All API URLs should be prefixed with
https://<your-server-ip>:8443/openapi/api/rest/v1/remediation
Preface
The following post detail how to execute remediation actions inside the SkyFormation cloud apps connector accounts using APIs.
Authentication
Only users assigned the remediation-admin role are authorized to use this API.
See guide
Objects used with these APIs
RemediationResponse
{
"is-success": boolean,
"status-message": string optional,
}
Suspend a User
Supported connectors:
- Salesforce
- DropBox
- Requires an additional members access token with "team member management" permission
- ServiceNow
- Azure
- Requires permission "Microsoft Graph" -> "Read and write all users' full profiles"
- Office365
- Requires permission "Microsoft Graph" -> "Read and write all users' full profiles"
POST /{account-id}/suspend-user
Query Parameters:
- userAttributeName - a required string with the user attribute name used to identify the user (should be taken from the suid field in SkyFormation CEF events)
- userAttributeValue - a required string with the user attribute value used to identify the user
(should be taken from the suser field in SkyFormation CEF events)
Response:
200,
RemediationResponse
Unsuspend a User
Supported connectors:
- Salesforce
- DropBox
- Requires an additional members access token with "team member management" permission
- ServiceNow
- Azure
- Requires permission "Microsoft Graph" -> "Read and write all users' full profiles"
- Office365
- Requires permission "Microsoft Graph" -> "Read and write all users' full profiles"
POST /{account-id}/un-suspend-user
Query Parameters:
- userAttributeName - a required string with the user attribute name used to identify the user (should be taken from the suid field in SkyFormation CEF events)
- userAttributeValue - a required string with the user attribute value used to identify the user
(should be taken from the suser field in SkyFormation CEF events)
Response:
200,
RemediationResponse
Comments
0 comments
Please sign in to leave a comment.