Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

API Functions

 

The available APIs for the current Juniper ATP Appliance release are provided in the following sections. This list of APIs is updated as new features are developed.

Note

Use of the return values "monitored" and "scanned" are deprecated in this release; refer instead to outputs for offered_traffic or inspected_traffic.

add_incident_comments

https://HOST/cyadmin/api.php?op=add_incident_comments

HTTP Post Parameters

Description

last_status

Last incident status information

status

Current Status: options are “new,” “acknowledged,” “in_progress” or “complete”

comments

Comment or update

incident_id

ID of the incident for which a comment is to be added or updated

Example

Authorization - The device user API key.

Obtain from Config > System Profiles > Users > Click on any configured User to generate or obtain their API Key.

Sample Response

add_license

This API adds a product or support license to the current Juniper ATP Appliance system.

https://HOST/cyadmin/api.php?op=add_license

HTTP Post Parameters

Description

filename

Name of the license key file to be uploaded and added as a new license

license_type

Product or Support license type

Example

curl -k -b SESSID=fhffc90prmu9dte2bu4mv3od11 -d

“filename=licenseKey&license_type=product”

“https://HOST/cyadmin/api.php?op=add_license”

Authorization - The device user API key.

Obtain from Config > System Profiles > Users > Click on any configured User to generate or obtain their API Key.

Sample Response

There is no response for this API request.

add_user

This API adds a new user to the Juniper ATP Appliance system.

https://HOST/cyadmin/api.php?op=add_user

HTTP Post Parameters

Description

user_name

Username of new user to be added to system

full_name

Full name of the new user

is_admin

New user’s admin access profile; 1 is enabled

has_debug

New user’s debug access privilege; 1 is enabled

generate_api_key

0 for no; 1 for yes

api_key

key definition or _is_disabled if not enabled

password

Password for the new user

csrf_token

unique token ID for the new user

remote_authentication

Valid values are true or false.This key determines whether the user being created will be authenticated using the remote system or not.

remote_authorization

Valid values are true or false.This key determines whether the user being created will be authorized using the remote system or not.

Example

Authorization - The device user API key.

Obtain from Config > System Profiles > Users > Click on any User to obtain an API Key.

Sample Response

There is no response from this API call.

analysis_details

Use the analysis_details API to retrieve the analysis details associated with a particular file object. The analysis_details API takes either an event_id, md5sum or sha1sum as a parameter.

Tip

As of Release 4.1.1 and later, Juniper ATP Appliance now limits the upload to the actual processing limit and throws an error if the file is greater than 16MB.

Unlike the “event” API, analysis_details does not return any context about how and when the file object was discovered.

An additional boolean parameter “get_components” set to 1 will cause the return of all the components of the specified file. This option is only meaningful if the md5sum/sha1sum corresponds to a zip, tar, or other archive.

https://HOST/cyadmin/api.php?op=analysis_details

HTTP Post Parameters

Description

event_id or md5sum/ sha1sum

[Required] Unique identifier for this event. One of these parameters is a mandatory parameter. Get this from the output of the API https://<Host>/cyadmin/api.php?op=events

The md5sum & sha1sum are the hashes of the objects.

get_components

1 indicates components are available

When the get_components value is set, analysis details for all the subcomponents are also returned.

API Access: To demonstrate the analysis_details API from the Central Manager Web UI Incidents page: select an incident from the Incidents table then scroll down the page and click Downloads or Uploads tab. Expand the row to view details and with this action, you will see a call to the analysis_details API .

See also; behavior_details

Example

Authorization - The device user API key.

Obtain from Config > System Profiles > Users > Click on any User to obtain an API Key.

Note

The request should include one of event-id or md5 or sha1. If both are specified, then the server only considers the event-id.

Sample Response

backup

Use this API performs a backup of the running config for the current Juniper ATP Appliance system.

This API uses no parameters, and the response for this API is the file containing the backup.

https://HOST/cyadmin/api.php?op=backup

Example

Authorization - The device user API key.

Obtain from Config > System Profiles > Users > Click on any User to obtain an API Key.

Sample Response

There is no response generated for this API.

behavior_details

This API retrieves per-event analysis details from the Juniper ATP Appliance behavior analysis engine. Use this API to capture all behavioral analysis details for a selected incident event, including all registry changes, mutexes created, and so on.

HTTP Post Parameters

Description

event_id

[Required] Obtain this ID from the of the API https://<Host>/cyadmin/api.php?op=events

collector_id

ID of the Collector that processed the malicious traffic.

API Access: To demonstrate the behavior_details API from the Central Manager Web UI Incidents page: select an incident from the Incidents table then scroll down the page and click Downloads or Uploads tab. Expand the row to view details and with this action, you will see a call to the behavior_details API.

See also; analysis_details

Example

Authorization - The device user API key.

Obtain from Config > System Profiles > Users > Click on any User to obtain an API Key.

NEW: Additional JSON objects are available for obtaining third party ingestion vendor information:

memory_artifact_details This contains all the memory artifact strings that are recognized for the executable from which Juniper ATP Appliance is able to take a memory dump when certain Windows API calls are used. This corresponds to Memory Artifacts information displayed in the Juniper ATP Appliance Central Manager Web UI incident displays.

behavior_details uses an object called malware_actions that lists all the actions exhibited by detected malware. This corresponds to the Malware Traits information displayed in the Juniper ATP Appliance Central Manager Web UI incident displays.

Sample Output