClzQ5f6sXgmcgGzyoFiaYXA+OvxObvLV8=" --data-raw "{ \"computer\": null, \"domainName\": null, \"selTarget\": \"Windows Servers\"}"

...

For On-prem customers, please incorporate your port (i.e., 9191) into the BASE-URL as follows: BASE-URL:PORT.

Response Example

{"token":"7h5vmgiKQgvFiTb3xhrSyum52cbfh77xexcus8kGtOP03mliJxbJL99q8wfC2d8kwpNGXa0QF1VuycY6xnosSJePUkaGGUgCQ61rBmVcJI1J6RkUZMWmmGGD3R/+e9b2SrRlamRNusqUBOCphAeyDpBGb7uliNLpfn7wB2JiDGDJRu73Im6UIt3V7ITZDehfsb+JkWXVLlKNIv9+RvxrBCxVa/7StHvyW10cpGF67P9HfLZFbQOCjFsFOs8Mn6amZJrh1bkpasAblUWI0toXZVrlLHr6lfEYZMRnTadcBNTNIUBBWr6ptLUvdcWqEukmdaBublWIQBpAI++Seqc9rMF2WEex9o2n+5NyQBp8+OnuvsUcUybW/MfjG6J/06d07Tf/ks9mQJgZO2vnuJQAPA=="}

HTTP Return Codes

200 Ok

400 Bad Request

401 Unauthorized

429 Too Many Requests

get_miscon_computers_next

Use this function to continue getting results for the list of computers:

Anchor
_Toc151990488
_Toc151990488
Request Structure

token

string

Mandatory

Encrypted string to use for following calls to the get_misconfigurations_next function

...

{

"token": "<string> Mandatory

}

Anchor
_Toc151990489
_Toc151990489
Response Structure

computers

object array

Keep calling to get_miscon_computers_next until empty computers array is returned, e.g. computers[]

latestHostReportingDt

datetime

Latest date and time the computer reported to Gytpol

latestScanDt

datetime

Gytpol client scans computers for misconfigurations and sends the report to Gytpol backend. This is the date and time of the latest misconfiguration scan reported for this computer.

computer

string

Computer name

computerOu

string

Name of organizational unit define on this computer

domainName

string

For windows computers, Windows domain name

clientVer

string

Gytpol client version currently installed on this computer

ipAddress

string

Computer’s IP address

os

string

Computer’s operating system

isVdi

bool

Is this computer a VDI

isServer

bool

Is this computer a server

isDC

bool

Is this computer a domain controller

token

string

Encrypted string to use for following calls to the get_misconfigurations_next function

Request Example

curl --location --request POST "{BASE-URL}/gytpolapi/v2.0/get_miscon_computers_next" --header "x-api-key: jyUbUQNuVjClzQ5f6sXgmcgGzyoFiaYXA+OvxObvLV8=" --data-raw "{ \"token\": \"7h5vmgiKQgvFiTb3xhrSyum52cbfh77xexcus8kGtOP03mliJxbJL99q8wfC2d8kwpNGXa0QF1VuycY6xnosSJePUkaGGUgCQ61rBmVcJI1J6RkUZMWmmGGD3R/+e9b2SrRlamRNusqUBOCphAeyDpBGb7uliNLpfn7wB2JiDGDJRu73Im6UIt3V7ITZDehfsb+JkWXVLlKNIv9+RvxrBCxVa/7StHvyW10cpGF67P9HfLZFbQOCjFsFOs8Mn6amZJrh1bkpasAblUWI0toXZVrlLHr6lfEYZMRnTadcBNTNIUBBWr6ptLUvdcWqEukmdaBublWIQBpAI++Seqc9rMF2WEex9o2n+5NyQBp8+OnuvsUcUybW/MfjG6J/06d07Tf/ks9mQJgZO2vnuJQAPA==\"}"

...

For On-prem customers, please incorporate your port (i.e., 9191) into the BASE-URL as follows: BASE-URL:PORT.

HTTP Return Codes

200 Ok

400 Bad Request

401 Unauthorized

429 Too Many Requests

add_to_group

Use this function to add a computer to a computer group.

Request Structure

groupName

string

Mandatory

Group name

computerName

string

Mandatory

Computer name, case-insensitive

...

error

string

Error string, returned only on error

Request Example

curl --location --request POST "{BASE-URL}/gytpolapi/v2.0/add_to_group" --header "x-api-key: jyUbUQNuVjClzQ5f6sXgmcgGzyoFiaYXA+OvxObvLV8=" --data-raw "{\"groupName\":\"Exchange Servers\",\"computerName\":\"WIN-A951IBBEJC2\"}"

...

For On-prem customers, please incorporate your port (i.e., 9191) into the BASE-URL as follows: BASE-URL:PORT.

HTTP Return Codes

200 Ok

400 Bad Request

401 Unauthorized

...