Get Started with the Endpoint Assets GraphQL API

Important

Before proceeding, complete the API Authentication steps in order to obtain a working client_id and client_secret.

Regions

The URL to access XDR APIs may differ according to the region your environment is deployed in:

• US1— https://api.ctpx.secureworks.com
• US2— https://api.delta.taegis.secureworks.com
• US3— https://api.foxtrot.taegis.secureworks.com
• EU1— https://api.echo.taegis.secureworks.com
• EU2— https://api.golf.taegis.secureworks.com

The examples in this XDR API documentation use https://api.ctpx.secureworks.com throughout. If you are in a different region substitute appropriately.

AssetsV2 Example

query assetsV2($first: Int, $last: Int, $after: String, $before: String, $filter: AssetFilter, $orderBy: AssetSearchOrderByInputV2)
{
    assetsV2(first: $first, last: $last, after: $after, before: $before, filter: $filter, orderBy: $orderBy)
    {
        totalCount assets { id hostId rn tenantId sensorTenant sensorId ingestTime createdAt updatedAt deletedAt lastSeenAt biosSerial firstDiskSerial systemVolumeSerial sensorVersion endpointType endpointPlatform architecture osFamily osVersion osVersionNormalized osDistributor osRelease systemType osCodename kernelRelease kernelVersion isolationStatus desiredIsolationStatus model cloudProviderName cloudInstanceId status unInstallable agentPolicyVersion uninstall hostnames { id createdAt updatedAt hostId hostname } ethernetAddresses { id createdAt updatedAt hostId mac } ipAddresses { id createdAt updatedAt ip hostId } users { id createdAt updatedAt hostId username } tags { id hostId tenantId createdAt updatedAt tag key value isVendorTag } endpointGroup { id name } investigations { id investigationId createdAt updatedAt hostId } vulnerabilityDetails { highCps highCvss vulnerabilityStatus vdrInstance vdrAssetId vdrOrganizationId vdrHostname createdAt updatedAt } agentSettings { id isDefault tenantId name policyName description channel skipUpgrade createdAt updatedAt fileAnalysis { enabled } autoArchive { enabled periodDays } tamperProtection { enabled } maintenanceWindow { enabled } advancedKernelTelemetry { enabled } } connectionDetails { connectionStatus updatedAt lastConnectedTS lastDisconnectedTS lastDisconnectReason lastSeenAt usingSSL remoteIP remotePort } } pageInfo { endCursor startCursor hasNextPage hasPreviousPage }
    }
}

Show Active and Healthy Agents

Show the first three entries of agents with an Active and Healthy state:

query assetsV2($first: Int = 3, $filter: AssetFilter = {assetState: [Active, Healthy]}, $orderBy: AssetSearchOrderByInputV2 = updated_at_desc)
{
    assetsV2(first: $first, filter: $filter, orderBy: $orderBy)
    {
        totalCount assets { id hostId rn tenantId sensorTenant sensorId ingestTime createdAt updatedAt deletedAt lastSeenAt biosSerial firstDiskSerial systemVolumeSerial sensorVersion endpointType endpointPlatform architecture osFamily osVersion osVersionNormalized osDistributor osRelease systemType osCodename kernelRelease kernelVersion isolationStatus desiredIsolationStatus model cloudProviderName cloudInstanceId status unInstallable agentPolicyVersion uninstall hostnames { id createdAt updatedAt hostId hostname } ethernetAddresses { id createdAt updatedAt hostId mac } ipAddresses { id createdAt updatedAt ip hostId } users { id createdAt updatedAt hostId username } tags { id hostId tenantId createdAt updatedAt tag key value isVendorTag } endpointGroup { id name } investigations { id investigationId createdAt updatedAt hostId } vulnerabilityDetails { highCps highCvss vulnerabilityStatus vdrInstance vdrAssetId vdrOrganizationId vdrHostname createdAt updatedAt } agentSettings { id isDefault tenantId name policyName description channel skipUpgrade createdAt updatedAt fileAnalysis { enabled } autoArchive { enabled periodDays } tamperProtection { enabled } maintenanceWindow { enabled } advancedKernelTelemetry { enabled } } connectionDetails { connectionStatus updatedAt lastConnectedTS lastDisconnectedTS lastDisconnectReason lastSeenAt usingSSL remoteIP remotePort } } pageInfo { endCursor startCursor hasNextPage hasPreviousPage }
    }
}

Archive Endpoints

Archive two endpoints by ID:

mutation DeleteAssetsV2 {
    deleteAssetsV2(input: { filter: { where: { or: [{id: "1802d221-5802-56a2-ae94-c4ddadc81130"}, {id: "3caw4757-6a30-5dfc-accd-d9a6725e2936"}]} } }) {
        id
        status
    }
}

Next Steps

For more information, see the Endpoint Assets GraphQL API Documentation.