API

DTonomy provides a REST API web service to achieve full automation.

There’re 6 categories that process 6 different kind of data objects:

• Alert
• Alert Schema
• User
• Workflow
• Workflow Activity
• Workflow AI Assistance

Authorization

• First you need to set up authorization in http request by adding an Access Key to the header “Authorization”.

To find out the Access Key for your DTonomy instance, you need to log into the website, navigate to Settings => Profile, then click on the third tab of “ACCESS KEY”:

You can copy either the primary or the secondary key.

• Second you need to append the target tenant ID as a parameter at the end of request URL always, such as “?tenantId=*”

To find out the target tenant’s ID, you need to log into the website, navigate to Settings => Profile, then check the first tab of “USER PROFILE”:

Alert

Post an Alert (Legacy)

• URL: /api/agent/v1/event-data
• Method: POST
• Payload: Event object

Post an Alert

• URL: /api/agent/v1/event-data/postevents2
• Method: POST
• Payload: Event object

Get Alerts

• URL: /api/agent/v1/event-data/
• Method: GET

Update an Existing Alert

• URL: /api/agent/v1/event-data/
• Method: PUT

Get Alerts by Filter

• URL: /api/agent/v1/event-data/getEventFilterKey
• Method: GET

Delete an Alert

• URL: /api/agent/v1/event-data/deleteEvent
• Method: POST
• Payload: Event object

Get Alerts’ Count

• URL: /api/agent/v1/event-data/count
• Method: GET

Update an Alert List

• URL: /api/agent/v1/event-data/updateEventList
• Method: POST

Build Artificial Intelligence

• URL: /api/agent/v1/event-data/buildIntelligence
• Method: POST

Post a Comment

• URL: /api/agent/v1/event-data/comment
• Method: POST

Get Comments

• URL: /api/agent/v1/event-data/comment
• Method: GET

Create a Task

• URL: /api/agent/v1/event-data/task
• Method: POST

Create a Task from a Workflow

• URL: /api/agent/v1/event-data/task2
• Method: POST

Get Tasks

• URL: /api/agent/v1/event-data/task
• Method: GET

Update a Task

• URL: /api/agent/v1/event-data/task
• Method: PUT

Get a Pattern

• URL: /api/agent/v1/event-data/:patternId
• Method: GET

Get Similar Alerts

• URL: /api/agent/v1/event-data/similar
• Method: POST

Alert Schema

Get Alert Schemas

• URL: /api/agent/v1/event-data-schema
• Method: GET

Create an Alert Schema

• URL: /api/agent/v1/event-data-schema
• Method: POST

Get an Alert Schema by ID

• URL: /api/agent/v1/event-data-schema/:id
• Method: GET

Update an Alert Schema

• URL: /api/agent/v1/event-data-schema/:id
• Method: PUT

Get an Alert Schema by Name

• URL: /api/agent/v1/event-data-schema/:schemaName
• Method: GET

User

Get Users

• URL: /api/agent/v1/user
• Method: GET

Get Current User

• URL: /api/agent/v1/user/current
• Method: GET

Get Tenants

• URL: /api/agent/v1/user/tenants
• Method: GET

Get User Names

• URL: /api/agent/v1/user/names
• Method: GET

Create a User

• URL: /api/agent/v1/user
• Method: POST

Update a User

• URL: /api/agent/v1/user
• Method: PUT

Delete a User

• URL: /api/agent/v1/user/:id
• Method: DELETE

Workflow

Get a Workflow

• URL: /api/agent/v1/workflow
• Method: GET

Get Workflows

• URL: /api/agent/v1/workflow/flows
• Method: GET

Post Workflows

• URL: /api/agent/v1/workflow/flows
• Method: POST

Get Nodes by Category

• URL: /api/agent/v1/workflow/nodes
• Method: GET

Workflow Activity

Create a Workflow Activity

• URL: /api/agent/v1/workflow-activity
• Method: POST

Get Workflow Activities

• URL: /api/agent/v1/workflow-activity/:keyword?
• Method: GET

Workflow AI Assistance

Get Workflow AI Assistance

• URL: /api/agent/v1/workflow-ai-assistance
• Method: GET

Artifact

Add an Artifact

• URL: /api/agent/v1/artifact/addArtifact
• Method: POST
• Payload: Artifact object

Get the list of Artifacts

• URL: /api/agent/v1/artifact
• Method: GET

Find Artifacts by Name & Value

• URL: /api/agent/v1/artifact/findArtifactByNameValue
• Method: POST
• Payload: the search query such as:

{

“name”: “email”, “value”: “abc@xyz.com”

}

Find Artifacts by Name

• URL: /api/agent/v1/artifact/findArtifactByName
• Method: POST
• Payload: the search query such as:

{

“name”: “email”

}

Find Artifacts by Name and Detection Type

• URL: /api/agent/v1/artifact/findArtifactByNameWithDetection
• Method: POST
• Payload: the search query such as:

{

“name”: “email”, “detectionType”: “malicious”

}

Delete an Artifact

• URL: /api/agent/v1/artifact/delete/{{the artifact id to delete}}
• Method: GET