Update User Details

Endpoint URL: https://<your server/rest/users/:username
Endpoint URI: users/:username

Action: PUT

Updates user details.

Note

Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.

Request Headers

You must add an Content-Type:application/json header with the request.

Note

If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.


Request Body

Input: JSON

Download JSON syntax file

Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.

{
   "username":"<user name>",
   "password":"<password>",
   "roles":["<role>","<role>","<role>"],
   "creationTime":1667834576988,
   "lastUpdateTime":1667834576988,
   "totpEnabled":true,
   "changePasswordOnNextLogin":true,
   "isDailyNotifications":true,
   "allowedLoginMethod":"PASSWORD",
   "groups":[]
}

Request Parameters

URL/URI parameters: You must provide the username parameter in the URL of the request.

Request Body Parameters: You must enter the following required parameters in the request body:

Field

Type

Description

username

String

The user name for the user to create. The value you enter here should be the same as the value you enter in the username parameter in the URL of the request.

password

String

The default password to use for the user.

roles

Enum

The possible roles for the user. Possible roles include:

  • analyst_l1 (Analyst L1)

  • analyst_l2 (Analyst L2)

  • analyst_l3 (Analyst L3)

  • analyst_hdl (HDL Analyst)

  • executive (Executive)

  • sys_admin (System Admin)

  • user_admin (User Admin)

  • api (API user)

  • responder (Responder L1)

  • policies_admin (Policy Admin)

  • sensor_admin_l1 (Sensor Admin L1)

  • local_analyst_l1 (Local Analyst L1)

  • local_analyst_l2 (Local Analyst L2)

  • responder_l2 (Responder L2)

  • sensors_viewer (Sensor Viewer)

  • local_responder (Local Responder)

The Sensor viewer role is disabled by default. Open a Technical Support case to enable this role.

creationTime

Integer

The time (in milliseconds) when the user was created.

lastUpdateTime

Integer

The time (in milliseconds) when the user details were last updated.

totpEnabled

Boolean

Indicates whether two-factor authentication (TFA) is enabled for this user.

changePasswordOnNextLogin

Boolean

Indicates whether to force the user to change their password the next time they log in.

isDailyNotifications

Boolean

Indicates whether notifications are enabled for this user.

allowedLoginMethod

Enum

The allowed login method for this user. Possible options include:

  • PASSWORD

  • SSO

In order to use the SSO option, you must enable SSO in your environment. For details on SSO authentication, see SSO Authentication in the Cybereason product documentation.

groups

String

A collection of the groups to which the user has privileges to view information. You only need to add the names of the groups to which this user has access if you assign the user the local_analyst_l1, local_analyst_l2, or local_responder roles.

Response Status Codes

This request can return the following status codes:

  • 200: Success OK with details on the operation


Response Success Schema

The response one of the following status messages:

  • success (Success)


Response Failure

The response one of the following status messages:

  • success (Success)

  • badUsername (Invalid username)

  • badBasicPassword (Invalid password when using the basic password complexity)

  • badStrictPassword (Invalid password when using the strict password complexity)

  • previousPassword (Password is the same as a previous password)

  • userExists (User already exists)

  • userNotChanged (No changes in user data)

  • userNotFound (Platform did not find the user)

  • staleUser (User marked as stale)

  • actionNotAllowed (Update action not allowed)

  • errorOccured (A general error occurred)

  • actionFailed (Creation action failed)

  • badTotpSid (The TFA secret key is not valid)

  • incorrectPassword (The password is not correct)

  • illegaleLocale (User locale is not valid)


Important Response Fields

You want to ensure that the request returns the success message.


Example: Update a user’s details

Request

curl --request POST \
    --url https://12.34.56.78/rest/users/[email protected] \
    --header 'Content-Type:application/json' \
    --data '{
               "username":"[email protected]",
               "password":"password",
               "roles":["analyst_l3","executive","analyst_hdl","policies_admin","sys_admin","system_viewer","user_admin","sensor_admin_l1","responder"],
               "creationTime":1667834576988,
               "lastUpdateTime":1667834576988,
               "totpEnabled":false,
               "changePasswordOnNextLogin":true,
               "isDailyNotifications":true,
               "allowedLoginMethod":"PASSWORD",
               "groups":[]
            }'

Response

"success"