Agent APIs
The software agents APIs are associated with managing Secure Workload software agents. These set of APIs require the sensor_management capability that is associated with the API key. The following GET APIs are also available with flow_inventory_query capability that is associated with the API key.
Get software agents
This endpoint returns a list of software agents. Each software agent has two fields to describe its agent type, agent_type_str is in plain text while agent_type is an enum.
GET /openapi/v1/sensors
Parameters:
|
Name |
Type |
Description |
|---|---|---|
|
limit |
integer |
Limits the number of results returned (optional) |
|
offset |
string |
Offset is used for paginated requests. If the response returns an offset then subsequent request must use the same offset to get more results in the next page. (Optional) |
Response object: a list of software agents with the following attributes:
|
Attribute |
Type |
Description |
|---|---|---|
|
agent_type |
integer |
Agent type in enum |
|
agent_type_str |
string |
Agent type in plaintext |
|
auto_upgrade_opt_out |
boolean |
If set to true, agents will not be automatically upgraded during a cluster upgrade. |
|
cpu_quota_mode |
integer |
CPU quota control |
|
cpu_quota_us |
integer |
CPU quota usage |
|
current_sw_version |
string |
Version of agent software running on the workload |
|
data_plane_disabled |
boolean |
If set to true, flow telemetry data will not be exported from the agent to the cluster. |
|
desired_sw_version |
string |
The version of the agent software intended to be running on the workload. |
|
enable_conversation_flows |
boolean |
If set to true, conversation mode is enabled. |
|
enable_cache_sidechannel |
boolean |
If set to true, side channel attack detection is enabled. |
|
enable_forensics |
boolean |
If set to true, forensics feature is enabled. |
|
enable_meltdown |
boolean |
If set to true, meltdown exploit detection is enabled. |
|
enable_pid_lookup |
boolean |
If set to true, process lookup is enabled. |
|
forensics_cpu_quota_mode |
integer |
Forensics CPU quota control |
|
forensics_cpu_quota_us |
integer |
Forensics quota usage |
|
forensics_mem_quota_bytes |
integer |
Forensics memory quota, in bytes |
|
host_name |
string |
Host name on the workload |
|
interfaces |
array |
Array of interface objects |
|
kernel_version |
string |
Kernel version |
|
last_config_fetch_at |
integer |
Last config fetched at |
|
last_software_update_at |
integer |
The timestamp indicating when the software was last updated. |
|
max_rss_limit |
integer |
Maximum memory limit |
|
platform |
string |
Platform of the workload |
|
uuid |
string |
Unique ID of the agent |
|
windows_enforcement_mode |
string |
Type of Windows enforcement mode:
|
|
current_appliance_id |
string |
Unique ID of the current appliance running in Secure Workload |
|
desired_appliance_id |
string |
Unique ID of the desired appliance running in Secure Workload |
|
bios_uuid |
string |
BIOS uuid of the node |
|
client_ip |
string |
Client IP address |
|
os_display_label |
string |
Display label that indicates the OS of a workload. |
|
arch |
string |
Architecture of the agent |
|
enforcement_max_rss_limit |
integer |
Enforcement Agent Max RSS limit. |
|
enforcement_cpu_quota_mode |
integer |
Enforcement Agent CPU quota mode. |
|
enforcement_cpu_quota_us |
integer |
Enforcement Agent CPU quota micros sec. |
|
drop_special_flows |
boolean |
An option to block specific network traffic flows. |
|
auto_removal_after_sec |
integer |
An option to enable automatic removal after a specified number of seconds. |
|
enable_process_visibility |
boolean |
An option to enable process visibility. |
|
enable_package_visibility |
boolean |
An option to enable package visibility. |
|
is_internal |
boolean |
A Label that specifically indicates the workload is a part of the internal network. |
|
enable_service_protection |
string |
An option to enable service protection. |
|
vrf_id |
integer |
VRF ID |
|
created_at |
integer |
The timestamp indicating when the agent was created. |
|
proxy_uuid |
string |
Unique ID of the proxy |
|
mac |
string |
Eth0 mac |
|
config_updated_at |
integer |
The timestamp indicating when the config was updated. |
|
enable_dpi |
boolean |
An option to enable DPI. |
|
auto_removed |
boolean |
An option to enable automatic removal. |
|
vrf |
string |
VRF name |
|
last_config_fetch_at |
integer |
The timestamp indicating when the config was last fetched. |
|
deleted_at |
integer |
The timestamp indicating when the agent was deleted. |
|
uninstalled_at |
integer |
The timestamp indicating when the agent was uninstalled. |
|
enforcement_enabled |
boolean |
An option that enables enforcement of security policies on the workload. |
|
config_intent_id |
string |
ID of the agent config intent |
|
config_profile_id |
string |
ID of the agent config profile |
|
config_profile_name |
string |
Profile name of the config |
|
forensics_export_signals |
string |
Forensics export signals |
|
desired_agent_type |
string |
Desired agent type |
|
agent_anomaly_types |
object |
Anomaly types of the agent |
|
cmdb_labels |
string |
Labels assigned to CMDB configuration items |
|
insecure_cipher |
boolean |
Insecure TLS ciphers |
|
deprecated_tls |
boolean |
TLS that is deprecated |
|
flows_disk_quota_bytes |
integer |
Disk space allocated for network flows, in bytes. |
|
flows_time_quota_sec |
integer |
Time allocated for network flows, in seconds. |
|
pkg_upgr_exception |
integer |
Exception about Package upgrade |
|
unsupported_version |
boolean |
Version that is unsupported |
|
sensor_cpu_quota_alert |
boolean |
An alert regarding the sensor's CPU quota. |
|
enforcer_cpu_quota_alert |
boolean |
An alert regarding the enforcer's CPU quota. |
|
forensic_cpu_quota_alert |
boolean |
An alert regarding the forensics' CPU quota |
|
sensor_mem_usage_alert |
boolean |
An alert regarding the sensor's memory usage. |
|
enforcer_mem_usage_alert |
boolean |
An alert regarding the enforcer's memory usage. |
|
forensic_mem_usage_alert |
boolean |
An alert regarding the forensics' memory usage. |
|
client_cert_validity_days |
integer |
The number of validity days for client certificate. |
|
force_disable_enforcement |
boolean |
Enforcement disabled |
|
force_disable_enforcement_updated_at |
integer |
The timestamp indicating when force enforcement was disabled. |
|
last_pkg_served_at |
integer |
The timestamp indicating when the last package was served. |
|
last_pkg_served |
string |
The last package served |
|
flow_rules |
array |
An array of flow rules object. |
|
flow_rules_updated_at |
integer |
The timestamp indicating when the flow rules were updated. |
|
enable_user_reporting |
boolean |
Enables user reporting |
Get software agent
This endpoint returns attributes for the software agent whose UUID is part of the URI. Each software agent has two fields to describe its agent type, <agent_type_str> is in plain text while <agent_type> is an enum.
GET /openapi/v1/sensors/{uuid}
Delete software agent
This endpoint is used to decommission a software agent given its UUID.
Use the API with caution; when an agent is deleted, it is no longer available in the Secure Workload dashboard and if the agent is active, flow exports from the agent are not allowed in Secure Workload.
DELETE /openapi/v1/sensors/{uuid}