Device Details

API version3.8
Last Update09/28/2023
AuthenticationYES
HTTP MethodPOST
Content Typeapplication/json
Rate limitedYES
Requests per rate limit10/min
Response FormatJSON
Changes

Changes compared with v3.7

  • Added host_name field into the API response

Use to get device details by ID or MAC address.

API URL

https://gears.opswat.com/o/api/v3.8/devices/detail

Request Parameters

KeyDatatypeParameter TypeRequiredDescriptionDefault
access_tokenstringURLYesaccess token which archived from OAuth authentication step
optintBodyOptional

Specify a type of the ids parameter

  • 0: Device ID or MAC Address
  • 1: 3rd party custom ID that is linked to a device
0
idsArrayBodyYesThe list of Device IDs or MAC Addresses or linked IDs of devices you want to retrieve device details information. Max length is 50 devices
verboseobjectBodyOptionalSpecify what information you look for
verbose.system_infointBodyOptional

Specify if system information are included on the response

Values can be:

  • 0: not include
  • 1: include
1
verbose.categoriesintBodyOptional

Specify if category issues the device has are included on the response

Values can be:

  • 0: not include
  • 1: include
0
verbose.unclassifiedintBodyOptional

Only applicable for Wins/macOS devices

Specify if unclassified applications are included on the response

Values can be:

  • 0: not include
  • 1: include
0
verbose.mobile_appsintBodyOptional

Only applicable for iOS/Android devices

Specify if installed applications are included on the response

Values can be:

  • 0: not include
  • 1: include
0
verbose.detected_processesintBodyOptional

Only applicable for Linux devices

Specify if running processes are included on the response

Values can be:

  • 0: not include
  • 1: include
0
verbose.detected_packagesintBodyOptional

Only applicable for Linux devices

Specify if installed packages are included on the response

Values can be:

  • 0: not include
  • 1: include
0
verbose.detected_patchesintBodyOptional

Only applicable for wins/macOS devices

Specify if missing OS patches are included on the response

Values can be:

  • 0: not include
  • 1: include
0
verbose.public_keyintBodyOptional

Only applicable for Wins/macOS/Linux devices

  • 0: not include
  • 1: include
0

Response HTTP Code

See details in the Response HTTP Code section in this page

Response Parameters

KeyDatatypeReturned whenDescription
device_idstringDevice ID which MetaDefender Endpoint generates unique for a device
linked_idstringCustom ID which 3rd party can define. Need to make sure it's unique for a device
serial_numberstringDevice serial number
statusstring

status of device. Values are:

  • compliant: device is in compliance with a policy which the device is assigned to on your account
  • non-compliant: device is not in compliance with a policy which the device is assigned to on your account
  • exempted: device is exempted
  • out_of_license_usage: device is out of token usage.
  • unknown: device has not installed the MetaDefender Endpoint
  • ignored: device has not installed the MetaDefender Endpoint and ignored by an administrator
  • deleted: device is deleted
  • not-found: device is not found
status_detailobject

status detail of device. Values are:

  • agent_installed :

    • 1 : device has installed the MetaDefender Endpoint
    • 2 : device has not installed MetaDefender Endpoint but detected by Network Discovery or Domain Controller agent
    • 3 : device has not installed the MetaDefender Endpoint but detected by Network Discovery or Domain Controller agent and ignored by an administrator

  • out_of_token:

    • 0 :device is not out of token usage
    • 1 :device is out of token usage

  • exempted:

    • 0: device is not exempted
    • 1: device is exempted

  • pending:

    • 0: device reported to servers
    • 1: device has not been reported to servers yet

  • compliant :

    • 0: device is non-compliance with policy
    • 1: device is in compliance with policy

  • quarantined :

    • 0: device is not quarantined
    • 1: device is quarantined
severitystring

Severity level. Values are

  • critical: device has critical issues
  • warning: device has warning issues
  • no-issues: device doesn't have any issues
issueobjectIssue details on the device
issue.total_issueintTotal issues of device
issue.total_critical_issueintTotal critical issues of device
issue.total_warning_issueintTotal warning issues of device
categoriesarray<object>Details of each posture category
categories.category_idstringcategory ID which the current block stands for
categories.issueint

Severity of the category based on the defined policy on your account.

Values are:

  • -1 - category is disabled
  • 0 – no issues
  • 1 – warning
  • 2 – critical
categories.appsarray<object>detailed products in a category
categories.apps.idstringProduct ID
categories.apps.namestringName of the product
categories.apps.vendorstringName of the product vendor
categories.apps.versionstringProduct version
categories.apps.ar_idstringApp remover ID of the product
categories.apps.issueint

Severity of the product based on the defined policy on your account

Values are:

  • -1 - Not an approved product
  • 0 - no issues
  • 1 - warning
  • 2 - critical
categories.apps.health_statusarray<object>health information of the product
categories.apps.health_status.statusstringproduct compliance details
categories.apps.health_status.issueint

Severity of the health_status based on the defined policy on your account

Values are:

  • 0 - no issues
  • 1 - warning
  • 2 - critical
unclassifiedarray<object>Lists of unclassified products
unclassified.idstringproduct ID
unclassified.namestringproduct name
unclassified.vendorstringproduct vendor
unclassified.versionstringproduct version
group_namestringverbose.system_info = 1group name which a device is assigned to
policy_namestringverbose.system_info = 1policy name which a device is assigned to
agent_typestringverbose.system_info = 1

Type of Agent

Values:

managed – Managed device

dc - Domain controller device

device_namestringverbose.system_info = 1Device name of the device. It will get "<private>" value if it's a non-collectible to each fields which related to privacy.
host_namestringverbose.system_info = 1Hostname of the device. It will get "<private>" value if it's a non-collectible to each fields which related to privacy.
nick_namestringverbose.system_info = 1a nickname for the device which an administrator can update on the console
device_typestringverbose.system_info = 1The type of the device
agent_versionstringverbose.system_info = 1Version of an agent installed on the device
oesis_versionstringverbose.system_info = 1SDK version which the agent is running
enrolled_atstringverbose.system_info = 1Timestamp in GMT format when a device enrolled to an account
last_seenstringverbose.system_info = 1The last timestamp in GMT format when the agent reports data to the Cloud
last_rebootstringverbose.system_info = 1The last timestamp in GMT format when device reboots
public_ipstringverbose.system_info = 1public IP of the device in the last report
countrystringverbose.system_info = 1Region where the device IP geographically represents
user_identitystringverbose.system_info = 1

Custom user identity information.

This is only available if the account enables "Enforce users enter custom information" on Advanced Setting tab on Global Settings

user_infoobjectverbose.system_info = 1User information block
user_info.usernamestringusername who currently logs in. This field will be remove if it's set as privacy
user_info.domainstringCurrently logged in user domain
remediation_linkstringverbose.system_info = 1remediation page URL of the given device
os_infoobjectverbose.system_info = 1Operation system information
os_info.familystringOS family
os_info.namestringOS name
os_info.vendorstringOS vendor
os_info.versionstringOS version
os_info.service_pack_versionstringOS Service Pack Version
os_info.architecturestringOS architecture
os_info.os_languagestringOS language
os_info.user_password_setintIf user password is set on OS, 1 is set, 0 is not set
network_infoarray<object>verbose.system_info = 1Network adapter information block
network_info.descriptionstringnetwork card description
network_info.macstringMedia Access Control (MAC) address of the network adapter.. This field will be remove if it's a non-collectible to each fields which related to privacy.
network_info.ipv4stringIPv4 addresses associated with the network adapter. This field will be remove if it's a non-collectible to each fields which related to privacy.
network_info.ipv6stringIPv6 addresses associated with the network adapter. This field will be remove if it's a non-collectible to each fields which related to privacy.
network_info.subnet_maskstringthe subnet mask associated with the current network adapter.
network_info.media_statestringnetwork card state
network_info.dhcp_enabledstringDHCP enabled state of installed network adapter.
network_info.dhcp_obtainedstring(Optional)The timestamp in GMT format when the lease was obtained for the IP address assigned to the computer by the DHCP server.
network_info.dhcp_expiresstring(Optional)The expiration timestamp in GMT format for a leased IP address that was assigned to the computer by the DHCP server.
network_info.dhcp_serverstring(Optional)IP address of the dynamic host configuration protocol (DHCP) server.
network_info.adapter_enabledstringIndicates whether the adapter is enabled or not.
network_info.default_gatewaystring(Optional)Array of IP addresses of default gateways that the computer system uses.
network_info.dns_addressesarray<string>(Optional)Array of server IP addresses to be used in querying for DNS servers.
link_userobjectverbose.system_info = 1User is linked by admin (editable)
link_user.usernamestringUsername is linked to device by admin
link_user.groupstringGroup is linked to device by admin
mobile_appsarray<object>

Only applicable for iOS/Android devices

Lists of applications installed on the device

mobile_apps.namestringapplication name
mobile_apps.vendorstringapplication vendor
mobile_apps.community_ratestringrating from community
mobile_apps.community_reviewerstringnumber of community reviewers who reviewed the application
detected_processesobject

Only applicable for Linux devices

Details about running processes on the device when the device reports data to your account

detected_processes.totalintnumber of running processes on the device when the device reports data to your account
detected_processes.processesarray<object>Lists of running processes on the device when the device reports data to your account with details
detected_packagesobject

Only applicable for Linux devices

Details about packages installed on the device when the device reports data to your account

detected_packages.totalintnumber of packages installed on the device when the device reports data to your account
detected_packages.packagesarray<object>Lists of packages installed on the device when the device reports data to your account
detected_patchesobject

Only applicable for Windows/macOS devices

Details about missing patches on the device when the device reports data to your account

detected_patches.timestampstringtimestamp in GMT format when the device reports data to your account
detected_patches.totalintTotal missing patches on the device when the device reports data to your account
detected_patches.patchesarray<object>Lists of missing patches on the device when the device reports data to your account
detected_patches.patches.categorystringThe category of a missing patch: 'security_update', 'update_rollup', 'critical_update', 'update', 'driver', 'service_pack', 'unknown'.
detected_patches.patches.titlesstringThe title of a missing patch.
detected_patches.patches.descriptionstringThe description of a missing patch.
detected_patches.patches.productstringThe product missing this patch.
detected_patches.patches.vendorstring(optional) The vendor of the product missing this patch
detected_patches.patches.severitystringThe severity of a missing patch: 'low', 'moderate', 'important', 'critical', 'unknown'.
detected_patches.patches.kb_namestring(optional)The knowledge base article id of a missing patch. May duplicate security_update_id on some platforms.
detected_patches.patches.release_datestringA timestamp in GMT format when a patch is released
infectionobjectDetails on threat detection
infection.metascanobject

Only applicable for Windows/macOS/Linux devices

Infection information block which is detected by Metadefender Cloud

infection.metascan.last_scanstringThe last timestamp a device reports Statement of Threat
infection.metascan.totalintTotal infections which is detected by Metadefender Cloud
infection.metascan.issueint

Status of Daily Metadefender Cloud anti-malware scan based on a device policy on your account Values are:

  • -1 – category is disabled
  • 0 – category doesnot have issues
  • 1 – category has issues
  • 2 – category has critical issues
infection.metascan.threatsarray<object>Lists of found threats
infection.metascan.threats.criticalint

Critical status of the threat

Values are:

  • 0 – not critical
  • 1 – critical
infection.metascan.threats.scan_timestringtimestamp when found the threat
infection.metascan.threats.filestringFile was found the threat
infection.metascan.threats.hashstringhash of the file
infection.metascan.threats.threat_namestringThreat name
infection.metascan.threats.detailsarray<object>threat details on each engine which detected the threat
infection.metascan.threats.details.threat_namestringThreat name which detected on a specific engine
infection.metascan.threats.details.av_namestringengine name
infection.antivirusobject

Only applicable for Windows/macOS devices

Repeated threat details detected by local anti-malware applications

infection.antivirus.totalintTotal repeated threats which are detected by local anti-malware applications
infection.antivirus.issueint

Status of repeated threats based on a device policy on your account

Values are:

  • -1 – category is disabled
  • 0 – category doesnot have issues
  • 1 – category has issues
  • 2 – category has critical issues
infection.antivirus.threatsarray<object>Lists of repeated threats
infection.antivirus.threats.criticalint

Critical status of the threat

Values are:

  • 0 – not critical
  • 1 – critical
infection.antivirus.threats.scan_timestringLast timestamp when the threat was detected
infection.antivirus.threats.repeatintNumber of times the threat was detected
infection.antivirus.threats.filestringFile was detected as a threat
infection.antivirus.threats.hashstringhash of the file
infection.antivirus.threats.threat_namestringthreat name
infection.antivirus.threats.product_namestringproduct name which detected the threat
infection.antivirus.threats.product_vendorstringvendor name
infection.antivirus.threats.product_versionstringproduct version
infection.antivirus.threats.severitystringthreat severity
infection.antivirus.threats.actionstringThe type of remediation ( unknown, cleaned, deleted, quarantined)
infection.antivirus.threats.existingint

to indicate if an infected file still exists on the system.

  • 0 : not existing
  • 1 : existing
infection.ip_scanningobject

Only applicable for LINUX/MOBILE devices

Details of daily scan for suspicious IP connections

infection.ip_scanning.totalintTotal of suspicious IPs
infection.ip_scanning.issueint

Status of the suspicious IP based on a device policy on your account

Values are:

  • -1 – category is disabled
  • 0 – category doesnot have issues
  • 1 – category has issues
infection.ip_scanning.threatsarray<object>Lists of suspicious IPs
infection.ip_scanning.threats.geo_infoobjectAn object represents the geolocation of the suspicious IP
infection.ip_scanning.threats.geo_info.country_codestringRegion name of the network address (e.g., San Paulo)
infection.ip_scanning.threats.geo_info.citystringCountry name of the network address (e.g., Brazil)
infection.ip_scanning.threats.geo_info.country_namestringCountry name of the network address (e.g., BR)
infection.ip_scanning.threats.geo_info.region_namestringRegion code of the network address (e.g., 27)
infection.ip_scanning.threats.geo_info.region_codestringCity name of the network address (e.g., San Paulo)
infection.ip_scanning.threats.network_addressstringIP address of the suspicious IP
infection.ip_scanning.threats.statusstringindicates the scanning object is clear, dirty or in-progress
infection.ip_scanning.threats.total_sourceintnumber of total source
infection.ip_scanning.threats.threatsarray<object>details of IP connections
infection.ip_scanning.threats.threats.assessmentstringType of threat detected
infection.ip_scanning.threats.threats.confidentstringRepresents the reliability of the detection based on several factors. The higher the score, the more reliable the result.
infection.ip_scanning.threats.threats.source_namestringSource of the feed, usually the domain where the feed is from (e.g., example.com)
public_keystringverbose.public_key =1The public key URL of the client certificate generated by the MetaDefender Endpoint
in_grace_periodint

Grace-period status of the device:

  • 0: Device is not in grace period
  • 1: Device is in grace period

Example

Example Request: no verbose

Copy

Example Response

Copy

Example Request: verbose with extra information

Copy

Example Response

Copy

Example response for domain controller device

Copy

History

VersionURL
v3.7auto$
v3.5auto$
v3.4auto$
v3.3auto$
v3.2auto$
v3.1auto$
v3.0auto$
v2.6auto$
v2.5auto$
v2.4auto$
v2.3auto$
v2.2auto$
v2.1auto$
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Device Information
On This Page
Device DetailsAPI URLRequest ParametersResponse HTTP CodeResponse ParametersExampleExample response for domain controller deviceHistory