Create Sensor Groups
Endpoint URL: https://<your server>/rest/groups
Endpoint URI: groups
Action: POST
Creates a sensor group to help organize sensors in your environment. You must have System Admin permissions to run requests.
You must be assigned the System Admin role and Sensor Admin L1 role (if your Cybereason environment uses sensor grouping) to send requests to this endpoint URL.
Note
Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.
Request Headers
You must add an Content-Type:application/json header with the request.
Note
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
Input: JSON
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
{
"name":"<your group name>",
"description":"<your description for the group>",
"groupAssignRule":{
"ruleType":"<rule criteria>",
"ruleOperator":"<operator>",
"ruleValues":["value"]
},
"policyId":"<policy ID>"
}
Note
The groupAssignRule object is supported for version 20.2.2 and later.
Request Parameters
URL/URI parameters: none
Request Body Parameters: You can provide any of the following parameters. The name parameter is required.
Field |
Type |
Description |
---|---|---|
name |
String |
A string with a name for the group. |
description |
String |
A string that describes the group. |
groupAssignRule |
Object |
An object that contains the automatic assignment rules for groups. This object is available in versions 20.2.2 and later. |
ruleType |
Enum |
The field (criteria) by which to assign fields. You can use one of the following values:
This field is available in versions 20.2.2 and later. |
ruleOperator |
Enum |
The operator to use for the ruleType key. The operator available differs depending on the value used for the ruleType key. This field is available in versions 20.2.2 and later. When using the organizationalUnit, machineName, or organization value for the ruleType key, use one of the following values for the ruleOperator key:
When using the internalIpAddress or externalIpAddress value for the ruleType key, use one of the following values for the ruleOperator key:
|
ruleValues |
Array |
The value to use for the ruleType key. Enter the string to use to match the sensors. If you use the internalIpAddress or externalIpAddress values for the ruleType key with the InRange or NotInRange values for the ruleOperator key, ensure you enter the IP addres with the format 123.123.0.0/4 (the IP address followed by a slash and the subnet information). This field is available in versions 20.2.2 and later. |
policyId |
String |
The unique identifier the Cybereason platform uses for a specific sensor policy. This field is available from versions 20.2.61 and later versions. |
Response Status Codes
This request can return the following status codes:
200: Success OK or an error message saying why
Response Success Schema
The response contains a groupId parameter with the unique ID the Cybereason platform assigns to the sensor group.
Response Failure Schema
None
Example: Create a sensor group (versions earlier than 20.2.20)
Request
curl --request POST \
--url https://12.34.56.78/rest/groups \
--header 'Content-Type:application/json' \
--data '{
"name":"Admin Linux machines",
"description":"All admin machines that run Linux"
}'
Response
{
"groupId":"f7249383-9bd2-4420-91aa-f0c8ff806a93"
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
Use this request body:
{
"name":"Admin Linux machines",
"description":"All admin machines that run Linux"
}
Response
{
"groupId":"f7249383-9bd2-4420-91aa-f0c8ff806a93"
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
endpoint_url = "/rest/groups"
api_url = base_url + endpoint_url
# These are the variables that represent different fields in the request.
group_name = "Admin Linux machines"
group_description = "All admin machines that run Linux"
query = json.dumps({"name":"Admin Linux machines","description":"All admin machines that run Linux"})
api_response = session.request("POST", api_url, data=query, headers=headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"groupId":"f7249383-9bd2-4420-91aa-f0c8ff806a93"
}
Example: Create a sensor group (versions 20.2.20 and later)
Request
curl --request POST \
--url https://12.34.56.78/rest/groups \
--header 'Content-Type:application/json' \
--data '{
"name":"Admin Windows machines",
"description":"All admin machines that run Windows",
"groupAssignRule":{"ruleType":"organizationalUnit","ruleOperator":"ContainsIgnoreCase","ruleValues":["abcde"]},
"policyId":"c75adb73-22b9-43a5-8362-92270c61770f"
}'
Response
{
"groupId":"f7249383-9bd2-4420-91aa-f0c8ff806a93"
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
Use this request body:
{
"name":"Admin Windows machines",
"description":"All admin machines that run Windows",
"groupAssignRule":{"ruleType":"organizationalUnit","ruleOperator":"ContainsIgnoreCase","ruleValues":["abcde"]},
"policyId":"c75adb73-22b9-43a5-8362-92270c61770f"
}
Response
{
"groupId":"f7249383-9bd2-4420-91aa-f0c8ff806a93"
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
endpoint_url = "/rest/groups"
api_url = base_url + endpoint_url
# These are the variables that represent different fields in the request.
group_name = "Admin Windows machines"
group_description = "All admin machines that run Windows"
assignment_criteria = "organizationalUnit"
operator = "ContainsIgnoreCase"
assignment_criteria_value = "abcde"
policy_id = "c75adb73-22b9-43a5-8362-92270c61770f"
query = json.dumps({"name":group_name,"description":group_description,"groupAssignRule":{"ruleType":assignment_criteria,"ruleOperator":operator,"ruleValues":[assignment_criteria_value]},"policyId":policy_id})
api_response = session.request("POST", api_url, data=query, headers=headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"groupId":"f7249383-9bd2-4420-91aa-f0c8ff806a93"
}