GRR Rapid Response API (3.4.9.2)

Download OpenAPI specification:Download

URL: https://github.com/google/grr License: Apache 2.0

GRR Rapid Response is an incident response framework focused on remote live forensics.

Clients

AddClientsLabels

Labels given clients with given labels.

Request Body schema: application/json

clientIds	Array of strings (protobuf2.TYPE_STRING)
labels	Array of strings (protobuf2.TYPE_STRING)

Responses

Request samples

Payload

Content type

application/json

{"clientIds": ["string"
],
"labels": ["string"
]
}

DeleteFleetspeakPendingMessages

No description.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

Responses

GetFleetspeakPendingMessages

No description.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

query Parameters

limit	string <uint64> (protobuf2.TYPE_UINT64)
offset	string <uint64> (protobuf2.TYPE_UINT64)
wantData	boolean (protobuf2.TYPE_BOOL)

Responses

GetClient

Get client with a given client id.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

query Parameters

timestamp

string <uint64>

RDF type is RDFDatetime and it represents the number of microseconds since epoch to a timestamp.

Responses

Response samples

200

Content type

application/json

{"clientId": "string",
"urn": "string",
"agentInfo": {"clientName": "string",
"clientVersion": 0,
"revision": "string",
"buildTime": "string",
"clientBinaryName": "string",
"clientDescription": "string",
"labels": ["string"
],
"timelineBtimeSupport": true,
"sandboxSupport": true
},
"hardwareInfo": {"serialNumber": "string",
"systemManufacturer": "string",
"systemProductName": "string",
"systemUuid": "string",
"systemSkuNumber": "string",
"systemFamily": "string",
"biosVendor": "string",
"biosVersion": "string",
"biosReleaseDate": "string",
"biosRomSize": "string",
"biosRevision": "string",
"systemAssettag": "string"
},
"osInfo": {"system": "string",
"node": "string",
"release": "string",
"version": "string",
"machine": "string",
"kernel": "string",
"fqdn": "string",
"installDate": "string",
"libcVer": "string",
"architecture": "string",
"pep425tag": "string"
},
"knowledgeBase": {"users": [{"username": "string",
"temp": "string",
"desktop": "string",
"lastLogon": "string",
"fullName": "string",
"userdomain": "string",
"sid": "string",
"userprofile": "string",
"appdata": "string",
"localappdata": "string",
"internetCache": "string",
"cookies": "string",
"recent": "string",
"personal": "string",
"startup": "string",
"localappdataLow": "string",
"homedir": "string",
"uid": 0,
"gid": 0,
"shell": "string",
"pwEntry": {"store": "UNKNOWN",
"hashType": "DES",
"age": 0,
"maxAge": 0
},
"gids": [0
]
}
],
"fqdn": "string",
"timeZone": "string",
"os": "string",
"osMajorVersion": 0,
"osMinorVersion": 0,
"environPath": "string",
"environTemp": "string",
"osRelease": "string",
"environAllusersappdata": "string",
"environAllusersprofile": "string",
"environCommonprogramfiles": "string",
"environCommonprogramfilesx86": "string",
"environComspec": "string",
"environDriverdata": "string",
"environProfilesdirectory": "string",
"environProgramfiles": "string",
"environProgramdata": "string",
"environProgramfilesx86": "string",
"environSystemdrive": "string",
"environSystemroot": "string",
"environWindir": "string",
"currentControlSet": "string",
"codePage": "string",
"domain": "string",
"deprecatedUsers": ["string"
]
},
"memorySize": "string",
"firstSeenAt": "string",
"lastSeenAt": "string",
"lastBootedAt": "string",
"lastClock": "string",
"lastCrashAt": "string",
"labels": [{"name": "string",
"owner": "string"
}
],
"interfaces": [{"macAddress": "string",
"ip4Addresses": ["string"
],
"ifname": "string",
"ip6Addresses": ["string"
],
"addresses": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
],
"dhcpLeaseExpires": "string",
"dhcpLeaseObtained": "string",
"dhcpServerList": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
],
"ipGatewayList": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
]
}
],
"volumes": [{"isMounted": true,
"name": "string",
"devicePath": "string",
"fileSystemType": "string",
"totalAllocationUnits": "string",
"sectorsPerAllocationUnit": "string",
"bytesPerSector": "string",
"actualAvailableAllocationUnits": "string",
"creationTime": "string",
"fileSystemFlagList": ["FILE_CASE_SENSITIVE_SEARCH"
],
"serialNumber": "string",
"windowsvolume": {"attributesList": ["READONLY"
],
"driveLetter": "string",
"driveType": "DRIVE_UNKNOWN"
},
"unixvolume": {"mountPoint": "string",
"options": "string"
}
}
],
"age": "string",
"cloudInstance": {"cloudType": "UNSET",
"google": {"uniqueId": "string",
"zone": "string",
"projectId": "string",
"instanceId": "string",
"hostname": "string",
"machineType": "string"
},
"amazon": {"instanceId": "string",
"amiId": "string",
"hostname": "string",
"publicHostname": "string",
"instanceType": "string"
}
},
"sourceFlowId": "string",
"rrgVersion": "string",
"rrgArgs": ["string"
]
}

GetClientVersionTimes

List available version-times of a client object with a given id.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"times": ["string"
]
}

GetClientVersions

Get different client versions in a given time range.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

query Parameters

end	string <uint64> RDF type is `RDFDatetime` and it represents the number of microseconds since epoch to a timestamp.
start	string <uint64> RDF type is `RDFDatetime` and it represents the number of microseconds since epoch to a timestamp.
mode	string Enum: "UNSET" "FULL" "DIFF" UNSET == 0 FULL == 1 DIFF == 2

Responses

Response samples

200

Content type

application/json

{"items": [{"clientId": "string",
"urn": "string",
"agentInfo": {"clientName": "string",
"clientVersion": 0,
"revision": "string",
"buildTime": "string",
"clientBinaryName": "string",
"clientDescription": "string",
"labels": ["string"
],
"timelineBtimeSupport": true,
"sandboxSupport": true
},
"hardwareInfo": {"serialNumber": "string",
"systemManufacturer": "string",
"systemProductName": "string",
"systemUuid": "string",
"systemSkuNumber": "string",
"systemFamily": "string",
"biosVendor": "string",
"biosVersion": "string",
"biosReleaseDate": "string",
"biosRomSize": "string",
"biosRevision": "string",
"systemAssettag": "string"
},
"osInfo": {"system": "string",
"node": "string",
"release": "string",
"version": "string",
"machine": "string",
"kernel": "string",
"fqdn": "string",
"installDate": "string",
"libcVer": "string",
"architecture": "string",
"pep425tag": "string"
},
"knowledgeBase": {"users": [{"username": "string",
"temp": "string",
"desktop": "string",
"lastLogon": "string",
"fullName": "string",
"userdomain": "string",
"sid": "string",
"userprofile": "string",
"appdata": "string",
"localappdata": "string",
"internetCache": "string",
"cookies": "string",
"recent": "string",
"personal": "string",
"startup": "string",
"localappdataLow": "string",
"homedir": "string",
"uid": 0,
"gid": 0,
"shell": "string",
"pwEntry": {"store": "UNKNOWN",
"hashType": "DES",
"age": 0,
"maxAge": 0
},
"gids": [0
]
}
],
"fqdn": "string",
"timeZone": "string",
"os": "string",
"osMajorVersion": 0,
"osMinorVersion": 0,
"environPath": "string",
"environTemp": "string",
"osRelease": "string",
"environAllusersappdata": "string",
"environAllusersprofile": "string",
"environCommonprogramfiles": "string",
"environCommonprogramfilesx86": "string",
"environComspec": "string",
"environDriverdata": "string",
"environProfilesdirectory": "string",
"environProgramfiles": "string",
"environProgramdata": "string",
"environProgramfilesx86": "string",
"environSystemdrive": "string",
"environSystemroot": "string",
"environWindir": "string",
"currentControlSet": "string",
"codePage": "string",
"domain": "string",
"deprecatedUsers": ["string"
]
},
"memorySize": "string",
"firstSeenAt": "string",
"lastSeenAt": "string",
"lastBootedAt": "string",
"lastClock": "string",
"lastCrashAt": "string",
"labels": [{"name": "string",
"owner": "string"
}
],
"interfaces": [{"macAddress": "string",
"ip4Addresses": ["string"
],
"ifname": "string",
"ip6Addresses": ["string"
],
"addresses": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
],
"dhcpLeaseExpires": "string",
"dhcpLeaseObtained": "string",
"dhcpServerList": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
],
"ipGatewayList": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
]
}
],
"volumes": [{"isMounted": true,
"name": "string",
"devicePath": "string",
"fileSystemType": "string",
"totalAllocationUnits": "string",
"sectorsPerAllocationUnit": "string",
"bytesPerSector": "string",
"actualAvailableAllocationUnits": "string",
"creationTime": "string",
"fileSystemFlagList": ["FILE_CASE_SENSITIVE_SEARCH"
],
"serialNumber": "string",
"windowsvolume": {"attributesList": ["READONLY"
],
"driveLetter": "string",
"driveType": "DRIVE_UNKNOWN"
},
"unixvolume": {"mountPoint": "string",
"options": "string"
}
}
],
"age": "string",
"cloudInstance": {"cloudType": "UNSET",
"google": {"uniqueId": "string",
"zone": "string",
"projectId": "string",
"instanceId": "string",
"hostname": "string",
"machineType": "string"
},
"amazon": {"instanceId": "string",
"amiId": "string",
"hostname": "string",
"publicHostname": "string",
"instanceType": "string"
}
},
"sourceFlowId": "string",
"rrgVersion": "string",
"rrgArgs": ["string"
]
}
]
}

GetFleetspeakPendingMessageCount

No description.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

Responses

GetInterrogateOperationState

Get state of a previously started interrogation.

path Parameters

operationId required	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"state": "RUNNING"
}

GetLastClientIPAddress

Get last known client IP address.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"ip": "string",
"info": "string",
"status": "UNKNOWN"
}

InterrogateClient

Initiate client interrogation.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"operationId": "string"
}

KillFleetspeak

No description.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

Request Body schema: application/json

force

boolean (protobuf2.TYPE_BOOL)

Responses

Request samples

Payload

Content type

application/json

{"force": true
}

ListClientCrashes

List crashes of a given client.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

query Parameters

offset	string <int64> (protobuf2.TYPE_INT64)
filter	string (protobuf2.TYPE_STRING)
count	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"clientId": "string",
"sessionId": "string",
"clientInfo": {"clientName": "string",
"clientVersion": 0,
"revision": "string",
"buildTime": "string",
"clientBinaryName": "string",
"clientDescription": "string",
"labels": ["string"
],
"timelineBtimeSupport": true,
"sandboxSupport": true
},
"timestamp": "string",
"crashType": "string",
"crashMessage": "string",
"backtrace": "string"
}
],
"totalCount": "string"
}

ListClientsLabels

List all available clients labels.

Responses

Response samples

200

Content type

application/json

{"items": [{"name": "string",
"owner": "string"
}
]
}

RemoveClientsLabels

Remove given labels from given clients.

Request Body schema: application/json

clientIds	Array of strings (protobuf2.TYPE_STRING)
labels	Array of strings (protobuf2.TYPE_STRING)

Responses

Request samples

Payload

Content type

application/json

{"clientIds": ["string"
],
"labels": ["string"
]
}

RestartFleetspeakGrrService

No description.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

Responses

SearchClients

Search for clients using a search query.

query Parameters

offset	string <int64> (protobuf2.TYPE_INT64)
query	string (protobuf2.TYPE_STRING)
count	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"clientId": "string",
"urn": "string",
"agentInfo": {"clientName": "string",
"clientVersion": 0,
"revision": "string",
"buildTime": "string",
"clientBinaryName": "string",
"clientDescription": "string",
"labels": ["string"
],
"timelineBtimeSupport": true,
"sandboxSupport": true
},
"hardwareInfo": {"serialNumber": "string",
"systemManufacturer": "string",
"systemProductName": "string",
"systemUuid": "string",
"systemSkuNumber": "string",
"systemFamily": "string",
"biosVendor": "string",
"biosVersion": "string",
"biosReleaseDate": "string",
"biosRomSize": "string",
"biosRevision": "string",
"systemAssettag": "string"
},
"osInfo": {"system": "string",
"node": "string",
"release": "string",
"version": "string",
"machine": "string",
"kernel": "string",
"fqdn": "string",
"installDate": "string",
"libcVer": "string",
"architecture": "string",
"pep425tag": "string"
},
"knowledgeBase": {"users": [{"username": "string",
"temp": "string",
"desktop": "string",
"lastLogon": "string",
"fullName": "string",
"userdomain": "string",
"sid": "string",
"userprofile": "string",
"appdata": "string",
"localappdata": "string",
"internetCache": "string",
"cookies": "string",
"recent": "string",
"personal": "string",
"startup": "string",
"localappdataLow": "string",
"homedir": "string",
"uid": 0,
"gid": 0,
"shell": "string",
"pwEntry": {"store": "UNKNOWN",
"hashType": "DES",
"age": 0,
"maxAge": 0
},
"gids": [0
]
}
],
"fqdn": "string",
"timeZone": "string",
"os": "string",
"osMajorVersion": 0,
"osMinorVersion": 0,
"environPath": "string",
"environTemp": "string",
"osRelease": "string",
"environAllusersappdata": "string",
"environAllusersprofile": "string",
"environCommonprogramfiles": "string",
"environCommonprogramfilesx86": "string",
"environComspec": "string",
"environDriverdata": "string",
"environProfilesdirectory": "string",
"environProgramfiles": "string",
"environProgramdata": "string",
"environProgramfilesx86": "string",
"environSystemdrive": "string",
"environSystemroot": "string",
"environWindir": "string",
"currentControlSet": "string",
"codePage": "string",
"domain": "string",
"deprecatedUsers": ["string"
]
},
"memorySize": "string",
"firstSeenAt": "string",
"lastSeenAt": "string",
"lastBootedAt": "string",
"lastClock": "string",
"lastCrashAt": "string",
"labels": [{"name": "string",
"owner": "string"
}
],
"interfaces": [{"macAddress": "string",
"ip4Addresses": ["string"
],
"ifname": "string",
"ip6Addresses": ["string"
],
"addresses": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
],
"dhcpLeaseExpires": "string",
"dhcpLeaseObtained": "string",
"dhcpServerList": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
],
"ipGatewayList": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
]
}
],
"volumes": [{"isMounted": true,
"name": "string",
"devicePath": "string",
"fileSystemType": "string",
"totalAllocationUnits": "string",
"sectorsPerAllocationUnit": "string",
"bytesPerSector": "string",
"actualAvailableAllocationUnits": "string",
"creationTime": "string",
"fileSystemFlagList": ["FILE_CASE_SENSITIVE_SEARCH"
],
"serialNumber": "string",
"windowsvolume": {"attributesList": ["READONLY"
],
"driveLetter": "string",
"driveType": "DRIVE_UNKNOWN"
},
"unixvolume": {"mountPoint": "string",
"options": "string"
}
}
],
"age": "string",
"cloudInstance": {"cloudType": "UNSET",
"google": {"uniqueId": "string",
"zone": "string",
"projectId": "string",
"instanceId": "string",
"hostname": "string",
"machineType": "string"
},
"amazon": {"instanceId": "string",
"amiId": "string",
"hostname": "string",
"publicHostname": "string",
"instanceType": "string"
}
},
"sourceFlowId": "string",
"rrgVersion": "string",
"rrgArgs": ["string"
]
}
]
}

VerifyAccess

Verifies if user has access to a client.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{ }

Vfs

BrowseFilesystem

List OS, TSK, NTFS files & directories in a given VFS directory.

In difference to ListFiles, this method lists all filesystem PathTypes
(OS, TSK, NTFS) at the same time. VFS specific prefixes like /fs/os can not
be specified - only actual paths like /etc/.

This method also allows querying the whole directory tree at once. This
allows quick loading of useful VFS data when deep-linking to a folder.

This method does not raise if a path is not found or points to a file
instead of a directory. Instead, no results are returned for this path. This
prevents alerts from firing when clients frequently access non-existent
paths.

Args:
  args: The request arguments.
  context: The API call context.

path Parameters

clientId required	string (protobuf2.TYPE_STRING)
path	string (protobuf2.TYPE_STRING)

query Parameters

timestamp	string <uint64> RDF type is `RDFDatetime` and it represents the number of microseconds since epoch to a timestamp.
includeDirectoryTree	boolean (protobuf2.TYPE_BOOL)

Responses

Response samples

200

Content type

application/json

{"items": [{"path": "string",
"children": [{"name": "string",
"path": "string",
"type": "string",
"stat": {"stMode": "string",
"stIno": "string",
"stDev": "string",
"stNlink": "string",
"stUid": 0,
"stGid": 0,
"stSize": "string",
"stAtime": "string",
"stMtime": "string",
"stCtime": "string",
"stBlocks": "string",
"stBlksize": "string",
"stRdev": "string",
"stFlagsOsx": 0,
"stFlagsLinux": 0,
"symlink": "string",
"registryType": "REG_NONE",
"resident": "string",
"pathspec": {"pathtype": "UNSET",
"path": "string",
"mountPoint": "string",
"streamName": "string",
"nestedPath": { },
"offset": "string",
"pathOptions": "CASE_INSENSITIVE",
"recursionDepth": "string",
"inode": "string",
"ntfsType": "TSK_FS_ATTR_TYPE_DEFAULT",
"ntfsId": "string",
"fileSizeOverride": "string",
"isVirtualroot": true,
"implementationType": "DEFAULT"
},
"registryData": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [{ }
]
},
"dict": {"dat": [{"k": null,
"v": null
}
]
},
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [{ }
]
},
"compression": "UNCOMPRESSED"
},
"stBtime": "string",
"extAttrs": [{"name": "string",
"value": "string"
}
]
},
"age": "string",
"isDirectory": true,
"hash": {"sha256": "string",
"sha1": "string",
"md5": "string",
"pecoffSha1": "string",
"pecoffMd5": "string",
"pecoffSha256": "string",
"signedData": [{"revision": "string",
"certType": "string",
"certificate": "string"
}
],
"numBytes": "string",
"sourceOffset": "string"
},
"lastCollected": "string",
"lastCollectedSize": "string",
"details": {"types": [{"name": "string",
"attributes": [{"name": null,
"values": [ ]
}
]
}
]
}
}
]
}
]
}

CreateVfsRefreshOperation

Start VFS refresh operation (refreshes a given VFS folder).

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

Request Body schema: application/json

filePath	string (protobuf2.TYPE_STRING)
maxDepth	string <uint64> (protobuf2.TYPE_UINT64)
notifyUser	boolean (protobuf2.TYPE_BOOL)

Responses

Request samples

Payload

Content type

application/json

{"filePath": "string",
"maxDepth": "string",
"notifyUser": true
}

Response samples

200

Content type

application/json

{"operationId": "string"
}

GetFileBlob

Get byte contents of a VFS file on a given client.

path Parameters

filePath required	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)

query Parameters

length	string <int64> (protobuf2.TYPE_INT64)
offset	string <int64> (protobuf2.TYPE_INT64)
timestamp	string <uint64> RDF type is `RDFDatetime` and it represents the number of microseconds since epoch to a timestamp.

Responses

GetFileDetails

Get details of a VFS file on a given client.

path Parameters

clientId required	string (protobuf2.TYPE_STRING)
filePath required	string (protobuf2.TYPE_STRING)

query Parameters

timestamp

string <uint64>

RDF type is RDFDatetime and it represents the number of microseconds since epoch to a timestamp.

Responses

Response samples

200

Content type

application/json

{"file": {"name": "string",
"path": "string",
"type": "string",
"stat": {"stMode": "string",
"stIno": "string",
"stDev": "string",
"stNlink": "string",
"stUid": 0,
"stGid": 0,
"stSize": "string",
"stAtime": "string",
"stMtime": "string",
"stCtime": "string",
"stBlocks": "string",
"stBlksize": "string",
"stRdev": "string",
"stFlagsOsx": 0,
"stFlagsLinux": 0,
"symlink": "string",
"registryType": "REG_NONE",
"resident": "string",
"pathspec": {"pathtype": "UNSET",
"path": "string",
"mountPoint": "string",
"streamName": "string",
"nestedPath": { },
"offset": "string",
"pathOptions": "CASE_INSENSITIVE",
"recursionDepth": "string",
"inode": "string",
"ntfsType": "TSK_FS_ATTR_TYPE_DEFAULT",
"ntfsId": "string",
"fileSizeOverride": "string",
"isVirtualroot": true,
"implementationType": "DEFAULT"
},
"registryData": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [{ }
]
},
"dict": {"dat": [{"k": { },
"v": { }
}
]
},
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [{ }
]
},
"compression": "UNCOMPRESSED"
},
"stBtime": "string",
"extAttrs": [{"name": "string",
"value": "string"
}
]
},
"age": "string",
"isDirectory": true,
"hash": {"sha256": "string",
"sha1": "string",
"md5": "string",
"pecoffSha1": "string",
"pecoffMd5": "string",
"pecoffSha256": "string",
"signedData": [{"revision": "string",
"certType": "string",
"certificate": "string"
}
],
"numBytes": "string",
"sourceOffset": "string"
},
"lastCollected": "string",
"lastCollectedSize": "string",
"details": {"types": [{"name": "string",
"attributes": [{"name": "string",
"values": [{"type": "string",
"age": "string",
"value": {"typeUrl": null,
"value": null
}
}
]
}
]
}
]
}
}
}

GetFileDownloadCommand

Get a command line that downloads given VFS file.

path Parameters

clientId required	string (protobuf2.TYPE_STRING)
filePath required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"command": "string"
}

GetFileText

Get text file contents of a VFS file on a given client.

path Parameters

filePath required	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)

query Parameters

encoding	string Enum: "BASE64_CODEC" "BIG5" "BIG5HKSCS" "CP037" "CP1006" "CP1026" "CP1140" "CP1250" "CP1251" "CP1252" "CP1253" "CP1254" "CP1255" "CP1256" "CP1257" "CP1258" "CP424" "CP437" "CP500" "CP737" "CP775" "CP850" "CP852" "CP855" "CP856" "CP857" "CP860" "CP861" "CP862" "CP863" "CP864" "CP865" "CP866" "CP869" "CP874" "CP875" "CP932" "CP949" "CP950" "IDNA" "ROT_13" "UTF_16" "UTF_16_BE" "UTF_16_LE" "UTF_32" "UTF_32_BE" "UTF_32_LE" "UTF_7" "UTF_8" "UTF_8_SIG" "UU_CODEC" "ZLIB_CODEC" BASE64_CODEC == 0 BIG5 == 1 BIG5HKSCS == 2 CP037 == 3 CP1006 == 4 CP1026 == 5 CP1140 == 6 CP1250 == 7 CP1251 == 8 CP1252 == 9 CP1253 == 10 CP1254 == 11 CP1255 == 12 CP1256 == 13 CP1257 == 14 CP1258 == 15 CP424 == 16 CP437 == 17 CP500 == 18 CP737 == 19 CP775 == 20 CP850 == 21 CP852 == 22 CP855 == 23 CP856 == 24 CP857 == 25 CP860 == 26 CP861 == 27 CP862 == 28 CP863 == 29 CP864 == 30 CP865 == 31 CP866 == 32 CP869 == 33 CP874 == 34 CP875 == 35 CP932 == 36 CP949 == 37 CP950 == 38 IDNA == 39 ROT_13 == 40 UTF_16 == 41 UTF_16_BE == 42 UTF_16_LE == 43 UTF_32 == 44 UTF_32_BE == 45 UTF_32_LE == 46 UTF_7 == 47 UTF_8 == 48 UTF_8_SIG == 49 UU_CODEC == 50 ZLIB_CODEC == 51
offset	string <int64> (protobuf2.TYPE_INT64)
length	string <int64> (protobuf2.TYPE_INT64)
timestamp	string <uint64> RDF type is `RDFDatetime` and it represents the number of microseconds since epoch to a timestamp.

Responses

Response samples

200

Content type

application/json

{"content": "string",
"totalSize": "string"
}

GetFileVersionTimes

Get available version times of a VFS file on a given client.

path Parameters

clientId required	string (protobuf2.TYPE_STRING)
filePath required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"times": ["string"
]
}

GetVfsFileContentUpdateState

Get state of a previously started content update operation.

path Parameters

clientId required	string (protobuf2.TYPE_STRING)
operationId required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"state": "RUNNING"
}

GetVfsFilesArchive

Get archive with files collected and stored in the VFS of a client.

path Parameters

filePath	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)

query Parameters

timestamp

string <uint64>

RDF type is RDFDatetime and it represents the number of microseconds since epoch to a timestamp.

Responses

GetVfsRefreshOperationState

Get state of a previously started VFS refresh operation.

path Parameters

clientId required	string (protobuf2.TYPE_STRING)
operationId required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"state": "RUNNING"
}

GetVfsTimeline

Get event timeline of VFS events for a given VFS path.

path Parameters

clientId required	string (protobuf2.TYPE_STRING)
filePath required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"items": [{"timestamp": "string",
"filePath": "string",
"action": "MODIFICATION"
}
]
}

GetVfsTimelineAsCsv

Get event timeline of VFS evetns for a given VFS path in CSV format.

path Parameters

filePath required	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)

query Parameters

format

string

Enum: "UNSET" "GRR" "BODY"

UNSET == 0 GRR == 1 BODY == 2

Responses

ListFiles

List files in a given VFS directory of a given client.

path Parameters

filePath	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)

query Parameters

offset	string <int64> (protobuf2.TYPE_INT64)
filter	string (protobuf2.TYPE_STRING)
count	string <int64> (protobuf2.TYPE_INT64)
directoriesOnly	boolean (protobuf2.TYPE_BOOL)
timestamp	string <uint64> RDF type is `RDFDatetime` and it represents the number of microseconds since epoch to a timestamp.

Responses

Response samples

200

Content type

application/json

{"items": [{"name": "string",
"path": "string",
"type": "string",
"stat": {"stMode": "string",
"stIno": "string",
"stDev": "string",
"stNlink": "string",
"stUid": 0,
"stGid": 0,
"stSize": "string",
"stAtime": "string",
"stMtime": "string",
"stCtime": "string",
"stBlocks": "string",
"stBlksize": "string",
"stRdev": "string",
"stFlagsOsx": 0,
"stFlagsLinux": 0,
"symlink": "string",
"registryType": "REG_NONE",
"resident": "string",
"pathspec": {"pathtype": "UNSET",
"path": "string",
"mountPoint": "string",
"streamName": "string",
"nestedPath": { },
"offset": "string",
"pathOptions": "CASE_INSENSITIVE",
"recursionDepth": "string",
"inode": "string",
"ntfsType": "TSK_FS_ATTR_TYPE_DEFAULT",
"ntfsId": "string",
"fileSizeOverride": "string",
"isVirtualroot": true,
"implementationType": "DEFAULT"
},
"registryData": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [{ }
]
},
"dict": {"dat": [{"k": { },
"v": { }
}
]
},
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [{ }
]
},
"compression": "UNCOMPRESSED"
},
"stBtime": "string",
"extAttrs": [{"name": "string",
"value": "string"
}
]
},
"age": "string",
"isDirectory": true,
"hash": {"sha256": "string",
"sha1": "string",
"md5": "string",
"pecoffSha1": "string",
"pecoffMd5": "string",
"pecoffSha256": "string",
"signedData": [{"revision": "string",
"certType": "string",
"certificate": "string"
}
],
"numBytes": "string",
"sourceOffset": "string"
},
"lastCollected": "string",
"lastCollectedSize": "string",
"details": {"types": [{"name": "string",
"attributes": [{"name": "string",
"values": [{"type": null,
"age": null,
"value": null
}
]
}
]
}
]
}
}
]
}

UpdateVfsFileContent

Create request for a new snapshot of the file.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

Request Body schema: application/json

filePath

string (protobuf2.TYPE_STRING)

Responses

Request samples

Payload

Content type

application/json

{"filePath": "string"
}

Response samples

200

Content type

application/json

{"operationId": "string"
}

Flows

CancelFlow

Stop given flow on a given client.

path Parameters

clientId required	string (protobuf2.TYPE_STRING)
flowId required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"urn": "string",
"flowId": "string",
"clientId": "string",
"name": "string",
"args": {"typeUrl": "string",
"value": "string"
},
"progress": {"typeUrl": "string",
"value": "string"
},
"resultMetadata": {"numResultsPerTypeTag": [{"type": "string",
"tag": "string",
"count": "string"
}
],
"isMetadataSet": true
},
"runnerArgs": {"clientId": "string",
"cpuLimit": "string",
"networkBytesLimit": "string",
"requestState": {"id": 0,
"tsId": "string",
"nextState": "string",
"status": {"status": "OK",
"errorMessage": "string",
"backtrace": "string",
"cpuTimeUsed": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"childSessionId": "string",
"networkBytesSent": "string",
"runtimeUs": "string"
},
"data": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [{ }
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [{ }
]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [{ }
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [{ }
]
},
"compression": "UNCOMPRESSED"
}
}
]
},
"responseCount": 0,
"transmissionCount": 0,
"clientId": "string",
"sessionId": "string",
"request": {"sessionId": "string",
"requestId": "string",
"responseId": "string",
"name": "string",
"payloadAny": {"typeUrl": "string",
"value": "string"
},
"args": "string",
"source": "string",
"authState": "UNAUTHENTICATED",
"type": "MESSAGE",
"ttl": 0,
"cpuLimit": 0,
"argsRdfName": "string",
"taskId": "string",
"taskTtl": 0,
"queue": "string",
"leasedUntil": "string",
"leasedBy": "string",
"networkBytesLimit": "string",
"timestamp": "string",
"runtimeLimitUs": "string"
}
},
"flowName": "string",
"writeIntermediateResults": true,
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"originalFlow": {"flowId": "string",
"clientId": "string"
}
},
"state": "RUNNING",
"errorDescription": "string",
"startedAt": "string",
"lastActiveAt": "string",
"creator": "string",
"isRobot": true,
"stateData": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"store": {"typeUrl": "string",
"value": "string"
},
"context": {"backtrace": "string",
"clientResources": {"clientId": "string",
"sessionId": "string",
"cpuUsage": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"networkBytesSent": "string"
},
"createTime": "string",
"creator": "string",
"currentState": "string",
"killTimestamp": "string",
"networkBytesSent": "string",
"nextOutboundId": "string",
"nextProcessedRequest": "string",
"outputPluginsStates": [{"pluginDescriptor": {"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
},
"pluginState": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": {"dat": [null
]
},
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": {"dat": [null
]
},
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
}
}
]
}
}
],
"outstandingRequests": "string",
"sessionId": "string",
"state": "RUNNING",
"status": "string"
},
"nestedFlows": [{ }
],
"originalFlow": {"flowId": "string",
"clientId": "string"
},
"internalError": "string"
}

CreateFlow

Start a new flow on a given client.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

Request Body schema: application/json

	object (grr.ApiFlow)
	object (grr.ApiFlowReference)

Responses

Request samples

Payload

Content type

application/json

{"flow": {"urn": "string",
"flowId": "string",
"clientId": "string",
"name": "string",
"args": {"typeUrl": "string",
"value": "string"
},
"progress": {"typeUrl": "string",
"value": "string"
},
"resultMetadata": {"numResultsPerTypeTag": [{"type": "string",
"tag": "string",
"count": "string"
}
],
"isMetadataSet": true
},
"runnerArgs": {"clientId": "string",
"cpuLimit": "string",
"networkBytesLimit": "string",
"requestState": {"id": 0,
"tsId": "string",
"nextState": "string",
"status": {"status": "OK",
"errorMessage": "string",
"backtrace": "string",
"cpuTimeUsed": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"childSessionId": "string",
"networkBytesSent": "string",
"runtimeUs": "string"
},
"data": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
}
}
]
},
"responseCount": 0,
"transmissionCount": 0,
"clientId": "string",
"sessionId": "string",
"request": {"sessionId": "string",
"requestId": "string",
"responseId": "string",
"name": "string",
"payloadAny": {"typeUrl": "string",
"value": "string"
},
"args": "string",
"source": "string",
"authState": "UNAUTHENTICATED",
"type": "MESSAGE",
"ttl": 0,
"cpuLimit": 0,
"argsRdfName": "string",
"taskId": "string",
"taskTtl": 0,
"queue": "string",
"leasedUntil": "string",
"leasedBy": "string",
"networkBytesLimit": "string",
"timestamp": "string",
"runtimeLimitUs": "string"
}
},
"flowName": "string",
"writeIntermediateResults": true,
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"originalFlow": {"flowId": "string",
"clientId": "string"
}
},
"state": "RUNNING",
"errorDescription": "string",
"startedAt": "string",
"lastActiveAt": "string",
"creator": "string",
"isRobot": true,
"stateData": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"store": {"typeUrl": "string",
"value": "string"
},
"context": {"backtrace": "string",
"clientResources": {"clientId": "string",
"sessionId": "string",
"cpuUsage": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"networkBytesSent": "string"
},
"createTime": "string",
"creator": "string",
"currentState": "string",
"killTimestamp": "string",
"networkBytesSent": "string",
"nextOutboundId": "string",
"nextProcessedRequest": "string",
"outputPluginsStates": [{"pluginDescriptor": {"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
},
"pluginState": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [ ]
},
"dict": {"dat": [ ]
},
"rdfValue": {"name": null,
"data": null
},
"float": 0,
"set": {"content": [ ]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [ ]
},
"dict": {"dat": [ ]
},
"rdfValue": {"name": null,
"data": null
},
"float": 0,
"set": {"content": [ ]
},
"compression": "UNCOMPRESSED"
}
}
]
}
}
],
"outstandingRequests": "string",
"sessionId": "string",
"state": "RUNNING",
"status": "string"
},
"nestedFlows": [{ }
],
"originalFlow": {"flowId": "string",
"clientId": "string"
},
"internalError": "string"
},
"originalFlow": {"flowId": "string",
"clientId": "string"
}
}

Response samples

200

Content type

application/json

{"urn": "string",
"flowId": "string",
"clientId": "string",
"name": "string",
"args": {"typeUrl": "string",
"value": "string"
},
"progress": {"typeUrl": "string",
"value": "string"
},
"resultMetadata": {"numResultsPerTypeTag": [{"type": "string",
"tag": "string",
"count": "string"
}
],
"isMetadataSet": true
},
"runnerArgs": {"clientId": "string",
"cpuLimit": "string",
"networkBytesLimit": "string",
"requestState": {"id": 0,
"tsId": "string",
"nextState": "string",
"status": {"status": "OK",
"errorMessage": "string",
"backtrace": "string",
"cpuTimeUsed": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"childSessionId": "string",
"networkBytesSent": "string",
"runtimeUs": "string"
},
"data": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [{ }
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [{ }
]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [{ }
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [{ }
]
},
"compression": "UNCOMPRESSED"
}
}
]
},
"responseCount": 0,
"transmissionCount": 0,
"clientId": "string",
"sessionId": "string",
"request": {"sessionId": "string",
"requestId": "string",
"responseId": "string",
"name": "string",
"payloadAny": {"typeUrl": "string",
"value": "string"
},
"args": "string",
"source": "string",
"authState": "UNAUTHENTICATED",
"type": "MESSAGE",
"ttl": 0,
"cpuLimit": 0,
"argsRdfName": "string",
"taskId": "string",
"taskTtl": 0,
"queue": "string",
"leasedUntil": "string",
"leasedBy": "string",
"networkBytesLimit": "string",
"timestamp": "string",
"runtimeLimitUs": "string"
}
},
"flowName": "string",
"writeIntermediateResults": true,
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"originalFlow": {"flowId": "string",
"clientId": "string"
}
},
"state": "RUNNING",
"errorDescription": "string",
"startedAt": "string",
"lastActiveAt": "string",
"creator": "string",
"isRobot": true,
"stateData": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"store": {"typeUrl": "string",
"value": "string"
},
"context": {"backtrace": "string",
"clientResources": {"clientId": "string",
"sessionId": "string",
"cpuUsage": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"networkBytesSent": "string"
},
"createTime": "string",
"creator": "string",
"currentState": "string",
"killTimestamp": "string",
"networkBytesSent": "string",
"nextOutboundId": "string",
"nextProcessedRequest": "string",
"outputPluginsStates": [{"pluginDescriptor": {"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
},
"pluginState": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": {"dat": [null
]
},
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": {"dat": [null
]
},
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
}
}
]
}
}
],
"outstandingRequests": "string",
"sessionId": "string",
"state": "RUNNING",
"status": "string"
},
"nestedFlows": [{ }
],
"originalFlow": {"flowId": "string",
"clientId": "string"
},
"internalError": "string"
}

ListFlows

List flows on a given client.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

query Parameters

offset	string <int64> (protobuf2.TYPE_INT64)
topFlowsOnly	boolean (protobuf2.TYPE_BOOL)
count	string <int64> (protobuf2.TYPE_INT64)
minStartedAt	string <uint64> RDF type is `RDFDatetime` and it represents the number of microseconds since epoch to a timestamp.
maxStartedAt	string <uint64> RDF type is `RDFDatetime` and it represents the number of microseconds since epoch to a timestamp.
humanFlowsOnly	boolean (protobuf2.TYPE_BOOL)

Responses

Response samples

200

Content type

application/json

{"items": [{"urn": "string",
"flowId": "string",
"clientId": "string",
"name": "string",
"args": {"typeUrl": "string",
"value": "string"
},
"progress": {"typeUrl": "string",
"value": "string"
},
"resultMetadata": {"numResultsPerTypeTag": [{"type": "string",
"tag": "string",
"count": "string"
}
],
"isMetadataSet": true
},
"runnerArgs": {"clientId": "string",
"cpuLimit": "string",
"networkBytesLimit": "string",
"requestState": {"id": 0,
"tsId": "string",
"nextState": "string",
"status": {"status": "OK",
"errorMessage": "string",
"backtrace": "string",
"cpuTimeUsed": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"childSessionId": "string",
"networkBytesSent": "string",
"runtimeUs": "string"
},
"data": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [ ]
},
"dict": { },
"rdfValue": {"name": null,
"data": null
},
"float": 0,
"set": {"content": [ ]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [ ]
},
"dict": { },
"rdfValue": {"name": null,
"data": null
},
"float": 0,
"set": {"content": [ ]
},
"compression": "UNCOMPRESSED"
}
}
]
},
"responseCount": 0,
"transmissionCount": 0,
"clientId": "string",
"sessionId": "string",
"request": {"sessionId": "string",
"requestId": "string",
"responseId": "string",
"name": "string",
"payloadAny": {"typeUrl": "string",
"value": "string"
},
"args": "string",
"source": "string",
"authState": "UNAUTHENTICATED",
"type": "MESSAGE",
"ttl": 0,
"cpuLimit": 0,
"argsRdfName": "string",
"taskId": "string",
"taskTtl": 0,
"queue": "string",
"leasedUntil": "string",
"leasedBy": "string",
"networkBytesLimit": "string",
"timestamp": "string",
"runtimeLimitUs": "string"
}
},
"flowName": "string",
"writeIntermediateResults": true,
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"originalFlow": {"flowId": "string",
"clientId": "string"
}
},
"state": "RUNNING",
"errorDescription": "string",
"startedAt": "string",
"lastActiveAt": "string",
"creator": "string",
"isRobot": true,
"stateData": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"store": {"typeUrl": "string",
"value": "string"
},
"context": {"backtrace": "string",
"clientResources": {"clientId": "string",
"sessionId": "string",
"cpuUsage": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"networkBytesSent": "string"
},
"createTime": "string",
"creator": "string",
"currentState": "string",
"killTimestamp": "string",
"networkBytesSent": "string",
"nextOutboundId": "string",
"nextProcessedRequest": "string",
"outputPluginsStates": [{"pluginDescriptor": {"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
},
"pluginState": {"dat": [{"k": {"integer": null,
"data": null,
"string": null,
"protoName": null,
"none": null,
"boolean": null,
"list": null,
"dict": null,
"rdfValue": null,
"float": null,
"set": null,
"compression": null
},
"v": {"integer": null,
"data": null,
"string": null,
"protoName": null,
"none": null,
"boolean": null,
"list": null,
"dict": null,
"rdfValue": null,
"float": null,
"set": null,
"compression": null
}
}
]
}
}
],
"outstandingRequests": "string",
"sessionId": "string",
"state": "RUNNING",
"status": "string"
},
"nestedFlows": [{ }
],
"originalFlow": {"flowId": "string",
"clientId": "string"
},
"internalError": "string"
}
]
}

ExplainGlobExpression

No description.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

Request Body schema: application/json

globExpression	string (protobuf2.TYPE_STRING)
exampleCount	number <uint32> (protobuf2.TYPE_UINT32)

Responses

Request samples

Payload

Content type

application/json

{"globExpression": "string",
"exampleCount": 0
}

Response samples

200

Content type

application/json

{"components": [{"globExpression": "string",
"examples": ["string"
]
}
]
}

GetCollectedTimeline

Exports results of a timeline flow to the specific format.

path Parameters

clientId required	string (protobuf2.TYPE_STRING)
flowId required	string (protobuf2.TYPE_STRING)
format required	string Enum: "UNSPECIFIED" "BODY" "RAW_GZCHUNKED" UNSPECIFIED == 0 BODY == 1 RAW_GZCHUNKED == 2

query Parameters

object (grr.ApiTimelineBodyOpts)

Responses

GetExportedFlowResults

Stream flow results using one of the instant output plugins.

path Parameters

pluginName required	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)
flowId required	string (protobuf2.TYPE_STRING)

Responses

GetFlow

Get flow details.

path Parameters

flowId required	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"urn": "string",
"flowId": "string",
"clientId": "string",
"name": "string",
"args": {"typeUrl": "string",
"value": "string"
},
"progress": {"typeUrl": "string",
"value": "string"
},
"resultMetadata": {"numResultsPerTypeTag": [{"type": "string",
"tag": "string",
"count": "string"
}
],
"isMetadataSet": true
},
"runnerArgs": {"clientId": "string",
"cpuLimit": "string",
"networkBytesLimit": "string",
"requestState": {"id": 0,
"tsId": "string",
"nextState": "string",
"status": {"status": "OK",
"errorMessage": "string",
"backtrace": "string",
"cpuTimeUsed": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"childSessionId": "string",
"networkBytesSent": "string",
"runtimeUs": "string"
},
"data": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [{ }
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [{ }
]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [{ }
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [{ }
]
},
"compression": "UNCOMPRESSED"
}
}
]
},
"responseCount": 0,
"transmissionCount": 0,
"clientId": "string",
"sessionId": "string",
"request": {"sessionId": "string",
"requestId": "string",
"responseId": "string",
"name": "string",
"payloadAny": {"typeUrl": "string",
"value": "string"
},
"args": "string",
"source": "string",
"authState": "UNAUTHENTICATED",
"type": "MESSAGE",
"ttl": 0,
"cpuLimit": 0,
"argsRdfName": "string",
"taskId": "string",
"taskTtl": 0,
"queue": "string",
"leasedUntil": "string",
"leasedBy": "string",
"networkBytesLimit": "string",
"timestamp": "string",
"runtimeLimitUs": "string"
}
},
"flowName": "string",
"writeIntermediateResults": true,
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"originalFlow": {"flowId": "string",
"clientId": "string"
}
},
"state": "RUNNING",
"errorDescription": "string",
"startedAt": "string",
"lastActiveAt": "string",
"creator": "string",
"isRobot": true,
"stateData": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"store": {"typeUrl": "string",
"value": "string"
},
"context": {"backtrace": "string",
"clientResources": {"clientId": "string",
"sessionId": "string",
"cpuUsage": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"networkBytesSent": "string"
},
"createTime": "string",
"creator": "string",
"currentState": "string",
"killTimestamp": "string",
"networkBytesSent": "string",
"nextOutboundId": "string",
"nextProcessedRequest": "string",
"outputPluginsStates": [{"pluginDescriptor": {"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
},
"pluginState": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": {"dat": [null
]
},
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": {"dat": [null
]
},
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
}
}
]
}
}
],
"outstandingRequests": "string",
"sessionId": "string",
"state": "RUNNING",
"status": "string"
},
"nestedFlows": [{ }
],
"originalFlow": {"flowId": "string",
"clientId": "string"
},
"internalError": "string"
}

GetFlowFilesArchive

Get ZIP or TAR.GZ archive with files downloaded by the flow.

path Parameters

clientId required	string (protobuf2.TYPE_STRING)
flowId required	string (protobuf2.TYPE_STRING)

query Parameters

archiveFormat

string

Enum: "ZIP" "TAR_GZ"

ZIP == 0 TAR_GZ == 1

Responses

GetFlowResultsExportCommand

Get export tool command to export flow results.

path Parameters

flowId required	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"command": "string"
}

GetOsqueryResults

Export Osquery results for a client and a flow in the specified format.

path Parameters

flowId required	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)
format required	string Enum: "UNSPECIFIED" "CSV" UNSPECIFIED == 0 CSV == 1

Responses

ListFlowLogs

List logs of the flow.

path Parameters

flowId required	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)

query Parameters

filter	string (protobuf2.TYPE_STRING)
offset	string <int64> (protobuf2.TYPE_INT64)
count	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"logMessage": "string",
"flowName": "string",
"flowId": "string",
"timestamp": "string"
}
],
"totalCount": "string"
}

ListFlowOutputPluginErrors

List output plugin errors of the flow.

path Parameters

flowId required	string (protobuf2.TYPE_STRING)
pluginId required	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)

query Parameters

offset	string <int64> (protobuf2.TYPE_INT64)
count	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"status": "SUCCESS",
"pluginDescriptor": {"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
},
"summary": "string",
"batchIndex": "string",
"batchSize": "string"
}
],
"totalCount": "string"
}

ListFlowOutputPluginLogs

List output plugin logs of the flow.

path Parameters

flowId required	string (protobuf2.TYPE_STRING)
pluginId required	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)

query Parameters

count	string <int64> (protobuf2.TYPE_INT64)
offset	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"status": "SUCCESS",
"pluginDescriptor": {"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
},
"summary": "string",
"batchIndex": "string",
"batchSize": "string"
}
],
"totalCount": "string"
}

ListFlowOutputPlugins

List output plugins used by the flow.

path Parameters

clientId required	string (protobuf2.TYPE_STRING)
flowId required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"items": [{"id": "string",
"pluginDescriptor": {"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
},
"state": {"typeUrl": "string",
"value": "string"
}
}
]
}

ListFlowRequests

List pending action requests of a given flow on a given client.

path Parameters

clientId required	string (protobuf2.TYPE_STRING)
flowId required	string (protobuf2.TYPE_STRING)

query Parameters

count	string <int64> (protobuf2.TYPE_INT64)
offset	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"requestId": "string",
"requestState": {"id": 0,
"tsId": "string",
"nextState": "string",
"status": {"status": "OK",
"errorMessage": "string",
"backtrace": "string",
"cpuTimeUsed": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"childSessionId": "string",
"networkBytesSent": "string",
"runtimeUs": "string"
},
"data": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
}
}
]
},
"responseCount": 0,
"transmissionCount": 0,
"clientId": "string",
"sessionId": "string",
"request": {"sessionId": "string",
"requestId": "string",
"responseId": "string",
"name": "string",
"payloadAny": {"typeUrl": "string",
"value": "string"
},
"args": "string",
"source": "string",
"authState": "UNAUTHENTICATED",
"type": "MESSAGE",
"ttl": 0,
"cpuLimit": 0,
"argsRdfName": "string",
"taskId": "string",
"taskTtl": 0,
"queue": "string",
"leasedUntil": "string",
"leasedBy": "string",
"networkBytesLimit": "string",
"timestamp": "string",
"runtimeLimitUs": "string"
}
},
"responses": [{"sessionId": "string",
"requestId": "string",
"responseId": "string",
"name": "string",
"payloadAny": {"typeUrl": "string",
"value": "string"
},
"args": "string",
"source": "string",
"authState": "UNAUTHENTICATED",
"type": "MESSAGE",
"ttl": 0,
"cpuLimit": 0,
"argsRdfName": "string",
"taskId": "string",
"taskTtl": 0,
"queue": "string",
"leasedUntil": "string",
"leasedBy": "string",
"networkBytesLimit": "string",
"timestamp": "string",
"runtimeLimitUs": "string"
}
]
}
]
}

ListFlowResults

List results of a given flow on a given client.

path Parameters

clientId required	string (protobuf2.TYPE_STRING)
flowId required	string (protobuf2.TYPE_STRING)

query Parameters

filter	string (protobuf2.TYPE_STRING)
withType	string (protobuf2.TYPE_STRING)
offset	string <int64> (protobuf2.TYPE_INT64)
withTag	string (protobuf2.TYPE_STRING)
count	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"payload": {"typeUrl": "string",
"value": "string"
},
"timestamp": "string",
"tag": "string"
}
],
"totalCount": "string"
}

ListScheduledFlows

Lists all scheduled flows from a user on a client.

path Parameters

creator required	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"scheduledFlows": [{"scheduledFlowId": "string",
"clientId": "string",
"creator": "string",
"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"runnerArgs": {"clientId": "string",
"cpuLimit": "string",
"networkBytesLimit": "string",
"requestState": {"id": 0,
"tsId": "string",
"nextState": "string",
"status": {"status": "OK",
"errorMessage": "string",
"backtrace": "string",
"cpuTimeUsed": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"childSessionId": "string",
"networkBytesSent": "string",
"runtimeUs": "string"
},
"data": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [ ]
},
"dict": { },
"rdfValue": {"name": null,
"data": null
},
"float": 0,
"set": {"content": [ ]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [ ]
},
"dict": { },
"rdfValue": {"name": null,
"data": null
},
"float": 0,
"set": {"content": [ ]
},
"compression": "UNCOMPRESSED"
}
}
]
},
"responseCount": 0,
"transmissionCount": 0,
"clientId": "string",
"sessionId": "string",
"request": {"sessionId": "string",
"requestId": "string",
"responseId": "string",
"name": "string",
"payloadAny": {"typeUrl": "string",
"value": "string"
},
"args": "string",
"source": "string",
"authState": "UNAUTHENTICATED",
"type": "MESSAGE",
"ttl": 0,
"cpuLimit": 0,
"argsRdfName": "string",
"taskId": "string",
"taskTtl": 0,
"queue": "string",
"leasedUntil": "string",
"leasedBy": "string",
"networkBytesLimit": "string",
"timestamp": "string",
"runtimeLimitUs": "string"
}
},
"flowName": "string",
"writeIntermediateResults": true,
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"originalFlow": {"flowId": "string",
"clientId": "string"
}
},
"createTime": "string",
"error": "string"
}
]
}

ScheduleFlow

Schedules a flow on a client, to be started upon approval grant.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

Request Body schema: application/json

	object (grr.ApiFlow)
	object (grr.ApiFlowReference)

Responses

Request samples

Payload

Content type

application/json

{"flow": {"urn": "string",
"flowId": "string",
"clientId": "string",
"name": "string",
"args": {"typeUrl": "string",
"value": "string"
},
"progress": {"typeUrl": "string",
"value": "string"
},
"resultMetadata": {"numResultsPerTypeTag": [{"type": "string",
"tag": "string",
"count": "string"
}
],
"isMetadataSet": true
},
"runnerArgs": {"clientId": "string",
"cpuLimit": "string",
"networkBytesLimit": "string",
"requestState": {"id": 0,
"tsId": "string",
"nextState": "string",
"status": {"status": "OK",
"errorMessage": "string",
"backtrace": "string",
"cpuTimeUsed": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"childSessionId": "string",
"networkBytesSent": "string",
"runtimeUs": "string"
},
"data": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
}
}
]
},
"responseCount": 0,
"transmissionCount": 0,
"clientId": "string",
"sessionId": "string",
"request": {"sessionId": "string",
"requestId": "string",
"responseId": "string",
"name": "string",
"payloadAny": {"typeUrl": "string",
"value": "string"
},
"args": "string",
"source": "string",
"authState": "UNAUTHENTICATED",
"type": "MESSAGE",
"ttl": 0,
"cpuLimit": 0,
"argsRdfName": "string",
"taskId": "string",
"taskTtl": 0,
"queue": "string",
"leasedUntil": "string",
"leasedBy": "string",
"networkBytesLimit": "string",
"timestamp": "string",
"runtimeLimitUs": "string"
}
},
"flowName": "string",
"writeIntermediateResults": true,
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"originalFlow": {"flowId": "string",
"clientId": "string"
}
},
"state": "RUNNING",
"errorDescription": "string",
"startedAt": "string",
"lastActiveAt": "string",
"creator": "string",
"isRobot": true,
"stateData": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"store": {"typeUrl": "string",
"value": "string"
},
"context": {"backtrace": "string",
"clientResources": {"clientId": "string",
"sessionId": "string",
"cpuUsage": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"networkBytesSent": "string"
},
"createTime": "string",
"creator": "string",
"currentState": "string",
"killTimestamp": "string",
"networkBytesSent": "string",
"nextOutboundId": "string",
"nextProcessedRequest": "string",
"outputPluginsStates": [{"pluginDescriptor": {"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
},
"pluginState": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [ ]
},
"dict": {"dat": [ ]
},
"rdfValue": {"name": null,
"data": null
},
"float": 0,
"set": {"content": [ ]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [ ]
},
"dict": {"dat": [ ]
},
"rdfValue": {"name": null,
"data": null
},
"float": 0,
"set": {"content": [ ]
},
"compression": "UNCOMPRESSED"
}
}
]
}
}
],
"outstandingRequests": "string",
"sessionId": "string",
"state": "RUNNING",
"status": "string"
},
"nestedFlows": [{ }
],
"originalFlow": {"flowId": "string",
"clientId": "string"
},
"internalError": "string"
},
"originalFlow": {"flowId": "string",
"clientId": "string"
}
}

Response samples

200

Content type

application/json

{"scheduledFlowId": "string",
"clientId": "string",
"creator": "string",
"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"runnerArgs": {"clientId": "string",
"cpuLimit": "string",
"networkBytesLimit": "string",
"requestState": {"id": 0,
"tsId": "string",
"nextState": "string",
"status": {"status": "OK",
"errorMessage": "string",
"backtrace": "string",
"cpuTimeUsed": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"childSessionId": "string",
"networkBytesSent": "string",
"runtimeUs": "string"
},
"data": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [{ }
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [{ }
]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [{ }
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [{ }
]
},
"compression": "UNCOMPRESSED"
}
}
]
},
"responseCount": 0,
"transmissionCount": 0,
"clientId": "string",
"sessionId": "string",
"request": {"sessionId": "string",
"requestId": "string",
"responseId": "string",
"name": "string",
"payloadAny": {"typeUrl": "string",
"value": "string"
},
"args": "string",
"source": "string",
"authState": "UNAUTHENTICATED",
"type": "MESSAGE",
"ttl": 0,
"cpuLimit": 0,
"argsRdfName": "string",
"taskId": "string",
"taskTtl": 0,
"queue": "string",
"leasedUntil": "string",
"leasedBy": "string",
"networkBytesLimit": "string",
"timestamp": "string",
"runtimeLimitUs": "string"
}
},
"flowName": "string",
"writeIntermediateResults": true,
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"originalFlow": {"flowId": "string",
"clientId": "string"
}
},
"createTime": "string",
"error": "string"
}

UnscheduleFlow

Unschedules and deletes a previously scheduled flow.

path Parameters

scheduledFlowId required	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{ }

UploadYaraSignature

No description.

Request Body schema: application/json

signature

string (protobuf2.TYPE_STRING)

Responses

Request samples

Payload

Content type

application/json

{"signature": "string"
}

Response samples

200

Content type

application/json

{"blobId": "string"
}

Hunts

CountHuntResultsByType

Count all hunt results by type.

path Parameters

huntId

required

string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"items": [{"type": "string",
"count": "string"
}
]
}

CreateHunt

Create a new hunt.

Request Body schema: application/json

flowName	string (protobuf2.TYPE_STRING)
	object (google.protobuf.Any)
	object (grr.HuntRunnerArgs)
	object (grr.ApiFlowReference)
	object (grr.ApiHuntReference)

Responses

Request samples

Payload

Content type

application/json

{"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"originalFlow": {"flowId": "string",
"clientId": "string"
},
"originalHunt": {"huntId": "string"
}
}

Response samples

200

Content type

application/json

{"urn": "string",
"huntId": "string",
"huntType": "UNSET",
"name": "string",
"state": "PAUSED",
"stateReason": "UNKNOWN",
"stateComment": "string",
"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"allClientsCount": "string",
"remainingClientsCount": "string",
"completedClientsCount": "string",
"failedClientsCount": "string",
"crashedClientsCount": "string",
"crashLimit": "string",
"clientLimit": "string",
"clientRate": 0,
"created": "string",
"initStartTime": "string",
"lastStartTime": "string",
"deprecatedExpires": "string",
"duration": "string",
"creator": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"isRobot": true,
"totalCpuUsage": 0,
"totalNetUsage": "string",
"clientsWithResultsCount": "string",
"resultsCount": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
},
"internalError": "string"
}

ListHunts

List hunts.

query Parameters

offset	string <int64> (protobuf2.TYPE_INT64)
count	string <int64> (protobuf2.TYPE_INT64)
withFullSummary	boolean (protobuf2.TYPE_BOOL)
descriptionContains	string (protobuf2.TYPE_STRING)
createdBy	string (protobuf2.TYPE_STRING)
withState	string Enum: "PAUSED" "STARTED" "STOPPED" "COMPLETED" PAUSED == 0 STARTED == 1 STOPPED == 2 COMPLETED == 3
robotFilter	string Enum: "UNKNOWN" "NO_ROBOTS" "ONLY_ROBOTS" UNKNOWN == 0 NO_ROBOTS == 1 ONLY_ROBOTS == 2
activeWithin	string <uint64> RDF type is `DurationSeconds` and it represents the number of seconds between two timestamps.

Responses

Response samples

200

Content type

application/json

{"items": [{"urn": "string",
"huntId": "string",
"huntType": "UNSET",
"name": "string",
"state": "PAUSED",
"stateReason": "UNKNOWN",
"stateComment": "string",
"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"allClientsCount": "string",
"remainingClientsCount": "string",
"completedClientsCount": "string",
"failedClientsCount": "string",
"crashedClientsCount": "string",
"crashLimit": "string",
"clientLimit": "string",
"clientRate": 0,
"created": "string",
"initStartTime": "string",
"lastStartTime": "string",
"deprecatedExpires": "string",
"duration": "string",
"creator": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"isRobot": true,
"totalCpuUsage": 0,
"totalNetUsage": "string",
"clientsWithResultsCount": "string",
"resultsCount": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
},
"internalError": "string"
}
],
"totalCount": "string"
}

ModifyCronJob

Modify cron job (includes enabling/disabling).

path Parameters

cronJobId

required

string (protobuf2.TYPE_STRING)

Request Body schema: application/json

enabled

boolean (protobuf2.TYPE_BOOL)

Responses

Request samples

Payload

Content type

application/json

{"enabled": true
}

Response samples

200

Content type

application/json

{"cronJobId": "string",
"args": {"actionType": "UNSET",
"systemCronAction": {"jobClassName": "string"
},
"huntCronAction": {"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"flowName": "string",
"flowArgs": "string"
}
},
"createdAt": "string",
"currentRunId": "string",
"enabled": true,
"lastRunStatus": "UNSET",
"lastRunTime": "string",
"state": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"frequency": "string",
"lifetime": "string",
"allowOverruns": true,
"forcedRunRequested": true,
"isFailing": true,
"description": "string"
}

DeleteHunt

Delete a hunt with all its data.

path Parameters

huntId

required

string (protobuf2.TYPE_STRING)

Responses

GetHunt

Get details of a hunt with a given id.

path Parameters

huntId

required

string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"urn": "string",
"huntId": "string",
"huntType": "UNSET",
"name": "string",
"state": "PAUSED",
"stateReason": "UNKNOWN",
"stateComment": "string",
"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"allClientsCount": "string",
"remainingClientsCount": "string",
"completedClientsCount": "string",
"failedClientsCount": "string",
"crashedClientsCount": "string",
"crashLimit": "string",
"clientLimit": "string",
"clientRate": 0,
"created": "string",
"initStartTime": "string",
"lastStartTime": "string",
"deprecatedExpires": "string",
"duration": "string",
"creator": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"isRobot": true,
"totalCpuUsage": 0,
"totalNetUsage": "string",
"clientsWithResultsCount": "string",
"resultsCount": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
},
"internalError": "string"
}

ModifyHunt

Modify hunt (includes stopping/starting).

path Parameters

huntId

required

string (protobuf2.TYPE_STRING)

Request Body schema: application/json

state	string Enum: "PAUSED" "STARTED" "STOPPED" "COMPLETED" PAUSED == 0 STARTED == 1 STOPPED == 2 COMPLETED == 3
clientLimit	string <int64> (protobuf2.TYPE_INT64)
clientRate	string <int64> (protobuf2.TYPE_INT64)
deprecatedExpires	string <uint64> RDF type is `RDFDatetime` and it represents the number of microseconds since epoch to a timestamp.
duration	string <uint64> RDF type is `DurationSeconds` and it represents the number of seconds between two timestamps.

Responses

Request samples

Payload

Content type

application/json

{"state": "PAUSED",
"clientLimit": "string",
"clientRate": "string",
"deprecatedExpires": "string",
"duration": "string"
}

Response samples

200

Content type

application/json

{"urn": "string",
"huntId": "string",
"huntType": "UNSET",
"name": "string",
"state": "PAUSED",
"stateReason": "UNKNOWN",
"stateComment": "string",
"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"allClientsCount": "string",
"remainingClientsCount": "string",
"completedClientsCount": "string",
"failedClientsCount": "string",
"crashedClientsCount": "string",
"crashLimit": "string",
"clientLimit": "string",
"clientRate": 0,
"created": "string",
"initStartTime": "string",
"lastStartTime": "string",
"deprecatedExpires": "string",
"duration": "string",
"creator": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"isRobot": true,
"totalCpuUsage": 0,
"totalNetUsage": "string",
"clientsWithResultsCount": "string",
"resultsCount": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
},
"internalError": "string"
}

GetCollectedHuntTimelines

Exports results of a timeline hunt.

The results are exported as a ZIP archive whose files follow the specified
format. Each file in the ZIP archive contains results for a particular
client.

Args:
  args: The timeline hunt export request arguments.
  context: The API call context.

Returns:
  An API handler for the timeline hunt export.

path Parameters

huntId required	string (protobuf2.TYPE_STRING)
format required	string Enum: "UNSPECIFIED" "BODY" "RAW_GZCHUNKED" UNSPECIFIED == 0 BODY == 1 RAW_GZCHUNKED == 2

query Parameters

object (grr.ApiTimelineBodyOpts)

Responses

GetExportedHuntResults

Stream hunt results using one of the instant output plugins.

path Parameters

pluginName required	string (protobuf2.TYPE_STRING)
huntId required	string (protobuf2.TYPE_STRING)

Responses

GetHuntClientCompletionStats

Get hunt completion stats.

path Parameters

huntId

required

string (protobuf2.TYPE_STRING)

query Parameters

size	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"startPoints": [{"label": "string",
"xValue": 0,
"yValue": 0
}
],
"completePoints": [{"label": "string",
"xValue": 0,
"yValue": 0
}
]
}

GetHuntContext

Get a low-level hunt context (useful for debugging).

path Parameters

huntId

required

string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"context": {"clientResources": {"clientId": "string",
"sessionId": "string",
"cpuUsage": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"networkBytesSent": "string"
},
"createTime": "string",
"creator": "string",
"deprecatedExpires": "string",
"duration": "string",
"networkBytesSent": "string",
"nextClientDue": "string",
"nextOutboundId": "string",
"nextProcessedRequest": "string",
"sessionId": "string",
"startTime": "string",
"usageStats": {"userCpuStats": {"histogram": {"bins": [{"rangeMaxValue": 0,
"num": "string"
}
]
},
"num": "string",
"sum": 0,
"stddev": 0
},
"systemCpuStats": {"histogram": {"bins": [{"rangeMaxValue": 0,
"num": "string"
}
]
},
"num": "string",
"sum": 0,
"stddev": 0
},
"networkBytesSentStats": {"histogram": {"bins": [{"rangeMaxValue": 0,
"num": "string"
}
]
},
"num": "string",
"sum": 0,
"stddev": 0
},
"worstPerformers": [{"clientId": "string",
"sessionId": "string",
"cpuUsage": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"networkBytesSent": "string"
}
]
}
},
"state": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
}
}

GetHuntFile

Get a file referenced by one of the hunt results.

path Parameters

huntId required	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)
vfsPath required	string (protobuf2.TYPE_STRING)

query Parameters

timestamp

string <uint64>

RDF type is RDFDatetime and it represents the number of microseconds since epoch to a timestamp.

Responses

GetHuntFilesArchive

Get ZIP or TAR.GZ archive with all the files downloaded by the hunt.

path Parameters

huntId

required

string (protobuf2.TYPE_STRING)

query Parameters

archiveFormat

string

Enum: "ZIP" "TAR_GZ"

ZIP == 0 TAR_GZ == 1

Responses

GetHuntResultsExportCommand

Get export command that exports hunt results.

path Parameters

huntId

required

string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"command": "string"
}

GetHuntStats

Get general hunt stats.

path Parameters

huntId

required

string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"stats": {"userCpuStats": {"histogram": {"bins": [{"rangeMaxValue": 0,
"num": "string"
}
]
},
"num": "string",
"sum": 0,
"stddev": 0
},
"systemCpuStats": {"histogram": {"bins": [{"rangeMaxValue": 0,
"num": "string"
}
]
},
"num": "string",
"sum": 0,
"stddev": 0
},
"networkBytesSentStats": {"histogram": {"bins": [{"rangeMaxValue": 0,
"num": "string"
}
]
},
"num": "string",
"sum": 0,
"stddev": 0
},
"worstPerformers": [{"clientId": "string",
"sessionId": "string",
"cpuUsage": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"networkBytesSent": "string"
}
]
}
}

ListHuntClients

List clients involved into the hunt.

path Parameters

clientStatus required	string Enum: "STARTED" "OUTSTANDING" "COMPLETED" STARTED == 0 OUTSTANDING == 1 COMPLETED == 2
huntId required	string (protobuf2.TYPE_STRING)

query Parameters

offset	string <int64> (protobuf2.TYPE_INT64)
count	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"clientId": "string",
"flowId": "string"
}
],
"totalCount": "string"
}

ListHuntCrashes

List all crashes caused by the hunt.

path Parameters

huntId

required

string (protobuf2.TYPE_STRING)

query Parameters

count	string <int64> (protobuf2.TYPE_INT64)
offset	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"clientId": "string",
"sessionId": "string",
"clientInfo": {"clientName": "string",
"clientVersion": 0,
"revision": "string",
"buildTime": "string",
"clientBinaryName": "string",
"clientDescription": "string",
"labels": ["string"
],
"timelineBtimeSupport": true,
"sandboxSupport": true
},
"timestamp": "string",
"crashType": "string",
"crashMessage": "string",
"backtrace": "string"
}
],
"totalCount": "string"
}

ListHuntErrors

List hunt errors.

path Parameters

huntId

required

string (protobuf2.TYPE_STRING)

query Parameters

count	string <int64> (protobuf2.TYPE_INT64)
offset	string <int64> (protobuf2.TYPE_INT64)
filter	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"items": [{"clientId": "string",
"logMessage": "string",
"backtrace": "string",
"timestamp": "string"
}
],
"totalCount": "string"
}

ListHuntLogs

List hunt logs.

path Parameters

huntId

required

string (protobuf2.TYPE_STRING)

query Parameters

offset	string <int64> (protobuf2.TYPE_INT64)
filter	string (protobuf2.TYPE_STRING)
count	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"clientId": "string",
"logMessage": "string",
"flowName": "string",
"flowId": "string",
"timestamp": "string"
}
],
"totalCount": "string"
}

ListHuntOutputPluginErrors

List hunt output plugins errors.

path Parameters

huntId required	string (protobuf2.TYPE_STRING)
pluginId required	string (protobuf2.TYPE_STRING)

query Parameters

count	string <int64> (protobuf2.TYPE_INT64)
offset	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"status": "SUCCESS",
"pluginDescriptor": {"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
},
"summary": "string",
"batchIndex": "string",
"batchSize": "string"
}
],
"totalCount": "string"
}

ListHuntOutputPluginLogs

List hunt output plugins logs.

path Parameters

pluginId required	string (protobuf2.TYPE_STRING)
huntId required	string (protobuf2.TYPE_STRING)

query Parameters

offset	string <int64> (protobuf2.TYPE_INT64)
count	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"status": "SUCCESS",
"pluginDescriptor": {"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
},
"summary": "string",
"batchIndex": "string",
"batchSize": "string"
}
],
"totalCount": "string"
}

ListHuntOutputPlugins

List output plugins used by the hunt.

path Parameters

huntId

required

string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"items": [{"id": "string",
"pluginDescriptor": {"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
},
"state": {"typeUrl": "string",
"value": "string"
}
}
],
"totalCount": "string"
}

ListHuntResults

List hunt results.

path Parameters

huntId

required

string (protobuf2.TYPE_STRING)

query Parameters

withType	string (protobuf2.TYPE_STRING)
filter	string (protobuf2.TYPE_STRING)
offset	string <int64> (protobuf2.TYPE_INT64)
count	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"clientId": "string",
"payload": {"typeUrl": "string",
"value": "string"
},
"timestamp": "string"
}
],
"totalCount": "string"
}

VerifyHuntAccess

Verifies if user has access to a hunt.

path Parameters

huntId

required

string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{ }

User

CreateClientApproval

Create new client approval.

path Parameters

clientId

required

string (protobuf2.TYPE_STRING)

Request Body schema: application/json

object (grr.ApiClientApproval)

Responses

Request samples

Payload

Content type

application/json

{"approval": {"subject": {"clientId": "string",
"urn": "string",
"agentInfo": {"clientName": "string",
"clientVersion": 0,
"revision": "string",
"buildTime": "string",
"clientBinaryName": "string",
"clientDescription": "string",
"labels": ["string"
],
"timelineBtimeSupport": true,
"sandboxSupport": true
},
"hardwareInfo": {"serialNumber": "string",
"systemManufacturer": "string",
"systemProductName": "string",
"systemUuid": "string",
"systemSkuNumber": "string",
"systemFamily": "string",
"biosVendor": "string",
"biosVersion": "string",
"biosReleaseDate": "string",
"biosRomSize": "string",
"biosRevision": "string",
"systemAssettag": "string"
},
"osInfo": {"system": "string",
"node": "string",
"release": "string",
"version": "string",
"machine": "string",
"kernel": "string",
"fqdn": "string",
"installDate": "string",
"libcVer": "string",
"architecture": "string",
"pep425tag": "string"
},
"knowledgeBase": {"users": [{"username": "string",
"temp": "string",
"desktop": "string",
"lastLogon": "string",
"fullName": "string",
"userdomain": "string",
"sid": "string",
"userprofile": "string",
"appdata": "string",
"localappdata": "string",
"internetCache": "string",
"cookies": "string",
"recent": "string",
"personal": "string",
"startup": "string",
"localappdataLow": "string",
"homedir": "string",
"uid": 0,
"gid": 0,
"shell": "string",
"pwEntry": {"store": "UNKNOWN",
"hashType": "DES",
"age": 0,
"maxAge": 0
},
"gids": [0
]
}
],
"fqdn": "string",
"timeZone": "string",
"os": "string",
"osMajorVersion": 0,
"osMinorVersion": 0,
"environPath": "string",
"environTemp": "string",
"osRelease": "string",
"environAllusersappdata": "string",
"environAllusersprofile": "string",
"environCommonprogramfiles": "string",
"environCommonprogramfilesx86": "string",
"environComspec": "string",
"environDriverdata": "string",
"environProfilesdirectory": "string",
"environProgramfiles": "string",
"environProgramdata": "string",
"environProgramfilesx86": "string",
"environSystemdrive": "string",
"environSystemroot": "string",
"environWindir": "string",
"currentControlSet": "string",
"codePage": "string",
"domain": "string",
"deprecatedUsers": ["string"
]
},
"memorySize": "string",
"firstSeenAt": "string",
"lastSeenAt": "string",
"lastBootedAt": "string",
"lastClock": "string",
"lastCrashAt": "string",
"labels": [{"name": "string",
"owner": "string"
}
],
"interfaces": [{"macAddress": "string",
"ip4Addresses": ["string"
],
"ifname": "string",
"ip6Addresses": ["string"
],
"addresses": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
],
"dhcpLeaseExpires": "string",
"dhcpLeaseObtained": "string",
"dhcpServerList": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
],
"ipGatewayList": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
]
}
],
"volumes": [{"isMounted": true,
"name": "string",
"devicePath": "string",
"fileSystemType": "string",
"totalAllocationUnits": "string",
"sectorsPerAllocationUnit": "string",
"bytesPerSector": "string",
"actualAvailableAllocationUnits": "string",
"creationTime": "string",
"fileSystemFlagList": ["FILE_CASE_SENSITIVE_SEARCH"
],
"serialNumber": "string",
"windowsvolume": {"attributesList": ["READONLY"
],
"driveLetter": "string",
"driveType": "DRIVE_UNKNOWN"
},
"unixvolume": {"mountPoint": "string",
"options": "string"
}
}
],
"age": "string",
"cloudInstance": {"cloudType": "UNSET",
"google": {"uniqueId": "string",
"zone": "string",
"projectId": "string",
"instanceId": "string",
"hostname": "string",
"machineType": "string"
},
"amazon": {"instanceId": "string",
"amiId": "string",
"hostname": "string",
"publicHostname": "string",
"instanceType": "string"
}
},
"sourceFlowId": "string",
"rrgVersion": "string",
"rrgArgs": ["string"
]
},
"id": "string",
"requestor": "string",
"reason": "string",
"isValid": true,
"isValidMessage": "string",
"emailMessageId": "string",
"notifiedUsers": ["string"
],
"emailCcAddresses": ["string"
],
"approvers": ["string"
],
"expirationTimeUs": "string"
}
}

Response samples

200

Content type

application/json

{"subject": {"clientId": "string",
"urn": "string",
"agentInfo": {"clientName": "string",
"clientVersion": 0,
"revision": "string",
"buildTime": "string",
"clientBinaryName": "string",
"clientDescription": "string",
"labels": ["string"
],
"timelineBtimeSupport": true,
"sandboxSupport": true
},
"hardwareInfo": {"serialNumber": "string",
"systemManufacturer": "string",
"systemProductName": "string",
"systemUuid": "string",
"systemSkuNumber": "string",
"systemFamily": "string",
"biosVendor": "string",
"biosVersion": "string",
"biosReleaseDate": "string",
"biosRomSize": "string",
"biosRevision": "string",
"systemAssettag": "string"
},
"osInfo": {"system": "string",
"node": "string",
"release": "string",
"version": "string",
"machine": "string",
"kernel": "string",
"fqdn": "string",
"installDate": "string",
"libcVer": "string",
"architecture": "string",
"pep425tag": "string"
},
"knowledgeBase": {"users": [{"username": "string",
"temp": "string",
"desktop": "string",
"lastLogon": "string",
"fullName": "string",
"userdomain": "string",
"sid": "string",
"userprofile": "string",
"appdata": "string",
"localappdata": "string",
"internetCache": "string",
"cookies": "string",
"recent": "string",
"personal": "string",
"startup": "string",
"localappdataLow": "string",
"homedir": "string",
"uid": 0,
"gid": 0,
"shell": "string",
"pwEntry": {"store": "UNKNOWN",
"hashType": "DES",
"age": 0,
"maxAge": 0
},
"gids": [0
]
}
],
"fqdn": "string",
"timeZone": "string",
"os": "string",
"osMajorVersion": 0,
"osMinorVersion": 0,
"environPath": "string",
"environTemp": "string",
"osRelease": "string",
"environAllusersappdata": "string",
"environAllusersprofile": "string",
"environCommonprogramfiles": "string",
"environCommonprogramfilesx86": "string",
"environComspec": "string",
"environDriverdata": "string",
"environProfilesdirectory": "string",
"environProgramfiles": "string",
"environProgramdata": "string",
"environProgramfilesx86": "string",
"environSystemdrive": "string",
"environSystemroot": "string",
"environWindir": "string",
"currentControlSet": "string",
"codePage": "string",
"domain": "string",
"deprecatedUsers": ["string"
]
},
"memorySize": "string",
"firstSeenAt": "string",
"lastSeenAt": "string",
"lastBootedAt": "string",
"lastClock": "string",
"lastCrashAt": "string",
"labels": [{"name": "string",
"owner": "string"
}
],
"interfaces": [{"macAddress": "string",
"ip4Addresses": ["string"
],
"ifname": "string",
"ip6Addresses": ["string"
],
"addresses": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
],
"dhcpLeaseExpires": "string",
"dhcpLeaseObtained": "string",
"dhcpServerList": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
],
"ipGatewayList": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
]
}
],
"volumes": [{"isMounted": true,
"name": "string",
"devicePath": "string",
"fileSystemType": "string",
"totalAllocationUnits": "string",
"sectorsPerAllocationUnit": "string",
"bytesPerSector": "string",
"actualAvailableAllocationUnits": "string",
"creationTime": "string",
"fileSystemFlagList": ["FILE_CASE_SENSITIVE_SEARCH"
],
"serialNumber": "string",
"windowsvolume": {"attributesList": ["READONLY"
],
"driveLetter": "string",
"driveType": "DRIVE_UNKNOWN"
},
"unixvolume": {"mountPoint": "string",
"options": "string"
}
}
],
"age": "string",
"cloudInstance": {"cloudType": "UNSET",
"google": {"uniqueId": "string",
"zone": "string",
"projectId": "string",
"instanceId": "string",
"hostname": "string",
"machineType": "string"
},
"amazon": {"instanceId": "string",
"amiId": "string",
"hostname": "string",
"publicHostname": "string",
"instanceType": "string"
}
},
"sourceFlowId": "string",
"rrgVersion": "string",
"rrgArgs": ["string"
]
},
"id": "string",
"requestor": "string",
"reason": "string",
"isValid": true,
"isValidMessage": "string",
"emailMessageId": "string",
"notifiedUsers": ["string"
],
"emailCcAddresses": ["string"
],
"approvers": ["string"
],
"expirationTimeUs": "string"
}

ListClientApprovals

List client approvals of a current user in reversed timestamp order.

path Parameters

clientId

string (protobuf2.TYPE_STRING)

query Parameters

count	string <int64> (protobuf2.TYPE_INT64)
state	string Enum: "ANY" "VALID" "INVALID" ANY == 0 VALID == 1 INVALID == 2
offset	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"subject": {"clientId": "string",
"urn": "string",
"agentInfo": {"clientName": "string",
"clientVersion": 0,
"revision": "string",
"buildTime": "string",
"clientBinaryName": "string",
"clientDescription": "string",
"labels": ["string"
],
"timelineBtimeSupport": true,
"sandboxSupport": true
},
"hardwareInfo": {"serialNumber": "string",
"systemManufacturer": "string",
"systemProductName": "string",
"systemUuid": "string",
"systemSkuNumber": "string",
"systemFamily": "string",
"biosVendor": "string",
"biosVersion": "string",
"biosReleaseDate": "string",
"biosRomSize": "string",
"biosRevision": "string",
"systemAssettag": "string"
},
"osInfo": {"system": "string",
"node": "string",
"release": "string",
"version": "string",
"machine": "string",
"kernel": "string",
"fqdn": "string",
"installDate": "string",
"libcVer": "string",
"architecture": "string",
"pep425tag": "string"
},
"knowledgeBase": {"users": [{"username": "string",
"temp": "string",
"desktop": "string",
"lastLogon": "string",
"fullName": "string",
"userdomain": "string",
"sid": "string",
"userprofile": "string",
"appdata": "string",
"localappdata": "string",
"internetCache": "string",
"cookies": "string",
"recent": "string",
"personal": "string",
"startup": "string",
"localappdataLow": "string",
"homedir": "string",
"uid": 0,
"gid": 0,
"shell": "string",
"pwEntry": {"store": "UNKNOWN",
"hashType": "DES",
"age": 0,
"maxAge": 0
},
"gids": [0
]
}
],
"fqdn": "string",
"timeZone": "string",
"os": "string",
"osMajorVersion": 0,
"osMinorVersion": 0,
"environPath": "string",
"environTemp": "string",
"osRelease": "string",
"environAllusersappdata": "string",
"environAllusersprofile": "string",
"environCommonprogramfiles": "string",
"environCommonprogramfilesx86": "string",
"environComspec": "string",
"environDriverdata": "string",
"environProfilesdirectory": "string",
"environProgramfiles": "string",
"environProgramdata": "string",
"environProgramfilesx86": "string",
"environSystemdrive": "string",
"environSystemroot": "string",
"environWindir": "string",
"currentControlSet": "string",
"codePage": "string",
"domain": "string",
"deprecatedUsers": ["string"
]
},
"memorySize": "string",
"firstSeenAt": "string",
"lastSeenAt": "string",
"lastBootedAt": "string",
"lastClock": "string",
"lastCrashAt": "string",
"labels": [{"name": "string",
"owner": "string"
}
],
"interfaces": [{"macAddress": "string",
"ip4Addresses": ["string"
],
"ifname": "string",
"ip6Addresses": ["string"
],
"addresses": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
],
"dhcpLeaseExpires": "string",
"dhcpLeaseObtained": "string",
"dhcpServerList": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
],
"ipGatewayList": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
]
}
],
"volumes": [{"isMounted": true,
"name": "string",
"devicePath": "string",
"fileSystemType": "string",
"totalAllocationUnits": "string",
"sectorsPerAllocationUnit": "string",
"bytesPerSector": "string",
"actualAvailableAllocationUnits": "string",
"creationTime": "string",
"fileSystemFlagList": ["FILE_CASE_SENSITIVE_SEARCH"
],
"serialNumber": "string",
"windowsvolume": {"attributesList": ["READONLY"
],
"driveLetter": "string",
"driveType": "DRIVE_UNKNOWN"
},
"unixvolume": {"mountPoint": "string",
"options": "string"
}
}
],
"age": "string",
"cloudInstance": {"cloudType": "UNSET",
"google": {"uniqueId": "string",
"zone": "string",
"projectId": "string",
"instanceId": "string",
"hostname": "string",
"machineType": "string"
},
"amazon": {"instanceId": "string",
"amiId": "string",
"hostname": "string",
"publicHostname": "string",
"instanceType": "string"
}
},
"sourceFlowId": "string",
"rrgVersion": "string",
"rrgArgs": ["string"
]
},
"id": "string",
"requestor": "string",
"reason": "string",
"isValid": true,
"isValidMessage": "string",
"emailMessageId": "string",
"notifiedUsers": ["string"
],
"emailCcAddresses": ["string"
],
"approvers": ["string"
],
"expirationTimeUs": "string"
}
]
}

CreateCronJobApproval

Create new cron job approval.

path Parameters

cronJobId

required

string (protobuf2.TYPE_STRING)

Request Body schema: application/json

object (grr.ApiCronJobApproval)

Responses

Request samples

Payload

Content type

application/json

{"approval": {"subject": {"cronJobId": "string",
"args": {"actionType": "UNSET",
"systemCronAction": {"jobClassName": "string"
},
"huntCronAction": {"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": null,
"osLinux": null,
"osDarwin": null
},
"label": {"labelNames": [ ],
"matchMode": null
},
"regex": {"attributeRegex": null,
"field": null
},
"integer": {"operator": null,
"value": null,
"field": null
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"flowName": "string",
"flowArgs": "string"
}
},
"createdAt": "string",
"currentRunId": "string",
"enabled": true,
"lastRunStatus": "UNSET",
"lastRunTime": "string",
"state": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"frequency": "string",
"lifetime": "string",
"allowOverruns": true,
"forcedRunRequested": true,
"isFailing": true,
"description": "string"
},
"id": "string",
"requestor": "string",
"reason": "string",
"isValid": true,
"isValidMessage": "string",
"emailMessageId": "string",
"notifiedUsers": ["string"
],
"emailCcAddresses": ["string"
],
"approvers": ["string"
]
}
}

Response samples

200

Content type

application/json

{"subject": {"cronJobId": "string",
"args": {"actionType": "UNSET",
"systemCronAction": {"jobClassName": "string"
},
"huntCronAction": {"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": [null
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"flowName": "string",
"flowArgs": "string"
}
},
"createdAt": "string",
"currentRunId": "string",
"enabled": true,
"lastRunStatus": "UNSET",
"lastRunTime": "string",
"state": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"frequency": "string",
"lifetime": "string",
"allowOverruns": true,
"forcedRunRequested": true,
"isFailing": true,
"description": "string"
},
"id": "string",
"requestor": "string",
"reason": "string",
"isValid": true,
"isValidMessage": "string",
"emailMessageId": "string",
"notifiedUsers": ["string"
],
"emailCcAddresses": ["string"
],
"approvers": ["string"
]
}

CreateHuntApproval

Create new hunt approval.

path Parameters

huntId

required

string (protobuf2.TYPE_STRING)

Request Body schema: application/json

object (grr.ApiHuntApproval)

Responses

Request samples

Payload

Content type

application/json

{"approval": {"subject": {"urn": "string",
"huntId": "string",
"huntType": "UNSET",
"name": "string",
"state": "PAUSED",
"stateReason": "UNKNOWN",
"stateComment": "string",
"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"allClientsCount": "string",
"remainingClientsCount": "string",
"completedClientsCount": "string",
"failedClientsCount": "string",
"crashedClientsCount": "string",
"crashLimit": "string",
"clientLimit": "string",
"clientRate": 0,
"created": "string",
"initStartTime": "string",
"lastStartTime": "string",
"deprecatedExpires": "string",
"duration": "string",
"creator": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"isRobot": true,
"totalCpuUsage": 0,
"totalNetUsage": "string",
"clientsWithResultsCount": "string",
"resultsCount": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
},
"internalError": "string"
},
"id": "string",
"requestor": "string",
"reason": "string",
"isValid": true,
"isValidMessage": "string",
"emailMessageId": "string",
"notifiedUsers": ["string"
],
"emailCcAddresses": ["string"
],
"approvers": ["string"
],
"copiedFromHunt": {"urn": "string",
"huntId": "string",
"huntType": "UNSET",
"name": "string",
"state": "PAUSED",
"stateReason": "UNKNOWN",
"stateComment": "string",
"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"allClientsCount": "string",
"remainingClientsCount": "string",
"completedClientsCount": "string",
"failedClientsCount": "string",
"crashedClientsCount": "string",
"crashLimit": "string",
"clientLimit": "string",
"clientRate": 0,
"created": "string",
"initStartTime": "string",
"lastStartTime": "string",
"deprecatedExpires": "string",
"duration": "string",
"creator": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"isRobot": true,
"totalCpuUsage": 0,
"totalNetUsage": "string",
"clientsWithResultsCount": "string",
"resultsCount": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
},
"internalError": "string"
},
"copiedFromFlow": {"urn": "string",
"flowId": "string",
"clientId": "string",
"name": "string",
"args": {"typeUrl": "string",
"value": "string"
},
"progress": {"typeUrl": "string",
"value": "string"
},
"resultMetadata": {"numResultsPerTypeTag": [{"type": "string",
"tag": "string",
"count": "string"
}
],
"isMetadataSet": true
},
"runnerArgs": {"clientId": "string",
"cpuLimit": "string",
"networkBytesLimit": "string",
"requestState": {"id": 0,
"tsId": "string",
"nextState": "string",
"status": {"status": "OK",
"errorMessage": "string",
"backtrace": "string",
"cpuTimeUsed": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"childSessionId": "string",
"networkBytesSent": "string",
"runtimeUs": "string"
},
"data": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [ ]
},
"dict": { },
"rdfValue": {"name": null,
"data": null
},
"float": 0,
"set": {"content": [ ]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [ ]
},
"dict": { },
"rdfValue": {"name": null,
"data": null
},
"float": 0,
"set": {"content": [ ]
},
"compression": "UNCOMPRESSED"
}
}
]
},
"responseCount": 0,
"transmissionCount": 0,
"clientId": "string",
"sessionId": "string",
"request": {"sessionId": "string",
"requestId": "string",
"responseId": "string",
"name": "string",
"payloadAny": {"typeUrl": "string",
"value": "string"
},
"args": "string",
"source": "string",
"authState": "UNAUTHENTICATED",
"type": "MESSAGE",
"ttl": 0,
"cpuLimit": 0,
"argsRdfName": "string",
"taskId": "string",
"taskTtl": 0,
"queue": "string",
"leasedUntil": "string",
"leasedBy": "string",
"networkBytesLimit": "string",
"timestamp": "string",
"runtimeLimitUs": "string"
}
},
"flowName": "string",
"writeIntermediateResults": true,
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"originalFlow": {"flowId": "string",
"clientId": "string"
}
},
"state": "RUNNING",
"errorDescription": "string",
"startedAt": "string",
"lastActiveAt": "string",
"creator": "string",
"isRobot": true,
"stateData": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"store": {"typeUrl": "string",
"value": "string"
},
"context": {"backtrace": "string",
"clientResources": {"clientId": "string",
"sessionId": "string",
"cpuUsage": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"networkBytesSent": "string"
},
"createTime": "string",
"creator": "string",
"currentState": "string",
"killTimestamp": "string",
"networkBytesSent": "string",
"nextOutboundId": "string",
"nextProcessedRequest": "string",
"outputPluginsStates": [{"pluginDescriptor": {"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
},
"pluginState": {"dat": [{"k": {"integer": null,
"data": null,
"string": null,
"protoName": null,
"none": null,
"boolean": null,
"list": null,
"dict": null,
"rdfValue": null,
"float": null,
"set": null,
"compression": null
},
"v": {"integer": null,
"data": null,
"string": null,
"protoName": null,
"none": null,
"boolean": null,
"list": null,
"dict": null,
"rdfValue": null,
"float": null,
"set": null,
"compression": null
}
}
]
}
}
],
"outstandingRequests": "string",
"sessionId": "string",
"state": "RUNNING",
"status": "string"
},
"nestedFlows": [{ }
],
"originalFlow": {"flowId": "string",
"clientId": "string"
},
"internalError": "string"
},
"expirationTimeUs": "string"
}
}

Response samples

200

Content type

application/json

{"subject": {"urn": "string",
"huntId": "string",
"huntType": "UNSET",
"name": "string",
"state": "PAUSED",
"stateReason": "UNKNOWN",
"stateComment": "string",
"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"allClientsCount": "string",
"remainingClientsCount": "string",
"completedClientsCount": "string",
"failedClientsCount": "string",
"crashedClientsCount": "string",
"crashLimit": "string",
"clientLimit": "string",
"clientRate": 0,
"created": "string",
"initStartTime": "string",
"lastStartTime": "string",
"deprecatedExpires": "string",
"duration": "string",
"creator": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"isRobot": true,
"totalCpuUsage": 0,
"totalNetUsage": "string",
"clientsWithResultsCount": "string",
"resultsCount": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
},
"internalError": "string"
},
"id": "string",
"requestor": "string",
"reason": "string",
"isValid": true,
"isValidMessage": "string",
"emailMessageId": "string",
"notifiedUsers": ["string"
],
"emailCcAddresses": ["string"
],
"approvers": ["string"
],
"copiedFromHunt": {"urn": "string",
"huntId": "string",
"huntType": "UNSET",
"name": "string",
"state": "PAUSED",
"stateReason": "UNKNOWN",
"stateComment": "string",
"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"allClientsCount": "string",
"remainingClientsCount": "string",
"completedClientsCount": "string",
"failedClientsCount": "string",
"crashedClientsCount": "string",
"crashLimit": "string",
"clientLimit": "string",
"clientRate": 0,
"created": "string",
"initStartTime": "string",
"lastStartTime": "string",
"deprecatedExpires": "string",
"duration": "string",
"creator": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"isRobot": true,
"totalCpuUsage": 0,
"totalNetUsage": "string",
"clientsWithResultsCount": "string",
"resultsCount": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
},
"internalError": "string"
},
"copiedFromFlow": {"urn": "string",
"flowId": "string",
"clientId": "string",
"name": "string",
"args": {"typeUrl": "string",
"value": "string"
},
"progress": {"typeUrl": "string",
"value": "string"
},
"resultMetadata": {"numResultsPerTypeTag": [{"type": "string",
"tag": "string",
"count": "string"
}
],
"isMetadataSet": true
},
"runnerArgs": {"clientId": "string",
"cpuLimit": "string",
"networkBytesLimit": "string",
"requestState": {"id": 0,
"tsId": "string",
"nextState": "string",
"status": {"status": "OK",
"errorMessage": "string",
"backtrace": "string",
"cpuTimeUsed": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"childSessionId": "string",
"networkBytesSent": "string",
"runtimeUs": "string"
},
"data": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
}
}
]
},
"responseCount": 0,
"transmissionCount": 0,
"clientId": "string",
"sessionId": "string",
"request": {"sessionId": "string",
"requestId": "string",
"responseId": "string",
"name": "string",
"payloadAny": {"typeUrl": "string",
"value": "string"
},
"args": "string",
"source": "string",
"authState": "UNAUTHENTICATED",
"type": "MESSAGE",
"ttl": 0,
"cpuLimit": 0,
"argsRdfName": "string",
"taskId": "string",
"taskTtl": 0,
"queue": "string",
"leasedUntil": "string",
"leasedBy": "string",
"networkBytesLimit": "string",
"timestamp": "string",
"runtimeLimitUs": "string"
}
},
"flowName": "string",
"writeIntermediateResults": true,
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"originalFlow": {"flowId": "string",
"clientId": "string"
}
},
"state": "RUNNING",
"errorDescription": "string",
"startedAt": "string",
"lastActiveAt": "string",
"creator": "string",
"isRobot": true,
"stateData": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"store": {"typeUrl": "string",
"value": "string"
},
"context": {"backtrace": "string",
"clientResources": {"clientId": "string",
"sessionId": "string",
"cpuUsage": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"networkBytesSent": "string"
},
"createTime": "string",
"creator": "string",
"currentState": "string",
"killTimestamp": "string",
"networkBytesSent": "string",
"nextOutboundId": "string",
"nextProcessedRequest": "string",
"outputPluginsStates": [{"pluginDescriptor": {"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
},
"pluginState": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [ ]
},
"dict": {"dat": [ ]
},
"rdfValue": {"name": null,
"data": null
},
"float": 0,
"set": {"content": [ ]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [ ]
},
"dict": {"dat": [ ]
},
"rdfValue": {"name": null,
"data": null
},
"float": 0,
"set": {"content": [ ]
},
"compression": "UNCOMPRESSED"
}
}
]
}
}
],
"outstandingRequests": "string",
"sessionId": "string",
"state": "RUNNING",
"status": "string"
},
"nestedFlows": [{ }
],
"originalFlow": {"flowId": "string",
"clientId": "string"
},
"internalError": "string"
},
"expirationTimeUs": "string"
}

ListHuntApprovals

List hunt approvals of a current user.

path Parameters

huntId

string (protobuf2.TYPE_STRING)

query Parameters

offset	string <int64> (protobuf2.TYPE_INT64)
count	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"subject": {"urn": "string",
"huntId": "string",
"huntType": "UNSET",
"name": "string",
"state": "PAUSED",
"stateReason": "UNKNOWN",
"stateComment": "string",
"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": [null
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"allClientsCount": "string",
"remainingClientsCount": "string",
"completedClientsCount": "string",
"failedClientsCount": "string",
"crashedClientsCount": "string",
"crashLimit": "string",
"clientLimit": "string",
"clientRate": 0,
"created": "string",
"initStartTime": "string",
"lastStartTime": "string",
"deprecatedExpires": "string",
"duration": "string",
"creator": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"isRobot": true,
"totalCpuUsage": 0,
"totalNetUsage": "string",
"clientsWithResultsCount": "string",
"resultsCount": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
},
"internalError": "string"
},
"id": "string",
"requestor": "string",
"reason": "string",
"isValid": true,
"isValidMessage": "string",
"emailMessageId": "string",
"notifiedUsers": ["string"
],
"emailCcAddresses": ["string"
],
"approvers": ["string"
],
"copiedFromHunt": {"urn": "string",
"huntId": "string",
"huntType": "UNSET",
"name": "string",
"state": "PAUSED",
"stateReason": "UNKNOWN",
"stateComment": "string",
"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": [null
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"allClientsCount": "string",
"remainingClientsCount": "string",
"completedClientsCount": "string",
"failedClientsCount": "string",
"crashedClientsCount": "string",
"crashLimit": "string",
"clientLimit": "string",
"clientRate": 0,
"created": "string",
"initStartTime": "string",
"lastStartTime": "string",
"deprecatedExpires": "string",
"duration": "string",
"creator": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"isRobot": true,
"totalCpuUsage": 0,
"totalNetUsage": "string",
"clientsWithResultsCount": "string",
"resultsCount": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
},
"internalError": "string"
},
"copiedFromFlow": {"urn": "string",
"flowId": "string",
"clientId": "string",
"name": "string",
"args": {"typeUrl": "string",
"value": "string"
},
"progress": {"typeUrl": "string",
"value": "string"
},
"resultMetadata": {"numResultsPerTypeTag": [{"type": "string",
"tag": "string",
"count": "string"
}
],
"isMetadataSet": true
},
"runnerArgs": {"clientId": "string",
"cpuLimit": "string",
"networkBytesLimit": "string",
"requestState": {"id": 0,
"tsId": "string",
"nextState": "string",
"status": {"status": "OK",
"errorMessage": "string",
"backtrace": "string",
"cpuTimeUsed": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"childSessionId": "string",
"networkBytesSent": "string",
"runtimeUs": "string"
},
"data": {"dat": [{"k": {"integer": null,
"data": null,
"string": null,
"protoName": null,
"none": null,
"boolean": null,
"list": null,
"dict": null,
"rdfValue": null,
"float": null,
"set": null,
"compression": null
},
"v": {"integer": null,
"data": null,
"string": null,
"protoName": null,
"none": null,
"boolean": null,
"list": null,
"dict": null,
"rdfValue": null,
"float": null,
"set": null,
"compression": null
}
}
]
},
"responseCount": 0,
"transmissionCount": 0,
"clientId": "string",
"sessionId": "string",
"request": {"sessionId": "string",
"requestId": "string",
"responseId": "string",
"name": "string",
"payloadAny": {"typeUrl": "string",
"value": "string"
},
"args": "string",
"source": "string",
"authState": "UNAUTHENTICATED",
"type": "MESSAGE",
"ttl": 0,
"cpuLimit": 0,
"argsRdfName": "string",
"taskId": "string",
"taskTtl": 0,
"queue": "string",
"leasedUntil": "string",
"leasedBy": "string",
"networkBytesLimit": "string",
"timestamp": "string",
"runtimeLimitUs": "string"
}
},
"flowName": "string",
"writeIntermediateResults": true,
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"originalFlow": {"flowId": "string",
"clientId": "string"
}
},
"state": "RUNNING",
"errorDescription": "string",
"startedAt": "string",
"lastActiveAt": "string",
"creator": "string",
"isRobot": true,
"stateData": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"store": {"typeUrl": "string",
"value": "string"
},
"context": {"backtrace": "string",
"clientResources": {"clientId": "string",
"sessionId": "string",
"cpuUsage": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"networkBytesSent": "string"
},
"createTime": "string",
"creator": "string",
"currentState": "string",
"killTimestamp": "string",
"networkBytesSent": "string",
"nextOutboundId": "string",
"nextProcessedRequest": "string",
"outputPluginsStates": [{"pluginDescriptor": {"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
},
"pluginState": {"dat": [{"k": null,
"v": null
}
]
}
}
],
"outstandingRequests": "string",
"sessionId": "string",
"state": "RUNNING",
"status": "string"
},
"nestedFlows": [{ }
],
"originalFlow": {"flowId": "string",
"clientId": "string"
},
"internalError": "string"
},
"expirationTimeUs": "string"
}
]
}

DeletePendingUserNotification

Delete pending user notifications.

path Parameters

timestamp

required

string <uint64>

RDF type is RDFDatetime and it represents the number of microseconds since epoch to a timestamp.

Responses

GetClientApproval

Get client approval identified by approval id, client id and username.

path Parameters

username required	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)
approvalId required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"subject": {"clientId": "string",
"urn": "string",
"agentInfo": {"clientName": "string",
"clientVersion": 0,
"revision": "string",
"buildTime": "string",
"clientBinaryName": "string",
"clientDescription": "string",
"labels": ["string"
],
"timelineBtimeSupport": true,
"sandboxSupport": true
},
"hardwareInfo": {"serialNumber": "string",
"systemManufacturer": "string",
"systemProductName": "string",
"systemUuid": "string",
"systemSkuNumber": "string",
"systemFamily": "string",
"biosVendor": "string",
"biosVersion": "string",
"biosReleaseDate": "string",
"biosRomSize": "string",
"biosRevision": "string",
"systemAssettag": "string"
},
"osInfo": {"system": "string",
"node": "string",
"release": "string",
"version": "string",
"machine": "string",
"kernel": "string",
"fqdn": "string",
"installDate": "string",
"libcVer": "string",
"architecture": "string",
"pep425tag": "string"
},
"knowledgeBase": {"users": [{"username": "string",
"temp": "string",
"desktop": "string",
"lastLogon": "string",
"fullName": "string",
"userdomain": "string",
"sid": "string",
"userprofile": "string",
"appdata": "string",
"localappdata": "string",
"internetCache": "string",
"cookies": "string",
"recent": "string",
"personal": "string",
"startup": "string",
"localappdataLow": "string",
"homedir": "string",
"uid": 0,
"gid": 0,
"shell": "string",
"pwEntry": {"store": "UNKNOWN",
"hashType": "DES",
"age": 0,
"maxAge": 0
},
"gids": [0
]
}
],
"fqdn": "string",
"timeZone": "string",
"os": "string",
"osMajorVersion": 0,
"osMinorVersion": 0,
"environPath": "string",
"environTemp": "string",
"osRelease": "string",
"environAllusersappdata": "string",
"environAllusersprofile": "string",
"environCommonprogramfiles": "string",
"environCommonprogramfilesx86": "string",
"environComspec": "string",
"environDriverdata": "string",
"environProfilesdirectory": "string",
"environProgramfiles": "string",
"environProgramdata": "string",
"environProgramfilesx86": "string",
"environSystemdrive": "string",
"environSystemroot": "string",
"environWindir": "string",
"currentControlSet": "string",
"codePage": "string",
"domain": "string",
"deprecatedUsers": ["string"
]
},
"memorySize": "string",
"firstSeenAt": "string",
"lastSeenAt": "string",
"lastBootedAt": "string",
"lastClock": "string",
"lastCrashAt": "string",
"labels": [{"name": "string",
"owner": "string"
}
],
"interfaces": [{"macAddress": "string",
"ip4Addresses": ["string"
],
"ifname": "string",
"ip6Addresses": ["string"
],
"addresses": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
],
"dhcpLeaseExpires": "string",
"dhcpLeaseObtained": "string",
"dhcpServerList": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
],
"ipGatewayList": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
]
}
],
"volumes": [{"isMounted": true,
"name": "string",
"devicePath": "string",
"fileSystemType": "string",
"totalAllocationUnits": "string",
"sectorsPerAllocationUnit": "string",
"bytesPerSector": "string",
"actualAvailableAllocationUnits": "string",
"creationTime": "string",
"fileSystemFlagList": ["FILE_CASE_SENSITIVE_SEARCH"
],
"serialNumber": "string",
"windowsvolume": {"attributesList": ["READONLY"
],
"driveLetter": "string",
"driveType": "DRIVE_UNKNOWN"
},
"unixvolume": {"mountPoint": "string",
"options": "string"
}
}
],
"age": "string",
"cloudInstance": {"cloudType": "UNSET",
"google": {"uniqueId": "string",
"zone": "string",
"projectId": "string",
"instanceId": "string",
"hostname": "string",
"machineType": "string"
},
"amazon": {"instanceId": "string",
"amiId": "string",
"hostname": "string",
"publicHostname": "string",
"instanceType": "string"
}
},
"sourceFlowId": "string",
"rrgVersion": "string",
"rrgArgs": ["string"
]
},
"id": "string",
"requestor": "string",
"reason": "string",
"isValid": true,
"isValidMessage": "string",
"emailMessageId": "string",
"notifiedUsers": ["string"
],
"emailCcAddresses": ["string"
],
"approvers": ["string"
],
"expirationTimeUs": "string"
}

GetCronJobApproval

Get cron job approval identified by approval id, cron id and username.

path Parameters

cronJobId required	string (protobuf2.TYPE_STRING)
approvalId required	string (protobuf2.TYPE_STRING)
username required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"subject": {"cronJobId": "string",
"args": {"actionType": "UNSET",
"systemCronAction": {"jobClassName": "string"
},
"huntCronAction": {"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": [null
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"flowName": "string",
"flowArgs": "string"
}
},
"createdAt": "string",
"currentRunId": "string",
"enabled": true,
"lastRunStatus": "UNSET",
"lastRunTime": "string",
"state": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"frequency": "string",
"lifetime": "string",
"allowOverruns": true,
"forcedRunRequested": true,
"isFailing": true,
"description": "string"
},
"id": "string",
"requestor": "string",
"reason": "string",
"isValid": true,
"isValidMessage": "string",
"emailMessageId": "string",
"notifiedUsers": ["string"
],
"emailCcAddresses": ["string"
],
"approvers": ["string"
]
}

GetGrrUser

Get current user settings.

Responses

Response samples

200

Content type

application/json

{"username": "string",
"settings": {"mode": "BASIC",
"canaryMode": true
},
"interfaceTraits": {"cronJobsNavItemEnabled": true,
"createCronJobActionEnabled": true,
"huntManagerNavItemEnabled": true,
"createHuntActionEnabled": true,
"showStatisticsNavItemEnabled": true,
"serverLoadNavItemEnabled": true,
"manageBinariesNavItemEnabled": true,
"uploadBinaryActionEnabled": true,
"settingsNavItemEnabled": true,
"artifactManagerNavItemEnabled": true,
"uploadArtifactActionEnabled": true,
"searchClientsActionEnabled": true,
"browseVirtualFileSystemNavItemEnabled": true,
"startClientFlowNavItemEnabled": true,
"manageClientFlowsNavItemEnabled": true,
"modifyClientLabelsActionEnabled": true,
"huntApprovalRequired": true
},
"userType": "USER_TYPE_NONE",
"email": "string"
}

UpdateGrrUser

Update current user settings.

Request Body schema: application/json

username	string (protobuf2.TYPE_STRING)
	object (grr.GUISettings)
	object (grr.ApiGrrUserInterfaceTraits)
userType	string Enum: "USER_TYPE_NONE" "USER_TYPE_STANDARD" "USER_TYPE_ADMIN" USER_TYPE_NONE == 0 USER_TYPE_STANDARD == 1 USER_TYPE_ADMIN == 2
email	string (protobuf2.TYPE_STRING)

Responses

Request samples

Payload

Content type

application/json

{"username": "string",
"settings": {"mode": "BASIC",
"canaryMode": true
},
"interfaceTraits": {"cronJobsNavItemEnabled": true,
"createCronJobActionEnabled": true,
"huntManagerNavItemEnabled": true,
"createHuntActionEnabled": true,
"showStatisticsNavItemEnabled": true,
"serverLoadNavItemEnabled": true,
"manageBinariesNavItemEnabled": true,
"uploadBinaryActionEnabled": true,
"settingsNavItemEnabled": true,
"artifactManagerNavItemEnabled": true,
"uploadArtifactActionEnabled": true,
"searchClientsActionEnabled": true,
"browseVirtualFileSystemNavItemEnabled": true,
"startClientFlowNavItemEnabled": true,
"manageClientFlowsNavItemEnabled": true,
"modifyClientLabelsActionEnabled": true,
"huntApprovalRequired": true
},
"userType": "USER_TYPE_NONE",
"email": "string"
}

GetHuntApproval

Get hunt approval identified by approval id, hunt id and username.

path Parameters

huntId required	string (protobuf2.TYPE_STRING)
approvalId required	string (protobuf2.TYPE_STRING)
username required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"subject": {"urn": "string",
"huntId": "string",
"huntType": "UNSET",
"name": "string",
"state": "PAUSED",
"stateReason": "UNKNOWN",
"stateComment": "string",
"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"allClientsCount": "string",
"remainingClientsCount": "string",
"completedClientsCount": "string",
"failedClientsCount": "string",
"crashedClientsCount": "string",
"crashLimit": "string",
"clientLimit": "string",
"clientRate": 0,
"created": "string",
"initStartTime": "string",
"lastStartTime": "string",
"deprecatedExpires": "string",
"duration": "string",
"creator": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"isRobot": true,
"totalCpuUsage": 0,
"totalNetUsage": "string",
"clientsWithResultsCount": "string",
"resultsCount": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
},
"internalError": "string"
},
"id": "string",
"requestor": "string",
"reason": "string",
"isValid": true,
"isValidMessage": "string",
"emailMessageId": "string",
"notifiedUsers": ["string"
],
"emailCcAddresses": ["string"
],
"approvers": ["string"
],
"copiedFromHunt": {"urn": "string",
"huntId": "string",
"huntType": "UNSET",
"name": "string",
"state": "PAUSED",
"stateReason": "UNKNOWN",
"stateComment": "string",
"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"allClientsCount": "string",
"remainingClientsCount": "string",
"completedClientsCount": "string",
"failedClientsCount": "string",
"crashedClientsCount": "string",
"crashLimit": "string",
"clientLimit": "string",
"clientRate": 0,
"created": "string",
"initStartTime": "string",
"lastStartTime": "string",
"deprecatedExpires": "string",
"duration": "string",
"creator": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"isRobot": true,
"totalCpuUsage": 0,
"totalNetUsage": "string",
"clientsWithResultsCount": "string",
"resultsCount": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
},
"internalError": "string"
},
"copiedFromFlow": {"urn": "string",
"flowId": "string",
"clientId": "string",
"name": "string",
"args": {"typeUrl": "string",
"value": "string"
},
"progress": {"typeUrl": "string",
"value": "string"
},
"resultMetadata": {"numResultsPerTypeTag": [{"type": "string",
"tag": "string",
"count": "string"
}
],
"isMetadataSet": true
},
"runnerArgs": {"clientId": "string",
"cpuLimit": "string",
"networkBytesLimit": "string",
"requestState": {"id": 0,
"tsId": "string",
"nextState": "string",
"status": {"status": "OK",
"errorMessage": "string",
"backtrace": "string",
"cpuTimeUsed": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"childSessionId": "string",
"networkBytesSent": "string",
"runtimeUs": "string"
},
"data": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
}
}
]
},
"responseCount": 0,
"transmissionCount": 0,
"clientId": "string",
"sessionId": "string",
"request": {"sessionId": "string",
"requestId": "string",
"responseId": "string",
"name": "string",
"payloadAny": {"typeUrl": "string",
"value": "string"
},
"args": "string",
"source": "string",
"authState": "UNAUTHENTICATED",
"type": "MESSAGE",
"ttl": 0,
"cpuLimit": 0,
"argsRdfName": "string",
"taskId": "string",
"taskTtl": 0,
"queue": "string",
"leasedUntil": "string",
"leasedBy": "string",
"networkBytesLimit": "string",
"timestamp": "string",
"runtimeLimitUs": "string"
}
},
"flowName": "string",
"writeIntermediateResults": true,
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"originalFlow": {"flowId": "string",
"clientId": "string"
}
},
"state": "RUNNING",
"errorDescription": "string",
"startedAt": "string",
"lastActiveAt": "string",
"creator": "string",
"isRobot": true,
"stateData": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"store": {"typeUrl": "string",
"value": "string"
},
"context": {"backtrace": "string",
"clientResources": {"clientId": "string",
"sessionId": "string",
"cpuUsage": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"networkBytesSent": "string"
},
"createTime": "string",
"creator": "string",
"currentState": "string",
"killTimestamp": "string",
"networkBytesSent": "string",
"nextOutboundId": "string",
"nextProcessedRequest": "string",
"outputPluginsStates": [{"pluginDescriptor": {"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
},
"pluginState": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [ ]
},
"dict": {"dat": [ ]
},
"rdfValue": {"name": null,
"data": null
},
"float": 0,
"set": {"content": [ ]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [ ]
},
"dict": {"dat": [ ]
},
"rdfValue": {"name": null,
"data": null
},
"float": 0,
"set": {"content": [ ]
},
"compression": "UNCOMPRESSED"
}
}
]
}
}
],
"outstandingRequests": "string",
"sessionId": "string",
"state": "RUNNING",
"status": "string"
},
"nestedFlows": [{ }
],
"originalFlow": {"flowId": "string",
"clientId": "string"
},
"internalError": "string"
},
"expirationTimeUs": "string"
}

GetPendingUserNotificationsCount

Get number of pending user notifications.

Responses

Response samples

200

Content type

application/json

{"count": "string"
}

GrantClientApproval

Grant client approval.

path Parameters

approvalId required	string (protobuf2.TYPE_STRING)
username required	string (protobuf2.TYPE_STRING)
clientId required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"subject": {"clientId": "string",
"urn": "string",
"agentInfo": {"clientName": "string",
"clientVersion": 0,
"revision": "string",
"buildTime": "string",
"clientBinaryName": "string",
"clientDescription": "string",
"labels": ["string"
],
"timelineBtimeSupport": true,
"sandboxSupport": true
},
"hardwareInfo": {"serialNumber": "string",
"systemManufacturer": "string",
"systemProductName": "string",
"systemUuid": "string",
"systemSkuNumber": "string",
"systemFamily": "string",
"biosVendor": "string",
"biosVersion": "string",
"biosReleaseDate": "string",
"biosRomSize": "string",
"biosRevision": "string",
"systemAssettag": "string"
},
"osInfo": {"system": "string",
"node": "string",
"release": "string",
"version": "string",
"machine": "string",
"kernel": "string",
"fqdn": "string",
"installDate": "string",
"libcVer": "string",
"architecture": "string",
"pep425tag": "string"
},
"knowledgeBase": {"users": [{"username": "string",
"temp": "string",
"desktop": "string",
"lastLogon": "string",
"fullName": "string",
"userdomain": "string",
"sid": "string",
"userprofile": "string",
"appdata": "string",
"localappdata": "string",
"internetCache": "string",
"cookies": "string",
"recent": "string",
"personal": "string",
"startup": "string",
"localappdataLow": "string",
"homedir": "string",
"uid": 0,
"gid": 0,
"shell": "string",
"pwEntry": {"store": "UNKNOWN",
"hashType": "DES",
"age": 0,
"maxAge": 0
},
"gids": [0
]
}
],
"fqdn": "string",
"timeZone": "string",
"os": "string",
"osMajorVersion": 0,
"osMinorVersion": 0,
"environPath": "string",
"environTemp": "string",
"osRelease": "string",
"environAllusersappdata": "string",
"environAllusersprofile": "string",
"environCommonprogramfiles": "string",
"environCommonprogramfilesx86": "string",
"environComspec": "string",
"environDriverdata": "string",
"environProfilesdirectory": "string",
"environProgramfiles": "string",
"environProgramdata": "string",
"environProgramfilesx86": "string",
"environSystemdrive": "string",
"environSystemroot": "string",
"environWindir": "string",
"currentControlSet": "string",
"codePage": "string",
"domain": "string",
"deprecatedUsers": ["string"
]
},
"memorySize": "string",
"firstSeenAt": "string",
"lastSeenAt": "string",
"lastBootedAt": "string",
"lastClock": "string",
"lastCrashAt": "string",
"labels": [{"name": "string",
"owner": "string"
}
],
"interfaces": [{"macAddress": "string",
"ip4Addresses": ["string"
],
"ifname": "string",
"ip6Addresses": ["string"
],
"addresses": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
],
"dhcpLeaseExpires": "string",
"dhcpLeaseObtained": "string",
"dhcpServerList": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
],
"ipGatewayList": [{"addressType": "INET",
"deprecatedHumanReadable": "string",
"packedBytes": "string"
}
]
}
],
"volumes": [{"isMounted": true,
"name": "string",
"devicePath": "string",
"fileSystemType": "string",
"totalAllocationUnits": "string",
"sectorsPerAllocationUnit": "string",
"bytesPerSector": "string",
"actualAvailableAllocationUnits": "string",
"creationTime": "string",
"fileSystemFlagList": ["FILE_CASE_SENSITIVE_SEARCH"
],
"serialNumber": "string",
"windowsvolume": {"attributesList": ["READONLY"
],
"driveLetter": "string",
"driveType": "DRIVE_UNKNOWN"
},
"unixvolume": {"mountPoint": "string",
"options": "string"
}
}
],
"age": "string",
"cloudInstance": {"cloudType": "UNSET",
"google": {"uniqueId": "string",
"zone": "string",
"projectId": "string",
"instanceId": "string",
"hostname": "string",
"machineType": "string"
},
"amazon": {"instanceId": "string",
"amiId": "string",
"hostname": "string",
"publicHostname": "string",
"instanceType": "string"
}
},
"sourceFlowId": "string",
"rrgVersion": "string",
"rrgArgs": ["string"
]
},
"id": "string",
"requestor": "string",
"reason": "string",
"isValid": true,
"isValidMessage": "string",
"emailMessageId": "string",
"notifiedUsers": ["string"
],
"emailCcAddresses": ["string"
],
"approvers": ["string"
],
"expirationTimeUs": "string"
}

GrantCronJobApproval

Grant cron job approval.

path Parameters

approvalId required	string (protobuf2.TYPE_STRING)
username required	string (protobuf2.TYPE_STRING)
cronJobId required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"subject": {"cronJobId": "string",
"args": {"actionType": "UNSET",
"systemCronAction": {"jobClassName": "string"
},
"huntCronAction": {"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": [null
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"flowName": "string",
"flowArgs": "string"
}
},
"createdAt": "string",
"currentRunId": "string",
"enabled": true,
"lastRunStatus": "UNSET",
"lastRunTime": "string",
"state": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"frequency": "string",
"lifetime": "string",
"allowOverruns": true,
"forcedRunRequested": true,
"isFailing": true,
"description": "string"
},
"id": "string",
"requestor": "string",
"reason": "string",
"isValid": true,
"isValidMessage": "string",
"emailMessageId": "string",
"notifiedUsers": ["string"
],
"emailCcAddresses": ["string"
],
"approvers": ["string"
]
}

GrantHuntApproval

Grant hunt approval.

path Parameters

huntId required	string (protobuf2.TYPE_STRING)
approvalId required	string (protobuf2.TYPE_STRING)
username required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"subject": {"urn": "string",
"huntId": "string",
"huntType": "UNSET",
"name": "string",
"state": "PAUSED",
"stateReason": "UNKNOWN",
"stateComment": "string",
"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"allClientsCount": "string",
"remainingClientsCount": "string",
"completedClientsCount": "string",
"failedClientsCount": "string",
"crashedClientsCount": "string",
"crashLimit": "string",
"clientLimit": "string",
"clientRate": 0,
"created": "string",
"initStartTime": "string",
"lastStartTime": "string",
"deprecatedExpires": "string",
"duration": "string",
"creator": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"isRobot": true,
"totalCpuUsage": 0,
"totalNetUsage": "string",
"clientsWithResultsCount": "string",
"resultsCount": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
},
"internalError": "string"
},
"id": "string",
"requestor": "string",
"reason": "string",
"isValid": true,
"isValidMessage": "string",
"emailMessageId": "string",
"notifiedUsers": ["string"
],
"emailCcAddresses": ["string"
],
"approvers": ["string"
],
"copiedFromHunt": {"urn": "string",
"huntId": "string",
"huntType": "UNSET",
"name": "string",
"state": "PAUSED",
"stateReason": "UNKNOWN",
"stateComment": "string",
"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"allClientsCount": "string",
"remainingClientsCount": "string",
"completedClientsCount": "string",
"failedClientsCount": "string",
"crashedClientsCount": "string",
"crashLimit": "string",
"clientLimit": "string",
"clientRate": 0,
"created": "string",
"initStartTime": "string",
"lastStartTime": "string",
"deprecatedExpires": "string",
"duration": "string",
"creator": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"isRobot": true,
"totalCpuUsage": 0,
"totalNetUsage": "string",
"clientsWithResultsCount": "string",
"resultsCount": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
},
"internalError": "string"
},
"copiedFromFlow": {"urn": "string",
"flowId": "string",
"clientId": "string",
"name": "string",
"args": {"typeUrl": "string",
"value": "string"
},
"progress": {"typeUrl": "string",
"value": "string"
},
"resultMetadata": {"numResultsPerTypeTag": [{"type": "string",
"tag": "string",
"count": "string"
}
],
"isMetadataSet": true
},
"runnerArgs": {"clientId": "string",
"cpuLimit": "string",
"networkBytesLimit": "string",
"requestState": {"id": 0,
"tsId": "string",
"nextState": "string",
"status": {"status": "OK",
"errorMessage": "string",
"backtrace": "string",
"cpuTimeUsed": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"childSessionId": "string",
"networkBytesSent": "string",
"runtimeUs": "string"
},
"data": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [null
]
},
"dict": { },
"rdfValue": {"name": "string",
"data": "string"
},
"float": 0,
"set": {"content": [null
]
},
"compression": "UNCOMPRESSED"
}
}
]
},
"responseCount": 0,
"transmissionCount": 0,
"clientId": "string",
"sessionId": "string",
"request": {"sessionId": "string",
"requestId": "string",
"responseId": "string",
"name": "string",
"payloadAny": {"typeUrl": "string",
"value": "string"
},
"args": "string",
"source": "string",
"authState": "UNAUTHENTICATED",
"type": "MESSAGE",
"ttl": 0,
"cpuLimit": 0,
"argsRdfName": "string",
"taskId": "string",
"taskTtl": 0,
"queue": "string",
"leasedUntil": "string",
"leasedBy": "string",
"networkBytesLimit": "string",
"timestamp": "string",
"runtimeLimitUs": "string"
}
},
"flowName": "string",
"writeIntermediateResults": true,
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"originalFlow": {"flowId": "string",
"clientId": "string"
}
},
"state": "RUNNING",
"errorDescription": "string",
"startedAt": "string",
"lastActiveAt": "string",
"creator": "string",
"isRobot": true,
"stateData": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"store": {"typeUrl": "string",
"value": "string"
},
"context": {"backtrace": "string",
"clientResources": {"clientId": "string",
"sessionId": "string",
"cpuUsage": {"deprecatedUserCpuTime": 0,
"deprecatedSystemCpuTime": 0,
"userCpuTime": 0,
"systemCpuTime": 0
},
"networkBytesSent": "string"
},
"createTime": "string",
"creator": "string",
"currentState": "string",
"killTimestamp": "string",
"networkBytesSent": "string",
"nextOutboundId": "string",
"nextProcessedRequest": "string",
"outputPluginsStates": [{"pluginDescriptor": {"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
},
"pluginState": {"dat": [{"k": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [ ]
},
"dict": {"dat": [ ]
},
"rdfValue": {"name": null,
"data": null
},
"float": 0,
"set": {"content": [ ]
},
"compression": "UNCOMPRESSED"
},
"v": {"integer": "string",
"data": "string",
"string": "string",
"protoName": "string",
"none": "string",
"boolean": true,
"list": {"content": [ ]
},
"dict": {"dat": [ ]
},
"rdfValue": {"name": null,
"data": null
},
"float": 0,
"set": {"content": [ ]
},
"compression": "UNCOMPRESSED"
}
}
]
}
}
],
"outstandingRequests": "string",
"sessionId": "string",
"state": "RUNNING",
"status": "string"
},
"nestedFlows": [{ }
],
"originalFlow": {"flowId": "string",
"clientId": "string"
},
"internalError": "string"
},
"expirationTimeUs": "string"
}

ListAndResetUserNotifications

List user notifications and mark them all as 'seen'.

Request Body schema: application/json

offset	string <int64> (protobuf2.TYPE_INT64)
count	string <int64> (protobuf2.TYPE_INT64)
filter	string (protobuf2.TYPE_STRING)

Responses

Request samples

Payload

Content type

application/json

{"offset": "string",
"count": "string",
"filter": "string"
}

Response samples

200

Content type

application/json

{"items": [{"timestamp": "string",
"notificationType": "TYPE_UNSET",
"message": "string",
"reference": {"type": "UNSET",
"client": {"clientId": "string"
},
"hunt": {"huntId": "string"
},
"cron": {"cronJobId": "string"
},
"flow": {"clientId": "string",
"flowId": "string"
},
"vfs": {"vfsPath": "string",
"clientId": "string"
},
"clientApproval": {"clientId": "string",
"approvalId": "string",
"username": "string"
},
"huntApproval": {"huntId": "string",
"approvalId": "string",
"username": "string"
},
"cronJobApproval": {"cronJobId": "string",
"approvalId": "string",
"username": "string"
},
"unknown": {"sourceUrn": "string",
"subjectUrn": "string"
}
},
"isPending": true
}
],
"totalCount": "string"
}

ListApproverSuggestions

List suggestions for approver usernames.

query Parameters

usernameQuery

string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"suggestions": [{"username": "string"
}
]
}

ListCronJobApprovals

List cron job approvals of a current user.

query Parameters

count	string <int64> (protobuf2.TYPE_INT64)
offset	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"subject": {"cronJobId": "string",
"args": {"actionType": "UNSET",
"systemCronAction": {"jobClassName": "string"
},
"huntCronAction": {"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": null,
"os": null,
"label": null,
"regex": null,
"integer": null
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": null,
"value": null
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"flowName": "string",
"flowArgs": "string"
}
},
"createdAt": "string",
"currentRunId": "string",
"enabled": true,
"lastRunStatus": "UNSET",
"lastRunTime": "string",
"state": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"frequency": "string",
"lifetime": "string",
"allowOverruns": true,
"forcedRunRequested": true,
"isFailing": true,
"description": "string"
},
"id": "string",
"requestor": "string",
"reason": "string",
"isValid": true,
"isValidMessage": "string",
"emailMessageId": "string",
"notifiedUsers": ["string"
],
"emailCcAddresses": ["string"
],
"approvers": ["string"
]
}
]
}

ListPendingUserNotifications

List pending user notifications.

query Parameters

timestamp

string <uint64>

RDF type is RDFDatetime and it represents the number of microseconds since epoch to a timestamp.

Responses

Response samples

200

Content type

application/json

{"items": [{"timestamp": "string",
"notificationType": "TYPE_UNSET",
"message": "string",
"reference": {"type": "UNSET",
"client": {"clientId": "string"
},
"hunt": {"huntId": "string"
},
"cron": {"cronJobId": "string"
},
"flow": {"clientId": "string",
"flowId": "string"
},
"vfs": {"vfsPath": "string",
"clientId": "string"
},
"clientApproval": {"clientId": "string",
"approvalId": "string",
"username": "string"
},
"huntApproval": {"huntId": "string",
"approvalId": "string",
"username": "string"
},
"cronJobApproval": {"cronJobId": "string",
"approvalId": "string",
"username": "string"
},
"unknown": {"sourceUrn": "string",
"subjectUrn": "string"
}
},
"isPending": true
}
]
}

Cron

CreateCronJob

Create new cron job.

Request Body schema: application/json

flowName	string (protobuf2.TYPE_STRING)
	object (google.protobuf.Any)
	object (grr.HuntRunnerArgs)
description	string (protobuf2.TYPE_STRING)
periodicity	string <uint64> RDF type is `DurationSeconds` and it represents the number of seconds between two timestamps.
lifetime	string <uint64> RDF type is `DurationSeconds` and it represents the number of seconds between two timestamps.
allowOverruns	boolean (protobuf2.TYPE_BOOL)

Responses

Request samples

Payload

Content type

application/json

{"flowName": "string",
"flowArgs": {"typeUrl": "string",
"value": "string"
},
"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"description": "string",
"periodicity": "string",
"lifetime": "string",
"allowOverruns": true
}

Response samples

200

Content type

application/json

{"cronJobId": "string",
"args": {"actionType": "UNSET",
"systemCronAction": {"jobClassName": "string"
},
"huntCronAction": {"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"flowName": "string",
"flowArgs": "string"
}
},
"createdAt": "string",
"currentRunId": "string",
"enabled": true,
"lastRunStatus": "UNSET",
"lastRunTime": "string",
"state": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"frequency": "string",
"lifetime": "string",
"allowOverruns": true,
"forcedRunRequested": true,
"isFailing": true,
"description": "string"
}

ListCronJobs

List available cron jobs.

query Parameters

count	string <int64> (protobuf2.TYPE_INT64)
offset	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"cronJobId": "string",
"args": {"actionType": "UNSET",
"systemCronAction": {"jobClassName": "string"
},
"huntCronAction": {"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": null,
"osLinux": null,
"osDarwin": null
},
"label": {"labelNames": [ ],
"matchMode": null
},
"regex": {"attributeRegex": null,
"field": null
},
"integer": {"operator": null,
"value": null,
"field": null
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"flowName": "string",
"flowArgs": "string"
}
},
"createdAt": "string",
"currentRunId": "string",
"enabled": true,
"lastRunStatus": "UNSET",
"lastRunTime": "string",
"state": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"frequency": "string",
"lifetime": "string",
"allowOverruns": true,
"forcedRunRequested": true,
"isFailing": true,
"description": "string"
}
],
"totalCount": "string"
}

DeleteCronJob

Delete given cron job and all its flows.

path Parameters

cronJobId

required

string (protobuf2.TYPE_STRING)

Responses

GetCronJob

Get details of a given cron job.

path Parameters

cronJobId

required

string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"cronJobId": "string",
"args": {"actionType": "UNSET",
"systemCronAction": {"jobClassName": "string"
},
"huntCronAction": {"huntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"flowName": "string",
"flowArgs": "string"
}
},
"createdAt": "string",
"currentRunId": "string",
"enabled": true,
"lastRunStatus": "UNSET",
"lastRunTime": "string",
"state": {"items": [{"key": "string",
"value": {"typeUrl": "string",
"value": "string"
},
"invalid": true,
"type": "string"
}
]
},
"frequency": "string",
"lifetime": "string",
"allowOverruns": true,
"forcedRunRequested": true,
"isFailing": true,
"description": "string"
}

ForceRunCronJob

Force an out-of-schedule run of a given cron job.

path Parameters

cronJobId

required

string (protobuf2.TYPE_STRING)

Responses

GetCronJobRun

Get details of a run started by a cron job.

path Parameters

cronJobId required	string (protobuf2.TYPE_STRING)
runId required	string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"runId": "string",
"cronJobId": "string",
"startedAt": "string",
"finishedAt": "string",
"status": "UNSET",
"logMessage": "string",
"backtrace": "string"
}

ListCronJobRuns

List runs initiated by the given cron job.

path Parameters

cronJobId

required

string (protobuf2.TYPE_STRING)

query Parameters

offset	string <int64> (protobuf2.TYPE_INT64)
count	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"runId": "string",
"cronJobId": "string",
"startedAt": "string",
"finishedAt": "string",
"status": "UNSET",
"logMessage": "string",
"backtrace": "string"
}
]
}

Artifacts

DeleteArtifacts

Delete one of previously uploaded artifacts.

Request Body schema: application/json

names

Array of strings (protobuf2.TYPE_STRING)

Responses

Request samples

Payload

Content type

application/json

{"names": ["string"
]
}

ListArtifacts

List available artifacts definitions.

query Parameters

count	string <int64> (protobuf2.TYPE_INT64)
offset	string <int64> (protobuf2.TYPE_INT64)

Responses

Response samples

200

Content type

application/json

{"items": [{"artifact": {"name": "string",
"conditions": ["string"
],
"doc": "string",
"supportedOs": ["string"
],
"urls": ["string"
],
"sources": [{"type": "COLLECTOR_TYPE_UNKNOWN",
"attributes": {"dat": [{"k": {"integer": null,
"data": null,
"string": null,
"protoName": null,
"none": null,
"boolean": null,
"list": null,
"dict": null,
"rdfValue": null,
"float": null,
"set": null,
"compression": null
},
"v": {"integer": null,
"data": null,
"string": null,
"protoName": null,
"none": null,
"boolean": null,
"list": null,
"dict": null,
"rdfValue": null,
"float": null,
"set": null,
"compression": null
}
}
]
},
"conditions": ["string"
],
"supportedOs": ["string"
]
}
],
"errorMessage": "string",
"aliases": ["string"
]
},
"dependencies": ["string"
],
"pathDependencies": ["string"
],
"isCustom": true,
"errorMessage": "string"
}
],
"totalCount": "string"
}

UploadArtifact

Upload new artifact definition.

Request Body schema: application/json

artifact

string (protobuf2.TYPE_STRING)

Responses

Request samples

Payload

Content type

application/json

{"artifact": "string"
}

Settings

GetConfig

Get current AdminUI configuration.

Responses

Response samples

200

Content type

application/json

{"sections": [{"name": "string",
"options": [{"name": "string",
"isRedacted": true,
"value": {"typeUrl": "string",
"value": "string"
},
"type": "string",
"isInvalid": true
}
]
}
]
}

GetConfigOption

Get a single AdminUI configuration option.

path Parameters

name

required

string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"name": "string",
"isRedacted": true,
"value": {"typeUrl": "string",
"value": "string"
},
"type": "string",
"isInvalid": true
}

GetGrrBinary

Get information about GRR binary with the following type and path.

path Parameters

path required	string (protobuf2.TYPE_STRING)
type required	string Enum: "PYTHON_HACK" "EXECUTABLE" "COMPONENT_DEPRECATED" PYTHON_HACK == 1 EXECUTABLE == 2 COMPONENT_DEPRECATED == 3

Responses

Response samples

200

Content type

application/json

{"type": "PYTHON_HACK",
"path": "string",
"size": "string",
"timestamp": "string",
"hasValidSignature": true
}

GetGrrBinaryBlob

Get contents of a GRR binary (uploaded with grr_config_updater).

path Parameters

type required	string Enum: "PYTHON_HACK" "EXECUTABLE" "COMPONENT_DEPRECATED" PYTHON_HACK == 1 EXECUTABLE == 2 COMPONENT_DEPRECATED == 3
path required	string (protobuf2.TYPE_STRING)

Responses

GetUiConfig

Get configuration values for AdminUI (e.g. heading name, help url).

Responses

Response samples

200

Content type

application/json

{"heading": "string",
"reportUrl": "string",
"helpUrl": "string",
"grrVersion": "string",
"profileImageUrl": "string",
"defaultHuntRunnerArgs": {"huntName": "string",
"description": "string",
"clientRuleSet": {"matchMode": "MATCH_ALL",
"rules": [{"ruleType": "OS",
"os": {"osWindows": true,
"osLinux": true,
"osDarwin": true
},
"label": {"labelNames": ["string"
],
"matchMode": "MATCH_ALL"
},
"regex": {"attributeRegex": "string",
"field": "UNSET"
},
"integer": {"operator": "EQUAL",
"value": "string",
"field": "UNSET"
}
}
]
},
"cpuLimit": "string",
"networkBytesLimit": "string",
"clientLimit": "string",
"crashLimit": "string",
"avgResultsPerClientLimit": "string",
"avgCpuSecondsPerClientLimit": "string",
"avgNetworkBytesPerClientLimit": "string",
"expiryTime": "string",
"clientRate": 0,
"addForemanRules": true,
"crashAlertEmail": "string",
"outputPlugins": [{"pluginName": "string",
"deprecatedPluginArgs": "string",
"args": {"typeUrl": "string",
"value": "string"
}
}
],
"perClientCpuLimit": "string",
"perClientNetworkLimitBytes": "string",
"originalObject": {"objectType": "UNKNOWN",
"flowReference": {"flowId": "string",
"clientId": "string"
},
"huntReference": {"huntId": "string"
}
}
},
"huntConfig": {"defaultIncludeLabels": ["string"
],
"defaultExcludeLabels": ["string"
],
"presubmitCheckWithSkipTag": "string",
"presubmitWarningMessage": "string"
},
"clientWarnings": {"rules": [{"withLabels": ["string"
],
"message": "string"
}
]
},
"defaultAccessDurationSeconds": "string",
"maxAccessDurationSeconds": "string"
}

ListGrrBinaries

List available GRR binaries (uploaded with grr_config_updater).

Responses

Response samples

200

Content type

application/json

{"items": [{"type": "PYTHON_HACK",
"path": "string",
"size": "string",
"timestamp": "string",
"hasValidSignature": true
}
]
}

Metadata

GetGrrVersion

Returns version of the GRR server.

Responses

Response samples

200

Content type

application/json

{"major": 0,
"minor": 0,
"revision": 0,
"release": 0
}

GetOpenApiDescription

Returns a description of the API following the OpenAPI specification.

Args:
  args: None, this API method does not require any arguments.
  context: the API call context.

Returns:
  An ApiGetOpenApiDescriptionHandler object whose Handle method is used to
  create and return the OpenAPI description of the GRR API.

Responses

Response samples

200

Content type

application/json

{"openapiDescription": "string"
}

Reflection

GetRDFValueDescriptor

Get RDFValue descriptor for a given RDF type.

path Parameters

type

required

string (protobuf2.TYPE_STRING)

Responses

Response samples

200

Content type

application/json

{"name": "string",
"doc": "string",
"kind": "PRIMITIVE",
"default": {"typeUrl": "string",
"value": "string"
},
"parents": ["string"
],
"fields": [{"name": "string",
"type": "string",
"index": 0,
"repeated": true,
"dynamic": true,
"doc": "string",
"friendlyName": "string",
"contextHelpUrl": "string",
"default": {"typeUrl": "string",
"value": "string"
},
"labels": ["string"
],
"allowedValues": [{"name": "string",
"value": "string",
"doc": "string",
"labels": ["string"
]
}
]
}
],
"unionFieldName": "string"
}

ListApiMethods

List all available API methods.

Responses

Response samples

200

Content type

application/json

{"items": [{"name": "string",
"category": "string",
"doc": "string",
"httpRoute": "string",
"httpMethods": ["string"
],
"argsTypeDescriptor": {"name": "string",
"doc": "string",
"kind": "PRIMITIVE",
"default": {"typeUrl": "string",
"value": "string"
},
"parents": ["string"
],
"fields": [{"name": "string",
"type": "string",
"index": 0,
"repeated": true,
"dynamic": true,
"doc": "string",
"friendlyName": "string",
"contextHelpUrl": "string",
"default": {"typeUrl": "string",
"value": "string"
},
"labels": ["string"
],
"allowedValues": [{"name": "string",
"value": "string",
"doc": "string",
"labels": ["string"
]
}
]
}
],
"unionFieldName": "string"
},
"resultKind": "NONE",
"resultTypeDescriptor": {"name": "string",
"doc": "string",
"kind": "PRIMITIVE",
"default": {"typeUrl": "string",
"value": "string"
},
"parents": ["string"
],
"fields": [{"name": "string",
"type": "string",
"index": 0,
"repeated": true,
"dynamic": true,
"doc": "string",
"friendlyName": "string",
"contextHelpUrl": "string",
"default": {"typeUrl": "string",
"value": "string"
},
"labels": ["string"
],
"allowedValues": [{"name": "string",
"value": "string",
"doc": "string",
"labels": ["string"
]
}
]
}
],
"unionFieldName": "string"
}
}
]
}

ListFlowDescriptors

List descriptors of all the flows.

Responses

Response samples

200

Content type

application/json

{"items": [{"name": "string",
"friendlyName": "string",
"category": "string",
"doc": "string",
"argsType": "string",
"defaultArgs": {"typeUrl": "string",
"value": "string"
},
"behaviours": ["string"
],
"blockHuntCreation": true
}
]
}

ListKbFields

List all available KnowledgeBase fields.

Responses

Response samples

200

Content type

application/json

{"items": ["string"
]
}

ListKnownEncodings

List all known encodings names.

Responses

Response samples

200

Content type

application/json

{"encodings": ["string"
]
}

ListOutputPluginDescriptors

List all known output plugins descriptors.

Responses

Response samples

200

Content type

application/json

{"items": [{"pluginType": "LEGACY",
"name": "string",
"friendlyName": "string",
"description": "string",
"argsType": "string"
}
]
}

ListRDFValuesDescriptors

List all known RDF types descriptors.

Responses

Response samples

200

Content type

application/json

{"items": [{"name": "string",
"doc": "string",
"kind": "PRIMITIVE",
"default": {"typeUrl": "string",
"value": "string"
},
"parents": ["string"
],
"fields": [{"name": "string",
"type": "string",
"index": 0,
"repeated": true,
"dynamic": true,
"doc": "string",
"friendlyName": "string",
"contextHelpUrl": "string",
"default": {"typeUrl": "string",
"value": "string"
},
"labels": ["string"
],
"allowedValues": [{"name": "string",
"value": "string",
"doc": "string",
"labels": ["string"
]
}
]
}
],
"unionFieldName": "string"
}
]
}

Other

GetReport

Get data of a given report.

path Parameters

name

required

string (protobuf2.TYPE_STRING)

query Parameters

duration	string <uint64> RDF type is `DurationSeconds` and it represents the number of seconds between two timestamps.
clientLabel	string (protobuf2.TYPE_STRING)
startTime	string <uint64> RDF type is `RDFDatetime` and it represents the number of microseconds since epoch to a timestamp.

Responses

Response samples

200

Content type

application/json

{"desc": {"type": "CLIENT",
"name": "string",
"title": "string",
"summary": "string",
"requiresTimeRange": true
},
"data": {"representationType": "UNDEFINED",
"auditChart": {"usedFields": ["string"
],
"rows": [{"id": 0,
"user": "string",
"action": "UNKNOWN",
"flowName": "string",
"flowArgs": "string",
"client": "string",
"timestamp": "string",
"description": "string",
"urn": "string"
}
]
}
}
}

IncrementCounterMetric

Increment a given counter with field values.

Request Body schema: application/json

metricName	string (protobuf2.TYPE_STRING)
	Array of objects (grr.FieldValue)

Responses

Request samples

Payload

Content type

application/json

{"metricName": "string",
"fieldValues": [{"fieldType": "UNKNOWN",
"stringValue": "string",
"numberValue": "string"
}
]
}

Response samples

200

Content type

application/json

{ }

ListReports

List available stats reports.

Responses

Response samples

200

Content type

application/json

{"reports": [{"desc": {"type": "CLIENT",
"name": "string",
"title": "string",
"summary": "string",
"requiresTimeRange": true
},
"data": {"representationType": "UNDEFINED",
"auditChart": {"usedFields": ["string"
],
"rows": [{"id": 0,
"user": "string",
"action": "UNKNOWN",
"flowName": "string",
"flowArgs": "string",
"client": "string",
"timestamp": "string",
"description": "string",
"urn": "string"
}
]
}
}
}
]
}

SignedCommands

ListSignedCommands

Get all signed commands.

Responses

Response samples

200

Content type

application/json

{"id": "string",
"operatingSystem": "UNSET",
"command": "string",
"ed25519Signature": "string"
}