Back to top

The ProtectWise API provides a mechanism to get detailed information regarding your account and network threats.

This guide will walk you through how to get started using the API.

Access Tokens

Currently, the ProtectWise API is accessible by using access tokens, which are generated for each user.

Step 1: Generate a token for your user account

Make a POST request to https://api.protectwise.com/api/v1/token

{
    "email": "john.doe@protectwise.com",
    "password": "MyPassword!"
}

You will receive a response with your token

{ "token": "john.doe@protectwise.com@@a45ec285-22d2-48af-b75c-9688f71a9eac" }

example:

curl -H "Content-Type: application/json" -d '{"email":"john.doe@protectwise.com","password":"MyPassword!"}' https://api.protectwise.com/api/v1/token

Once you have generated the token, it will be associated with your account until you use the /token endpoint to generate a new token.

Step 2: Get your sensor IDs

Now that you have your token, you can query data. First, you need to know the IDs of all of your sensors. The sensor ID is required to query the threats that were found from each sensor’s data feed.

curl -H "X-Access-Token: john.doe@protectwise.com@@a45ec285-22d2-48af-b75c-9688f71a9eac" https://api.protectwise.com/api/v1/sensors

Response:

[
    {
        "id": 1803,
        "uuid": "cc0ce6b3-90e7-44f6-952a-0cea70853557",
        "customer_id": 47,
        "agent_set_id": 1331,
        "friendly_name": "My First Sensor",
        "enabled": true,
        "updated_at": "2014-08-01T09:30:08.371Z",
        "last_seen": "2014-09-22T21:47:55.951Z",
        "is_active": true,
        "downloaded": false
    }
]

Threats observed from this sensor can now by queried by using the UUID of the sensor.

Step 3: Query for threat observations

Armed with the sensor ID, you can now query for the threat data associated with network traffic collected by the sensor.

curl -H "X-Access-Token: john.doe@protectwise.com@@a45ec285-22d2-48af-b75c-9688f71a9eac" https://api.protectwise.com/api/v1/observations?sensorId=1803\&start=1407971949000\&end=1407972009000

That API request will provide detailed threat information for a 60 second timespan. If an empty array is returned, that indicates that no threats were detected from that sensor in that timeframe.

Generated by aglio on 19 Oct 2020