Device Details v3.0

API version	3.0
Last Update	12/12/2017
Authentication	YES
HTTP Method	POST
Content Type	application/json
Rate limited	YES
Requests per rate limit	10/min
Response Format	JSON
Changes	05/23/2017: add one more parameter to response json, user_identity. 07/18/2017: add support verbose parameter in the json input 12/12/2017: add release_date parameter to each missing patch

Use to fetch device details by ID or MAC address.

API URL

Request Parameters

Key	Datatype	Parameter Type	Required	Description	Default
access_token	string	URL	Yes	access token which archived from OAuth authentication step
value	string	URL	Yes	The Device ID or MAC Address of a device you want to fetch information.
verbose	object	Body	Optional	Specify what information you are look for
verbose.categories	int	Body	Optional	Specify if categories issues the device has are included on the response Values can be: 0: not include 1: include	1
verbose.unclassified	int	Body	Optional	Only applicable for Wins/macOS devices Specify if unclassified applications are included on the response Values can be: 0: not include 1: include	0
verbose.mobile_apps	int	Body	Optional	Only applicable for iOS/Android devices Specify if installed applications are included on the response Values can be: 0: not include 1: include	0
verbose.detected_processes	int	Body	Optional	Only applicable for Linux devices Specify if running processes are included on the response Values can be: 0: not include 1: include	0
verbose.detected_packages	int	Body	Optional	Only applicable for Linux devices Specify if installed packages are included on the response Values can be: 0: not include 1: include	0
verbose.detected_patches	int	Body	Optional	Only applicable for wins/macOS devices Specify if missing OS patches are included on the response Values can be: 0: not include 1: include	0

Response HTTP Code

HTTP Code	Description
200	Success
401	Unauthorized. Your access_token is invalid or expired
404	Not found

Response Parameters

Key	Datatype	Description
device_id	string	Hardware ID of the device
status	string	status of device. Values are: compliant: device is in compliance with a policy which the device is assigned to on your account non-compliant: device is not in compliance with a policy which the device is assigned to on your account exempted: device is exempted out_of_license_usage: device is out of token usage. unknown: device is not installed MetaAccess agent ignored: device is not installed MetaAccess agent and ignored by an administrator
status_detail	object	status detail of device. Values are: agent_installed : 1 : device is installed MetaAccess agent 2 : device is not installed MetaAccess agent but detected by Network Discovery or Domain Controller agent 3 : device is not installed MetaAccess agent but detected by Network Discovery or Domain Controller agent and ignored by an administrator out_of_token: 0 :device is not out of token usage 1 :device is out of token usage exempted: 0: device is not exempted 1: device is exempted pending: 0: device reported to MetaAccess cloud 1: device has not been reported to MetaAccess cloud yet compliant : 0: device is non-compliance with policy 1: device is in compliance with policy quarantined : 0: device is not quarantined 1: device is quarantined
severity	string	Severity level. Values are critical: device has critical issues warning: device has warning issues no-issues: device doesn't have any issues
issue	object	Issue details on the device
issue.total_issues	int	Total issues of device
issue.total_critical_issues	int	Total critical issues of device
issue.total_warning_issues	int	Total warning issues of device
group_name	string	group name which a device is assigned to
agent_type	string	Type of agent Values: managed – Managed device dc - Domain controller device
device_name	string	Hostname of the device. It will get "<private>" value if it's a non-collectible to each fields which related to privacy.
nick_name	string	a nickname for the device which an administrator can update on the MetaAccess console
device_type	string	The type of the device
agent_version	string	Local resident MetaAccess agent version
oesis_version	string	SDK version which the agent is running
last_seen	string	The last timestamp in GMT format when the agent reports data to the Cloud
public_ip	string	public IP of the device in the last report
country	string	Region where the device IP geographically represents
user_identity	string	Custom user identity information. This is only available if the account enables "Enforce users enter custom information" on Advanced Setting tab on Global Settings
user_info	object	User information block
user_info.username	string	username who currently logs in. This field will be remove if it's set as privacy
user_info.domain	string	Currently logged in user domain
remediation_link	string	remediation page URL of the given device
categories	array<object>	Details of each posture category
categories.category_id	string	category ID which the current block stands for
categories.issue	int	Severity of the category based on the defined policy on your MetaAccess account. Values are: -1 - category is disabled 0 – no issues 1 – warning 2 – critical
categories.apps	array<object>	detailed products in a category
categories.apps.id	string	Product ID
categories.apps.name	string	Name of the product
categories.apps.vendor	string	Name of the product vendor
categories.apps.version	string	Product version
categories.apps.category_id	string	category ID of the product
categories.apps.health_status	array<object>	health information of the product
categories.apps.health_status.status	string	product compliance details
categories.apps.health_status.issue	int	Severity of the product based on the defined policy on your MetaAccess account Values are: -1 - Not an approved product 0 - no issues 1 - warning 2 - critical
unclassified	array<object>	Lists of unclassified products
unclassified.id	string	product ID
unclassified.name	string	product name
unclassified.vendor	string	product vendor
unclassified.version	string	product version
os_info	object	Operation system information
os_info.family	string	OS family
os_info.name	string	OS name
os_info.vendor	string	OS vendor
os_info.version	string	OS version
os_info.service_pack_version	string	OS Service Pack Version
os_info.architecture	string	OS architecture
os_info.os_language	string	OS language
os_info.user_password_set	int	If user password is set on OS, 1 is set, 0 is not set
network_info	array<object>	Network adapter information block
network_info.description	string	network card description
network_info.mac	string	Media Access Control (MAC) address of the network adapter.. This field will be remove if it's a non-collectible to each fields which related to privacy.
network_info.ipv4	string	IPv4 addresses associated with the network adapter. This field will be remove if it's a non-collectible to each fields which related to privacy.
network_info.ipv6	string	IPv6 addresses associated with the network adapter. This field will be remove if it's a non-collectible to each fields which related to privacy.
network_info.subnet_mask	string	the subnet mask associated with the current network adapter.
network_info.media_state	string	network card state
network_info.dhcp_enabled	string	DHCP enabled state of installed network adapter.
network_info.dhcp_obtained	string	(Optional)The timestamp in GMT format when the lease was obtained for the IP address assigned to the computer by the DHCP server.
network_info.dhcp_expires	string	(Optional)The expiration timestamp in GMT format for a leased IP address that was assigned to the computer by the DHCP server.
network_info.dhcp_server	string	(Optional)IP address of the dynamic host configuration protocol (DHCP) server.
network_info.adapter_enabled	string	Indicates whether the adapter is enabled or not.
network_info.default_gateway	string	(Optional)Array of IP addresses of default gateways that the computer system uses.
network_info.dns_addresses	array<string>	(Optional)Array of server IP addresses to be used in querying for DNS servers.
link_user	object	User is linked by admin (editable)
link_user.username	string	Username is linked to device by admin
link_user.group	string	Group is linked to device by admin
mobile_apps	array<object>	Only applicable for iOS/Android devices Lists of applications installed on the device
mobile_apps.name	string	application name
mobile_apps.vendor	string	application vendor
mobile_apps.community_rate	string	rating from community
mobile_apps.community_reviewer	string	number of community reviewers who reviewed the application
detected_processes	object	Only applicable for Linux devices Details about running processes on the device when the device reports data to MetaAccess cloud
detected_processes.total	int	number of running processes on the device when the device reports data to MetaAccess cloud
detected_processes.processes	array<object>	Lists of running processes on the device when the device reports data to MetaAccess cloud with details
detected_packages	object	Only applicable for Linux devices Details about packages installed on the device when the device reports data to MetaAccess cloud
detected_packages.total	int	number of packages installed on the device when the device reports data to MetaAccess cloud
detected_packages.processes	array<object>	Lists of packages installed on the device when the device reports data to MetaAccess cloud
detected_patches	object	Only applicable for Windows/macOS devices Details about missing patches on the device when the device reports data to MetaAccess cloud
detected_patches.timestamp	string	timestamp in GMT format when the device reports data to MetaAccess cloud
detected_patches.total	int	Total missing patches on the device when the device reports data to MetaAccess cloud
detected_patches.patches	array<object>	Lists of missing patches on the device when the device reports data to MetaAccess cloud
detected_patches.patches.category	string	The category of a missing patch: 'security_update', 'update_rollup', 'critical_update', 'update', 'driver', 'service_pack', 'unknown'.
detected_patches.patches.titles	string	The title of a missing patch.
detected_patches.patches.description	string	The description of a missing patch.
detected_patches.patches.product	string	The product missing this patch.
detected_patches.patches.vendor	string	(optional) The vendor of the product missing this patch
detected_patches.patches.severity	string	The severity of a missing patch: 'low', 'moderate', 'important', 'critical', 'unknown'.
detected_patches.patches.kb_name	string	(optional)The knowledge base article id of a missing patch. May duplicate security_update_id on some platforms.
detected_patches.patches.release_date	string	A timestamp in GMT format when a patch is released
infection	object	Details on threat detection
infection.metascan	object	Only applicable for Windows/macOS/Linux devices Infection information block which is detected by Metadefender Cloud
infection.metascan.total	int	Total infections which is detected by Metadefender Cloud
infection.metascan.issue	int	Status of Daily Metadefender Cloud anti-malware scan based on a device policy on your MetaAccess account Values are: -1 – category is disabled 0 – category doesnot have issues 1 – category has issues 2 – category has critical issues
infection.metascan.threats	array<object>	Lists of found threats
infection.metascan.threats.critical	int	Critical status of the threat Values are: 0 – not critical 1 – critical
infection.metascan.threats.scan_time	string	timestamp when found the threat
infection.metascan.threats.file	string	File was found the threat
infection.metascan.threats.hash	string	hash of the file
infection.metascan.threats.threat_name	string	Threat name
infection.metascan.threats.details	array<object>	threat details on each engine which detected the threat
infection.metascan.threats.details.threat_name	string	Threat name which detected on a specific engine
infection.metascan.threats.details.av_name	string	engine name
infection.antivirus	object	Only applicable for Windows/macOS devices Repeated threat details detected by local anti-malware applications
infection.antivirus.total	int	Total repeated threats which are detected by local anti-malware applications
infection.antivirus.issue	int	Status of repeated threats based on a device policy on your MetaAccess account Values are: -1 – category is disabled 0 – category doesnot have issues 1 – category has issues 2 – category has critical issues
infection.antivirus.threats	array<object>	Lists of repeated threats
infection.antivirus.threats.critical	int	Critical status of the threat Values are: 0 – not critical 1 – critical
infection.antivirus.threats.scan_time	string	Last timestamp when the threat was detected
infection.antivirus.threats.repeat	int	Number of times the threat was detected
infection.antivirus.threats.file	string	File was detected as a threat
infection.antivirus.threats.hash	string	hash of the file
infection.antivirus.threats.threat_name	string	threat name
infection.antivirus.threats.product_name	string	product name which detected the threat
infection.antivirus.threats.product_vendor	string	vendor name
infection.antivirus.threats.product_version	string	product version
infection.antivirus.threats.severity	string	threat severity
infection.antivirus.threats.action	string	The type of remediation ( unknown, cleaned, deleted, quarantined)
infection.ip_scanning	object	Only applicable for LINUX/MOBILE devices Details of daily scan for suspicious IP connections
infection.ip_scanning.total	int	Total of suspicious IPs
infection.ip_scanning.issue	int	Status of the suspicious IP based on a device policy on your MetaAccess account Values are: -1 – category is disabled 0 – category doesnot have issues 1 – category has issues
infection.ip_scanning.threats	array<object>	Lists of suspicious IPs
infection.ip_scanning.threats.geo_info	object	An object represents the geolocation of the suspicious IP
infection.ip_scanning.threats.geo_info.country_code	string	Region name of the network address (e.g., San Paulo)
infection.ip_scanning.threats.geo_info.city	string	Country name of the network address (e.g., Brazil)
infection.ip_scanning.threats.geo_info.country_name	string	Country name of the network address (e.g., BR)
infection.ip_scanning.threats.geo_info.region_name	string	Region code of the network address (e.g., 27)
infection.ip_scanning.threats.geo_info.region_code	string	City name of the network address (e.g., San Paulo)
infection.ip_scanning.threats.network_address	string	IP address of the suspicious IP
infection.ip_scanning.threats.status	string	indicates the scanning object is clear, dirty or in-progress
infection.ip_scanning.threats.total_source	int	number of total source
infection.ip_scanning.threats.threats	array<object>	details of IP connections
infection.ip_scanning.threats.threats.assessment	string	Type of threat detected
infection.ip_scanning.threats.threats.confident	string	Represents the reliability of the detection based on several factors. The higher the score, the more reliable the result.
infection.ip_scanning.threats.threats.source_name	string	Source of the feed, usually the domain where the feed is from (e.g., example.com )

Example

Example Request

Example Response

    
{  "device_id": "S6YE9I3DNJ4IFMP84LIGG8S8207R4E04",  "device_type": "desktop",  "device_name": "tle",  "nick_name": "tle-accounting",  "agent_version": "7.6.51.0",  "oesis_version": "4.2.1041.0",  "country": "US",  "last_seen": "2017-10-16T03:11:09Z",  "public_ip": "54.78.191.2",  "agent_type": "managed",  "remediation_link": ".../remediation.html",  "user_identity": "accounting",  "link_user": {    "username": "testinguser",    "group": "testinggroup"  },  "user_info": {    "username": "tle",    "domain": "INTL"  },  "network_info": [{    "description": "Intel(R) Ethernet Connection I217-LM",    "ipv4": "109.184.237.115",    "ipv6": "fe80::2d88:eab7:6001:6ec7",    "mac": "02:21:9b:06:4b:96",    "subnet_mask": "255.255.254.0",    "media_state": "connected",    "dhcp_enabled": "true",    "dhcp_obtained": "2015-10-16T03:11:09Z",    "dhcp_expires": "2015-10-16T03:11:09Z",    "dhcp_server": "171.64.7.111",    "adapter_enabled": "true",    "default_gateway": "171.65.76.1",    "dns_addresses": ["171.67.1.234", "171.64.1.234"]  }],  "os_info": {    "service_pack_version": "1.0",    "vendor": "Microsoft Corp.",    "family": "Windows",    "os_language": "English",    "name": "Microsoft Windows 7 Professional ",    "architecture": "64-bit",    "version": "6.1.7601",    "type": "windows"  },  "severity": "critical",  "status": "compliant",  "status_detail": {    "agent_installed": 1,    "out_of_token": 0,    "exempted": 0,    "pending": 0,    "compliant": 0,    "quarantined": 0  },  "group_name": "default",  "issue": {    "total_issue": 10,    "total_critical_issue": 3,    "total_warning_issue": 7  },  "categories": [{    "category_id": "Firewall",    "issue": 0,    "apps": [{      "id": "d609bfa8601edf0e8fcb6e919570204e",      "name": "Microsoft Windows Firewall",      "vendor": "Microsoft Corp.",      "version": "7",      "category_id": "Firewall",      "health_status": [{        "status": "Enabled",        "issue": 0      }],      "issue": 0    }]  }, {    "category_id": "Antivirus",    "issue": 1,    "apps": [{      "id": "a896b7b839ef62671314990f8d1d6794",      "name": "Microsoft Security Essentials",      "vendor": "Microsoft Corp.",      "version": "4.4.0304.0",      "health_status": [{        "status": "Real time protection is on",        "issue": 0      }, {        "status": "Virus definitions were updated within the last 3 days",        "issue": 0      }, {        "status": "A full system scan was run within the last week",        "issue": 0      }, {        "status": "35 threats detected within the last week",        "issue": 1      }],      "issue": 1    }]  }],  "unclassified": [{    "id": "d609bfa8601edf0e8fcb6e919570204e",    "name": "OPSWAT GEARS",    "vendor": "OPSWAT, Inc.",    "version": "7"  }],  "detected_patches": {    "timestamp": "May 25, 2016 2:04:42 AM",    "total": 500,    "patches": [{      "category": "security_update",      "title": "Cumulative Security Update for......",      "description": "A security issue has been identified in a Microsoft ....",      "product": "Windows 8",      "vendor": "Microsoft Corporation",      "severity": "critical",      "sev_num": 1,      "kb_name": "KB2900986",      "release_date": "2017-10-16T03:11:09Z",         }]  },  "infection": {    "metascan": {      "total": 100,      "issue": 1,      "threats": [{        "critical": 0,        "file": "C:\\ProgramData\\WindowsMangerProtect\\ProtectWindowsManager.exe",        "hash": "e152e3ea7c356cfed40306ff946233d0",        "scan_time": "2015-05-13T17:00:34Z",        "threat_name": "Generic6.WQW",        "details": [{          "threat_name": "ADWARE/ELEX.Gen",          "av_name": "ClamAV"        }]      }]    },    "antivirus": {      "total": 100,      "issue": 1,      "threats": [{        "critical": 0,        "file": "C:\\Windows\\KMSEmulator.exe",        "hash": "c53051184211d40f13e6d7876f5d9db1",        "scan_time": "2015-05-12T23:32:19Z",        "threat_name": "@ApplicUnwnt.Win32/HackKMS.A",        "repeat": 2,        "product_name": "ESET Endpoint Security",        "product_vendor": "ESET",        "product_version": "5.0.2211.0",        "severity": "0",        "action": "5",        "type": "0"      }]    }  }}
Copy

Example response for domain controller device

History

Version	URL
v2.6	Device Details v2.6
v2.5	Device Details v2.5
v2.4	Device Details v2.4
v2.3	Device Details v2.3
v2.2	Device Details v2.2
v2.1	Device Details v2.1

Last updated on

Was this page helpful?