Direct Instance Management v10.2507.0

Direct Connection Support in CM10

My OPSWAT Central Management (MOCM) supports initiating a direct connection to MetaDefender (MD) product instances, enabling the execution of product-specific APIs and supported commands. The following OPSWAT products currently support this feature:

MetaDefender CORE (version 5.15.0 and above)
MetaDefender ICAP (version 5.9.0 and above)

How it works

MD Core/ICAP must first be registered with the MOCM. Once enrolled, MOCM can effectively manage MD Core/ICAP instances.

When an administrator invokes MOCM APIs, MOCM authenticates the request and then forwards it to the appropriate Product Instance APIs.

Administrators do not need to enable inbound traffic from users to MD instances. All requests are securely routed from MOCM directly to the MD instances.

Steps to make API requests

Once the product instance is enrolled in CM10, adminstrator can follow these steps to make an api request to the instance

Get OAuth API Access token from MOCM
Go to MOCM console page and setup application to get an access token:

Obtain the connectionID
Retrieve the connectionID from the relevant product instance.

Construct the API Request
- Build the URL: Combine the MOCM endpoint URL with the retrieved connectionID.
- Prepare the Request Body: Include the required data exactly as specified in the product support documentation.
- Set the Required Headers:
  - X-App-Method: Specify the original HTTP method (e.g., GET, POST).
  - X-App-Url: Provide the original request path.
  - Include any optional headers from the original request using the format: X-App-Header-{headerKey}.

For detailed examples, please refer to the documentation: View Documentation

Server

https://product.my.us.opswat.com

MyOpswat Central Management US tenant

https://product.my.eu.opswat.com

MyOpswat Central Management EU tenant

Authentication

Users authenticate using a Client ID and Client Secret, which can be obtained from My OPSWAT Central Management.

POST

/o/oauth2/token

Get Oauth API Token

To retrieve your Client ID and Client Secret, please follow this link: https://www.opswat.com/docs/cm/developer-guidelines/how-to-work-with-apis

Auth

Request Body

Required information to generate token

object	object
client_id	string
client_secret	string	Client Secret of MyOpswat Central Management Account
grant_type	string	client_credentials

POST /o/oauth2/token

xxxxxxxxxx
 
curl --request POST \ --url 'https://my.us.opswat.com/o/oauth2/token' \ --data '"curl --location 'https://product.my-staging.us.opswat.com/o/oauth2/token' \\\r\n--header 'Content-Type: application/x-www-form-urlencoded' \\\r\n--header 'Authorization: ••••••' \\\r\n--data-urlencode 'client_id={Client_Id}' \\\r\n--data-urlencode 'client_secret=Q{Client_Secret}' \\\r\n--data-urlencode 'grant_type=client_credentials'"'
Copy

Responses

200

response

Root Type for Oauth_reponse_data	object
access_token	string
token_type	string
expires_in	int32

Response

xxxxxxxxxx
 
{ "access_token": "TEST7P9ZMJ2LBF8AMOMJLFNPMMLO953AVQ4C9YFF52R6456", "token_type": "Bearer", "expires_in": 43199}
Copy

Connection_management

Manage direct connection from product instances to MyOpswat Central Management

GET

/fusion/console/services/connection/{connectionId}

DELETE

/fusion/console/services/connection/{connectionId}

POST

/fusion/console/services/connection/request/{productType}

GetConnection status

Get Connection status by Connection ID

Auth

GET /fusion/console/services/connection/{connectionId}

xxxxxxxxxx
 
curl --get \ --url 'https://product.my.us.opswat.com/fusion/console/services/connection/{connectionId}'
Copy

Responses

200

Get Connection Status successfully

Root Type for InitConnectionData_reponse_success	object
connId	string
status	string

400

Invalid ConnectionId

Response

xxxxxxxxxx
 
{ "connId": "63BdkJatrysSo4w4tGVjp8ShAtTFJgQfufwsRm56JngHK", "status": "REQUESTING"}
Copy

Close connection

Close a direct connection

Auth

DELETE /fusion/console/services/connection/{connectionId}

xxxxxxxxxx
 
curl --request DELETE \ --url 'https://product.my.us.opswat.com/fusion/console/services/connection/{connectionId}'
Copy

Responses

200

desc

No response body

Response

xxxxxxxxxx
 
No response
Copy

Initiate Direct Instance Connection

Initiate a direct communication channel from CM10 to the product instance.

Auth

Path Params

productType

string

OPSWAT product types

Enum: mdcore,mdicap

Request Body

Root Type for InitConnectionData	object	Data for initiating a connection from MyOpswat Central Management
deploymentId	string
Purpose	string

POST /fusion/console/services/connection/request/{productType}

xxxxxxxxxx
 
curl --request POST \ --url 'https://product.my.us.opswat.com/fusion/console/services/connection/request/%7BproductType%7D' \ --data '"curl --location 'https://product.my-staging.us.opswat.com/fusion/console/services/connection' \\\r\n--header 'Cache-Control: no-cache' \\\r\n--header 'Postman-Token: <calculated when request is sent>' \\\r\n--header 'Content-Type: application/json' \\\r\n--header 'User-Agent: PostmanRuntime/7.39.1' \\\r\n--header 'Accept: */*' \\\r\n--header 'Accept-Encoding: gzip, deflate, br' \\\r\n--header 'Connection: keep-alive' \\\r\n--header 'Authorization: Bearer eyJraWQiOiJiMk50ZGpkZmMybG5ibWx1WjE5clpYaz0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJTVDlaSlpaTlVYR09SSDlXVEtCMUEzRUtBUjc4SlNMQ1cyS0VKS0QzVlRZQkFNU0QiLCJhdWQiOiJTVDlaSlpaTlVYR09SSDlXVEtCMUEzRUtBUjc4SlNMQ1cyS0VKS0QzVlRZQkFNU0QiLCJuYmYiOjE3NTIzNzUxNDYsImFjY291bnRfaWQiOiJlYmNlYjM3Zi0wMjZmLTQzMTAtODM5Ni03MDI1Mzc3NWFlMmYiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiaXNzIjoiaHR0cHM6Ly9wcm9kdWN0Lm15LXN0YWdpbmcudXMub3Bzd2F0LmNvbS9vIiwiZXhwIjoxNzUyNDE4MzQ2LCJpYXQiOjE3NTIzNzUxNDYsImp0aSI6ImE4YTNmMTJhLTQ1ZmYtNGY0MC04ZjBlLWY0NDM4ZTQ2MWNkOCIsImNsaWVudF9pZCI6IlNUOVpKWlpOVVhHT1JIOVdUS0IxQTNFS0FSNzhKU0xDVzJLRUpLRDNWVFlCQU1TRCJ9.I_9EB2YQ06JpHS-_ZV5zc7TbdQUXeB1Zt_WGtdKTwh1BI12X3UmbrljimWfXBrB0PQQjdZFQcFlY44_5HTTIOEuF15qqdzaLzYeMWnBD-T_Pxy7H5SyIbc8LfrHjW8Qa6eaItt5o-Xag-taoSJ_7h8rDRyyNo1KhzBzPzGA14BCEKWyDzLPjg5UxspzaJAuVI9FnRhnOjrPgk_t_rkWjSwcnoJAEuwGxz3NbNVqRaklZImaxYqu6YujlVgM7uTB4Y7y0IAmPn89bKbI0wzBRVtXaYqDzqHuu1cEx-0gakhdM8PUWXtaf4tEfcKJbqI7PTlpdZQI6Inrx9mUE_5F20g' \\\r\n--header 'Cookie: INGRESSCOOKIE=1752158896.417.29.397117|8cc77ee06a40d800703beb1196648895' \\\r\n--data '{\r\n    \"deploymentId\": \"MSCW6K5YDChLEV0Jq8y9ASMAqUnpeRreyNHk\",\r\n    \"Purpose\": \"Test CORE Integration\"\r\n}'"'
Copy

Responses

200

Init Connection successfull

Root Type for InitConnectionData_reponse_success	object
connId	string
status	string

404

Incorrect DeploymentId

Response

xxxxxxxxxx
 
{ "connId": "63BdkJatrysSo4w4tGVjp8ShAtTFJgQfufwsRm56JngHK", "status": "REQUESTING"}
Copy

Sending_requests

Sending requests directly from My OPSWAT Central Management to product instances.

POST

/fusion/console/services/connection/{connectionId}

Sending Requests/Commands

Sending Requests or Commands to Product Instances

To view the list of supported APIs for each product, please refer to the following link: Supported Product APIs

Auth

Headers

X-App-Method	string
X-App-URL	string

Request Body

string string

POST /fusion/console/services/connection/{connectionId}

xxxxxxxxxx
 
curl --request POST \ --url 'https://product.my.us.opswat.com/fusion/console/services/connection/{connectionId}' \ --header 'X-App-Method: {X-App-Method}' \ --header 'X-App-URL: {X-App-URL}' \ --data '"{\n    //Input the same databody of the request that send to product intances\n}"'
Copy

Responses

200

string string

Response

xxxxxxxxxx
 
{    Return the output from product instance    }
Copy

Pmp

POST

/o/pmp/v1/reports/details

POST

/o/pmp/v1/reports

POST

/o/pmp/v1/kiosk/configuration

Get PMP Report Details

Retrieve the details of a PMP report - including MetaDefender Kiosk, MetaDefender Drive - using the report's session ID. This API returns data as a stream.

Auth

Request Body

object	object
session_id	string	session ID.
filter	object
issue_type	array[string]	Specify what issue type used to filter along with the field. Enum: `VUL(vulnerability)`,`COO`,`SENSITIVE`,`SKIPPED`,`INFECTED`

POST /o/pmp/v1/reports/details

xxxxxxxxxx
 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/pmp/v1/reports/details' \ --data '{  "filter": {    "issue_type": [      "VUL",      "COO",      "SENSITIVE",      "SKIPPED",      "INFECTED"    ]  },  "session_id": "report1617662410591"}'
Copy

Responses

200

Successful response

object	object
id	string	ID
timestamp	long	timestamp when the report occurs
sync_time	long	timestamp when the report sent to My Opswat Central Management
session_id	string	session id of the report
file_name	string	file name
file_path	string	file path
pmp_type	string	issue type
device_id	string	Device id of a device that the report occurred on
device_type	string	Device type of a device that the event occurred on
device_name	string	Device name of a device that the report occurred on
md5	string	md5 of the file
sha1	string	sha1 of the file
sha256	string	sha256 of the file

Response

xxxxxxxxxx
 
{ "id": "681a21f3c239c15ff0c16981", "file_name": "Exceeded Archive File Number_4.zip", "file_path": "E:\\Exceeded Archive File Number_4.zip", "pmp_type": "SENSITIVE", "device_type": "KIOSK", "timestamp": 1712161663000, "sync_time": 1747381075000, "session_id": "phuoc12345678", "device_name": "phuockiosk", "device_id": "phuockiosk", "md5": "F4C0908C43B07361D9692AB21163E554", "sha1": "FB08572F367FD54E6C82C17E6B4FFEFF4A109441", "sha256": "3A08843F67A170B0AC9588E7C9C742D4602416140A1FC8D15AE0B6F10C7BF228"}
Copy

Get PMP Reports

Retrieve reports of PMP devices - including MetaDefender Kiosk, MetaDefender Endpoint - in the cursor fashion, sorted by reported time in ascending order.

Auth

Request Body

object	object
token	string	Pagination token to retrieve the next set of items.
limit	integer	Maximum number of devices to return. The value should be in [1,100]. Default: 20
start_time	long	Specify a start time of the query's duration. The format should be Unix epoch time in milliseconds The value must be greater than zero, and it must not be more than 30 days from the current date.
end_time	long	Specify an end time of the query's duration. The format should be Unix epoch time in milliseconds.
filter	object
device_type	array[string]	Specify what device type used to filter along with the field. Enum: `EM`,`KIOSK`,`MK5`
media_type	array[string]	Specify what media type used to filter along with the field.
issue_type	array[string]	Specify what issue type used to filter along with the field. Enum: `VUL(vulnerability)`,`COO`,`SENSITIVE`,`SKIPPED`,`INFECTED`

POST /o/pmp/v1/reports

xxxxxxxxxx
 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/pmp/v1/reports' \ --data '{  "filter": {    "device_type": [      "KIOSK"    ],    "media_type": [      "USB Device"    ],    "issue_type": [      "VUL",      "COO",      "SENSITIVE",      "SKIPPED",      "INFECTED"    ]  },  "start_time": 1617662410591,  "end_time": 1618267210591,  "limit": 1,  "token": "60ed8afd62585c75b2d5b551"}'
Copy

Responses

200

Successful response

object	object
token	string	Pagination token
data	array[object]
timestamp	long	timestamp when the report occurs
sync_time	long	timestamp when the report sent to My Opswat Central Management
session_id	string	session id of the report
report_id	string	report id of the report
user_name	string	User logged-in ID who logged into a device when the report occurred
device_name	string	Device name that the report occurred on
device_id	string	Device id of a device that the report occurred on
device_type	string	Device type of a device that the event occurred on
device_group	string	A device's group name
media_type	string	media type
total_infected	integer	total infected files in the report
total_vulnerability	integer	total vulnerable files in the report
total_sensitive	integer	total sensitive files in the report
total_coo	integer	total coo detection files in the report
total_skipped	integer	total skipped files in the report
total_files_scanned	integer	total scanned files in the report
total_sanitized	integer	total sanitized files in the report
total_threat	integer	total issued files in the report

Expand

Response

xxxxxxxxxx
 
{ "data": [  {   "timestamp": 1712161663000,   "sync_time": 1747381075000,   "session_id": "phuoc123456789x",   "report_id": "phuoc123456789x",   "user_name": "Guest",   "device_name": "phuockiosk",   "device_id": "phuockiosk",   "device_type": "KIOSK",   "device_group": "Default Kiosk Windows",   "media_type": "SCSI Device",   "total_infected": 1,   "total_vulnerability": 0,   "total_sensitive": 4,   "total_coo": 0,   "total_skipped": 0,   "total_files_scanned": 14,   "total_sanitized": 4,   "total_threat": 5  } ], "token": "60ed8afd62585c75b2d5b551"}
Copy

Update Yara rules and file hashes for MetaDefender Kiosk

Auth

Request Body

object	object
apply_type	string	Values: - all: apply for all instances - instances: apply for specific instances in
apply_to	array[string]	The list of instance IDs will be updated the file hashes and Yara rules.
yara_sources	object
type	string	Possible values: - append: will append to existing yara rules - overwrite: will overwrite all yara rules
skip_by_hash	object
type	string	Possible values: - append: will append to existing yara rules - overwrite: will overwrite all yara rules

POST /o/pmp/v1/kiosk/configuration

xxxxxxxxxx
 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/pmp/v1/kiosk/configuration' \ --data '{  "apply_type": "all",  "apply_to": [],  "yara_sources": {    "type": "append",    "local_sources": [      {        "source": "/mnt/yara",        "state": "enabled"      }    ],    "http_sources": [      {        "source": "http://onlineyarasources.net/source.zip",        "state": "disabled"      }    ]  },  "skip_by_hash": {    "type": "overwrite",    "blacklist": {      "edecbf6bd03ef340e0c6cd438a4069c2": {        "comment": "example3"      }    },    "skip": {      "13d8b8329bd2f668e6a889f32feaa48c832dbf0c": {        "comment": "example4",        "engines": [          "totaldefense"        ]      }    },    "whitelist": {      "6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d": {        "comment": "example5"      },      "df72d035b31b1ff89f752e83af14b9e9dcf4913d9954f074546860d10b6908fb": {        "comment": "example2"      }    }  }}'
Copy

Responses

200

Successful response

object	object
total_applied	integer	The number of instances will be applied the Yara rules and file hashes. Note that My OPSWAT Central Management will save this change and will send to MetaDefender Kiosk next time it checks in with My OPSWAT Central Management.

Response

xxxxxxxxxx
 
{ "total_applied": 12}
Copy

Meta Defender Drive

MetaDefender Drive.

POST

/o/mdd/v1/reports

POST

/o/mdd/v1/reports/details

Get MetaDefender Drive Reports

Receive MetaDefender Drive's reports in the cursor fashion, sorted by reported time in ascending order.

Auth

Request Body

object	object
token	string	Pagination token to retrieve the next set of items.
limit	integer	Maximum number of devices to return. The value should be in [1,100]. Default: 20
start_time	long	Specify a start time of the query's duration. The format should be Unix epoch time in milliseconds The value must be greater than zero, and it must not be more than 30 days from the current date.
end_time	long	Specify an end time of the query's duration. The format should be Unix epoch time in milliseconds.
filter	object
scanned_host	array[string]
scanned_by	array[string]
issue_type	array[string]	Specify what issue type used to filter along with the field. Enum: `VUL(vulnerability)`,`COO`,`SENSITIVE`,`SKIPPED`,`INFECTED`

POST /o/mdd/v1/reports

xxxxxxxxxx
 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/mdd/v1/reports' \ --data '{  "filter": {    "scanned_host": [      "qa-machine"    ],    "scanned_by": [      "MSCLyAWEbU6qKF8ULBXwKmj60WBvJsbnnByS"    ],    "issue_type": [      "VUL",      "COO",      "SENSITIVE",      "SKIPPED",      "INFECTED"    ]  },  "start_time": 1617662410591,  "end_time": 1618267210591,  "limit": 1,  "token": "60ed8afd62585c75b2d5b551"}'
Copy

Responses

200

Successful response

object	object
token	string	Pagination token
data	array[object]
timestamp	long	timestamp when the report occurs
sync_time	long	timestamp when the report sent to My Opswat Central Management
session_id	string	session id of the report
hardware_model	string	hardware model of a device that the report occurred on
scan_profile	string	scanning profile
scanned_host	string
scanned_by	string
device_group	string	A device's group name
total_infected	integer	total infected files in the report
total_vulnerability	integer	total vulnerable files in the report
total_sensitive	integer	total sensitive files in the report
total_coo	integer	total coo detection files in the report
total_skipped	integer	total skipped files in the report
total_files_scanned	integer	total scanned files in the report
total_sanitized	integer	total sanitized files in the report
total_threat	integer	total issued files in the report

Expand

Response

xxxxxxxxxx
 
{ "data": [  {   "timestamp": 1746618097000,   "sync_time": 1746618097000,   "session_id": "qa-virtual-machine__CustomScan_07-May-2025_11-41-37.json.gz",   "device_group": "Default Drivea",   "hardware_model": " VMware, VMware Virtual Platform",   "scan_profile": "Custom Scan",   "scanned_host": "qa-virtual-machine",   "scanned_by": "MSCLyAWEbU6qKF8ULBXwKmj60WBvJsbnnByS",   "total_infected": 0,   "total_vulnerability": 0,   "total_sensitive": 57,   "total_coo": 0,   "total_skipped": 15,   "total_files_scanned": 15677,   "total_sanitized": 0,   "total_threat": 72  } ], "token": "60ed8afd62585c75b2d5b551"}
Copy

Get MetaDefender Drive Report Details

Retrieve the MetaDefender Drive report details by using the report ID and device ID. This API returns data as a stream.

Auth

Request Body

object	object
device_id	string	the device ID
report_id	string	the report ID
filter	object
issue_type	array[string]	Specify what issue type used to filter along with the field. Enum: `VUL(vulnerability)`,`COO`,`SENSITIVE`,`SKIPPED`,`INFECTED`

POST /o/mdd/v1/reports/details

xxxxxxxxxx
 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/mdd/v1/reports/details' \ --data '{  "filter": {    "issue_type": [      "VUL",      "COO",      "SENSITIVE",      "SKIPPED",      "INFECTED"    ]  },  "device_id": "MSCLyAWEbU6qKF8ULBXwKmj60WBvJsbnnByS",  "report_id": "qa-virtual-machine__CustomScan_11-Apr-2025_03-34-31.json.gz"}'
Copy

Responses

200

Successful response

object	object
id	string	ID
timestamp	long	timestamp when the report occurs
sync_time	long	timestamp when the report sent to My Opswat Central Management
session_id	string	session id of the report
file_path	string	file path
threat_type	string	issue type
device_id	string	Device id of a device that the report occurred on
device_group	string	Device group of a device that the report occurred on
sha256	string	sha256 of the file

Response

xxxxxxxxxx
 
{ "id": "67f88dd210db0c74b2da2514", "file_path": "/media/Disk2/EFI/ubuntu/shimx64.efi", "threat_type": "SKIPPED", "timestamp": 1746618097000, "sync_time": 1746618097000, "session_id": "qa-virtual-machine__CustomScan_11-Apr-2025_03-34-31.json.gz", "device_id": "MSCLyAWEbU6qKF8ULBXwKmj60WBvJsbnnByS", "device_group": "Default Drivea", "sha256": "6fe6e1bcbe6cf6baec8e056d40361ca1aa715cc04ddcc2855351de060b84350b"}
Copy

Meta Defender Core

Get MetaDefender Core Reports

Retrieve MetaDefender Core's processing history reports using cursor-based pagination, sorted by report time in ascending order.

Auth

Request Body

object	object
token	string	Pagination token to retrieve the next set of items.
limit	integer	Maximum number of devices to return. The value should be in [1,100]. Default: 20
start_time	long	Specify a start time of the query's duration. The format should be Unix epoch time in milliseconds. The value must be greater than zero, and it must not exceed one year from the current date.
end_time	long	Specify an end time of the query's duration. The value must be a Unix epoch timestamp in milliseconds, greater than zero, and no more than 30 days after the start_date.
filter	object
deployment_ids	array[string]	List of deployment ID
group_ids	array[string]	List of group ID
status	array[string]	Enum: `Blocked`,`Allowed`
request_type	array[string]	Enum: `batch`,`batched`,`extracted`,`rest`

POST /o/core/v1.1/reports

xxxxxxxxxx
 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/core/v1.1/reports' \ --data '{  "filter": {    "deployment_ids": [      "deployment_id"    ],    "group_ids": [      "group_id"    ],    "status": [      "Blocked"    ],    "request_type": [      "batch"    ]  },  "start_time": 1742703112000,  "end_time": 174270311400,  "limit": 50,  "token": "6819ccd29a4319e83b45d811"}'
Copy

Responses

200

Successful response

object	object
token	string	Pagination token
data	array[object]
timestamp	long	timestamp when the report occurs
user	string	MD Core's user associated with an API Key used to scan the file
file_name	string	file name
status	string	status
result	string	result
data_id	string
parent_data_id	string
workflow	string	workflow
sha256	string	sha256 of the file
deployment_id	string	deployment ID
request_type	string
progress_percent	integer
start_time	integer
file_size	integer
upload_time_ms	integer
processing_time_ms	integer
incident_types	array[string]
verdicts	array[string]
actions	array[string]
parent_session_ids	array[string]
instance_id	string
clients	array[object]
file_type	object

Expand

Response

xxxxxxxxxx
 
{ "data": [  {   "timestamp": 1747123853000,   "user": "LOCAL/admin",   "file_name": "test_big_for_timeout_engine.pdf",   "status": "Allowed",   "result": "No Threat Detected",   "data_id": "e310ba0080004e8fad64d66b0f4d62fd",   "parent_data_id": "ea4bc896c20246a79c85ead79b882fe6",   "workflow": "DLP-12",   "sha256": "adc12be16eda5b61f03056421af9258f4b1752a4105ef420222cddbf3d2ce9d0",   "deployment_id": "MSCWmLS5v3simfrYBoy2w2EumpBiTH3LTaMo",   "request_type": "extracted",   "progress_percent": 100,   "start_time": 1754903172576,   "file_size": 168054784,   "upload_time_ms": 123,   "processing_time_ms": 129,   "incident_types": [],   "verdicts": [    "No Threat Detected"   ],   "actions": [],   "parent_session_ids": [    "ea4bc896c20246a79c85ead79b882fe6"   ],   "instance_id": "68c38fdc303d00236b6496da",   "clients": [    {     "deployment_id": "MDMV0Mwr1b5aVRCtMGLTSNqW2uUTUjSd1qf",     "user_name": "Guest",     "product_type": "MetaDefender Kiosk",     "session_id": "E1BF07D2-FC96-45F3-BF41-19C94C9F1E23",     "version": "4.7.9.4298",     "host": "CM10",     "timestamp": 1757911925652    }   ],   "file_type": {    "key": "application/x-msi",    "description": "Microsoft Windows Installer"   }  } ], "token": "6822fe8d9a4319e83b45deaa"}
Copy

Get MetaDefender Core Instances

Retrieve MetaDefender Core instances.

Auth

Request Body

object	object
limit	integer	Maximum number of devices to return. The value should be in [1,100].
page	integer	The specific page number from which instances will be returned
verbose	object
enabled	boolean	If verbose is set to true, the system returns statistical data about the processing history within the specified start_time and end_time
start_time	long	Specify a start time of the query's duration. The format should be Unix epoch time in milliseconds. The value must be greater than zero, and it must not exceed one year from the current date.
end_time	long	Specify an end time of the query's duration. The value must be a Unix epoch timestamp in milliseconds, greater than zero, and no more than 90 days after the start_date.
filter	object
deployment_ids	array[string]	List of deployment ID
group_ids	array[string]	List of group ID
tags	array[object]
key	string
value	string

POST /o/core/v1/instances

xxxxxxxxxx
 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/core/v1/instances' \ --data '{  "filter": {    "deployment_ids": [      "deployment_id"    ],    "group_ids": [      "group_id"    ],    "tags": [      {        "key": "key1",        "value": "value1"      }    ]  },  "limit": 50,  "page": 1,  "verbose": {    "enabled": true,    "start_time": 1742703112000,    "end_time": 174270311400  }}'
Copy

Responses

200

Successful response

array	array[object]
id	string
name	string
deployment_id	string
status	string
health_status	string
version	string
group_id	string
group_name	string
public_ip	string
last_seen	string
last_reported	string
license	object
expiration	integer
type	string
tags	array[object]
key	string
value	string
verbose	object
total_processed_files	integer
total_blocked_files	integer
total_sanitized_files	integer
total_quarantined_files	integer
coo_detection	integer
spoofing	integer
vulnerabilities	integer
sensitive_data	integer
zero_day_protection	integer
threat_analysis	integer
oss_vulnerabilities	integer
insights_threat_intelligence	integer
known_good_bad	integer
threat_detection	integer

Expand

Response

xxxxxxxxxx
 
[ {  "id": "68662f2eb5976f1dbaf69ddd",  "name": "core123",  "deployment_id": "MSCWu1uAfJWLJpIzvs58ne2iX7u0xcu48ybX",  "status": "CONNECTED",  "health_status": "UNKNOWN",  "version": "1.1",  "group_id": "6821a8a06232820706a8e618",  "group_name": "Core 1",  "public_ip": "203.205.57.109",  "last_seen": 1751531661608,  "last_reported": 1751531661608,  "license": {   "expiration": 1751531661608,   "type": "BYOL"  },  "tags": [   {    "key": "key1",    "value": "value1"   }  ],  "verbose": {   "total_processed_files": 10,   "total_blocked_files": 1,   "total_sanitized_files": 1,   "total_quarantined_files": 1,   "coo_detection": 1,   "spoofing": 1,   "vulnerabilities": 1,   "sensitive_data": 0,   "zero_day_protection": 0,   "threat_analysis": 1,   "oss_vulnerabilities": 0,   "insights_threat_intelligence": 0,   "known_good_bad": 0,   "threat_detection": 0  } }]
Copy

Account

POST

/o/fusion/v1/account/inventory

Retrieve account inventory or a specific product inventory

Retrieve account inventory or a specific product inventory based on filter criteria. productTypes: MDD (MetaDefender Drive), KIOSK (MetaDefender Kiosk K-Series), MK5 (MetaDefender Kiosk L-Series), MDCORE (MetaDefender Core), MDICAP (MetaDefender ICAP Server)

Auth

Headers

Content-Type

string

application/json

Request Body

Root Type for filterProductTypes	object
filters	object
productTypes	array[string]

POST /o/fusion/v1/account/inventory

xxxxxxxxxx
 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/fusion/v1/account/inventory' \ --header 'Content-Type: {Content-Type}' \ --data '{  "filters": {    "productTypes": [      "MDD"    ]  }}'
Copy

Responses

200

Root Type for RetrieveAccountObj	array[object]
productName	string
productType	string	Enum: `MDCORE`
totalInstances	int32
connectivity	object
connected	int32
nolicense	int32
disconnected	int32
health	object
operational	int32
minorIssues	int32
criticalIssues	int32
unknown	int32
significantIssues	int32
blockerIssues	int32
version	array[object]
value	string
total	int32
status	string
license	object
expiredIn30Days	int32
expiredIn90Days	int32
expiredIn90PlusDays	int32
expired	int32
nolicense	int32

Response

xxxxxxxxxx
 
[ {  "productName": "MetaDefender Drive",  "productType": "MDD",  "totalInstances": 16,  "connectivity": {   "connected": 0,   "nolicense": 16,   "disconnected": 16  },  "health": {   "operational": 1,   "minorIssues": 0,   "criticalIssues": 0,   "unknown": 1,   "significantIssues": 0,   "blockerIssues": 0  },  "version": [   {    "value": "4.2.1.5300",    "total": 1,    "status": "BEHIND"   },   {    "value": "4.3.0.5580",    "total": 9,    "status": "SLIGHT_BEHIND"   },   {    "value": "4.3.2.6625",    "total": 1,    "status": "SLIGHT_BEHIND"   },   {    "value": "",    "total": 1,    "status": "MAJOR_BEHIND"   },   {    "value": "4.3.3.6974",    "total": 1,    "status": "SLIGHT_BEHIND"   },   {    "value": "4.3.4.7289",    "total": 1,    "status": "SLIGHT_BEHIND"   },   {    "value": "4.3.3.6937",    "total": 1,    "status": "SLIGHT_BEHIND"   },   {    "value": "4.1.1",    "total": 1,    "status": "BEHIND"   }  ],  "license": {   "expiredIn30Days": 0,   "expiredIn90Days": 0,   "expiredIn90PlusDays": 0,   "expired": 0,   "nolicense": 16  } }]
Copy

Expand

Meta Defender Kiosk

POST

/o/pmp/v1/scan-report/overview

GET

/o/pmp/v1/devices/{deviceId}/report/scan/{sessionId}

GET

/o/pmp/v1/kiosk/devices/{deviceId}

GET

/o/pmp/v1/kiosk/devices

Processing Overview from MetaDefender Kiosk instances

Retrieve processing overview from MetaDefender Kiosk K-Series and L-Series instances based on filter criteria over a specified time period

Auth

Headers

Content-Type

string

application/json

Request Body

Root Type for KioskOverviewReq	object
endTime	int32	timestamp in miliseconds
startTime	int32	timestamp in miliseconds
filters	object
instanceIds	array
groupIds	array
groupBy	string	Enum: `groups`,`instances`

POST /o/pmp/v1/scan-report/overview

xxxxxxxxxx
 
curl --request POST \ --url 'https://product.my.us.opswat.com/o/pmp/v1/scan-report/overview' \ --header 'Content-Type: {Content-Type}' \ --data '"{\r\n  \"endTime\": 1758326400000,\r\n  \"startTime\": 1755648000000,\r\n  \"filters\": {\r\n    \"instanceIds\": [\"MDMZhIzxPvr2Fx1qspktqY6JYwCQ17DA8XR\", \"MSCLKoY7nwNojbFGlYeqaldBrAqu6aLQ4ItQ\"],\r\n    \"groupIds\": []\r\n  },\r\n  \"groupBy\": \"instances\"\r\n}"'
Copy

Responses

200

Root Type for KioskResObj	object
numberOfSessions	int32	total number of scan sessions during the selected time period and based on the applied filters
numberOfFilesProcessed	int32
numberOfSessionsWithThreatsDetected	int32
numberOfThreatsFound	int32
numberOfFilesSanitized	int32
instances	array[object]	this array will be returned when groupBy is set to 'instances'
id	string
name	string
numberOfSessions	int32
numberOfFilesProcessed	int32
numberOfSessionsWithThreatsDetected	int32
numberOfThreatsFound	int32
numberOfFilesSanitized	int32

Response

xxxxxxxxxx
 
{ "numberOfSessions": 3, "numberOfFilesProcessed": 36, "numberOfSessionsWithThreatsDetected": 3, "numberOfThreatsFound": 13, "numberOfFilesSanitized": 5, "instances": [  {   "id": "MDMZhIzxPvr2Fx1qspktqY6JYwCQ17DA8XR",   "name": "MDMZhIzxPvr2Fx1qspktqY6JYwCQ17DA8XR",   "numberOfSessions": 2,   "numberOfFilesProcessed": 20,   "numberOfSessionsWithThreatsDetected": 2,   "numberOfThreatsFound": 12,   "numberOfFilesSanitized": 0  },  {   "id": "MSCLKoY7nwNojbFGlYeqaldBrAqu6aLQ4ItQ",   "name": "MSCLKoY7nwNojbFGlYeqaldBrAqu6aLQ4ItQ",   "numberOfSessions": 1,   "numberOfFilesProcessed": 16,   "numberOfSessionsWithThreatsDetected": 1,   "numberOfThreatsFound": 1,   "numberOfFilesSanitized": 5  } ]}
Copy

Get Kiosk session detail

Auth

GET /o/pmp/v1/devices/{deviceId}/report/scan/{sessionId}

xxxxxxxxxx
 
curl --get \ --url 'https://product.my.us.opswat.com/o/pmp/v1/devices/{deviceId}/report/scan/{sessionId}'
Copy

Responses

200

Root Type for GetKioskSessionDetailReq	object
deviceId	string
sessionId	string
malwareInfected	int32
vulnerableApp	int32
exploitProtection	int32
malwareSandbox	int32
cooViolation	int32
privacyViolation	int32
skippedFile	int32

Response

xxxxxxxxxx
 
{ "deviceId": "MDDqLGyr7cIPwEB8veBHSdTkYJ6Mdv3AloD", "sessionId": "2C640579-8F66-4D57-A4E9-5A7EBF9BDB3A", "malwareInfected": 93, "vulnerableApp": 0, "exploitProtection": 0, "malwareSandbox": 0, "cooViolation": 0, "privacyViolation": 0, "skippedFile": 0}
Copy

Get Kiosk Detail

Auth

GET /o/pmp/v1/kiosk/devices/{deviceId}

xxxxxxxxxx
 
curl --get \ --url 'https://product.my.us.opswat.com/o/pmp/v1/kiosk/devices/{deviceId}'
Copy

Responses

200

Root Type for GetKioskDetailRes	object
deviceId	string
productType	string
deviceName	string
healthStatus	string
statusMessages	array[string]
modelId	string
hardwareVersionId	string
deviceType	string
agentVersion	string
isRequired	boolean
publicIp	string
location	string
groupId	string
groupName	string
policyId	string
groupPolicyId	string
groupPolicyName	string
lastSeen	int32
enrolledAt	int32
lastReport	int32
tags	array
coreInfo	object
coreDeploymentId	string
coreVersion	string
coreId	string
coreName	string
isCoreEnrolled	boolean
geolocation	object
coordinates	object
latitude	string
longitude	string
country	object
friendlyName	string
iso2Code	string
properties	object
biosVersion	string
hardware	object
manufacturer	string
model	string
serialNumber	string
network	array[object]
adapterName	string
ipv4	string
macAddress	string
hostName	string
kioskVersion	string
osInfo	string
hardenedImageVersion	string
configurationStatus	object
status	string
lastFetched	int32

Expand

Response

xxxxxxxxxx
 
{ "deviceId": "MDDqLGyr7cIPwEB8veBHSdTkYJ6Mdv3AloD", "productType": "KIOSK", "deviceName": "MDDqLGyr7cIPwEB8veBHSdTkYJ6Mdv3AloD", "healthStatus": "500", "statusMessages": [  "Unknown" ], "modelId": "kiosk-mobile", "hardwareVersionId": "k2100-dell-7220", "deviceType": "kiosk", "agentVersion": "4.7.7.3797", "isRequired": true, "publicIp": "119.82.139.107", "location": "", "groupId": "KIOSKc886bc61-efff-4fdc-826a-21aa84cc6b6f", "groupName": "Default Kiosk Windows", "policyId": "", "groupPolicyId": "0350ec4e-95ce-4642-a0b2-c67259b551e5", "groupPolicyName": "Kiosk 4.7.5.3231", "lastSeen": 1755602542175, "enrolledAt": 1755601825203, "lastReport": 0, "tags": [], "coreInfo": {  "coreDeploymentId": "DEVICE_02",  "coreVersion": "5.15.0",  "coreId": "",  "coreName": "",  "isCoreEnrolled": false }, "geolocation": {  "coordinates": {   "latitude": "106.684879",   "longitude": "10.769970"  },  "country": {   "friendlyName": "Vietnam",   "iso2Code": "VN"  } }, "properties": {  "biosVersion": "1.6.0",  "hardware": {   "manufacturer": "Dell Inc.",   "model": "Latitude 5450",   "serialNumber": "46KR444"  },  "network": [   {    "adapterName": "Intel(R) Ethernet Connection (18) I219-LM",    "ipv4": "10.40.51.50",    "macAddress": "28:00:AF:60:4C:38"   }  ],  "hostName": "LE11-D9532",  "kioskVersion": "4.7.7.3797",  "osInfo": "Windows 11 Enterprise (24H2, Build 26100.4351)",  "hardenedImageVersion": "25.03.0" }, "configurationStatus": {  "status": "unknown",  "lastFetched": 0 }}
Copy

Expand

Get Kiosk List

Auth

GET /o/pmp/v1/kiosk/devices

xxxxxxxxxx
 
curl --get \ --url 'https://product.my.us.opswat.com/o/pmp/v1/kiosk/devices'
Copy

Responses

200

Root Type for GetKioskListRes	object
total	int32
items	array[object]
deviceID	string
deviceName	string
modelID	string
HardwareVersionID	string
deviceType	string
productType	string
os	string
username	string
groupName	string
location	string
version	string
localIP	string
lastSeen	int32
isRequired	boolean
healthStatus	string
statusMessages	array[string]
productStatus	string
scanSession	int32
tags	array
configurationStatus	object
status	string
lastFetched	int32
hardwareName	string
hardenedImageVersion	string
hardwareModel	string
hardwareSerialNumber	string
coreName	string
biosVersion	string

Expand

Response

xxxxxxxxxx
 
{ "total": 1, "items": [  {   "deviceID": "MDDqLGyr7cIPwEB8veBHSdTkYJ6Mdv3AloD",   "deviceName": "MDDqLGyr7cIPwEB8veBHSdTkYJ6Mdv3AloD",   "modelID": "kiosk-mobile",   "HardwareVersionID": "k2100-dell-7220",   "deviceType": "kiosk",   "productType": "KIOSK",   "os": "Windows 11 Enterprise (24H2, Build 26100.4351)",   "username": "",   "groupName": "Default Kiosk Windows",   "location": "",   "version": "4.7.7.3797",   "localIP": "10.40.51.50",   "lastSeen": 1755602542175,   "isRequired": true,   "healthStatus": "500",   "statusMessages": [    "Unknown"   ],   "productStatus": "Disconnected",   "scanSession": 0,   "tags": [],   "configurationStatus": {    "status": "",    "lastFetched": 0   },   "hardwareName": "Latitude 5450",   "hardenedImageVersion": "25.03.0",   "hardwareModel": "kiosk-mobile",   "hardwareSerialNumber": "46KR444",   "coreName": "DEVICE_02",   "biosVersion": "1.6.0"  } ]}
Copy

Direct Instance Management v10.2507.0

Direct Connection Support in CM10

How it works

Steps to make API requests

Authentication

Get Oauth API Token

Connection_management

GetConnection status

Close connection

Initiate Direct Instance Connection

Sending_requests

Sending Requests/Commands

Sending Requests or Commands to Product Instances

Pmp

Get PMP Report Details

Get PMP Reports

Update Yara rules and file hashes for MetaDefender Kiosk

Meta Defender Drive

Get MetaDefender Drive Reports

Get MetaDefender Drive Report Details

Meta Defender Core

Get MetaDefender Core Reports

Get MetaDefender Core Instances

Account

Retrieve account inventory or a specific product inventory

Meta Defender Kiosk

Processing Overview from MetaDefender Kiosk instances

Get Kiosk session detail

Get Kiosk Detail

Get Kiosk List

This Website Uses Cookies

Functional Cookies

Performance Cookies

Strictly Necessary Cookies

Targeting Cookies