# Connector API The Synqly Connector APIs provide a unifying interface and data model for all supported service Providers. See the [Synqly Overview](/guides/getting-started/overview) for more information. ## Servers Synqly ``` https://api.synqly.com ``` ## Security ### BearerAuth Type: http Scheme: bearer ## Download OpenAPI description [Connector API](https://docs.synqly.com/_spec/api-reference/connectors.yaml) ## Application Security (In Development) {% admonition type="warning" name="In Development" %} This feature is actively being developed. Breaking changes should be expected. Please contact us before using this feature. {% /admonition %} ### Query Applications - [GET /v1/app-sec/applications](https://docs.synqly.com/api-reference/connectors/appsec/appsec_query_applications.md): {% admonition type="warning" name="In Development" %} This operation is actively being developed. Breaking changes should be expected. Please contact us before using this operation. {% /admonition %} Returns a list of applications matching the query from a the token-linked application security integration. ### Query Application Findings - [GET /v1/app-sec/applications/{applicationId}/findings](https://docs.synqly.com/api-reference/connectors/appsec/appsec_query_application_findings.md): {% admonition type="warning" name="In Development" %} This operation is actively being developed. Breaking changes should be expected. Please contact us before using this operation. {% /admonition %} Returns a list of an application's findings matching and the query from a the token-linked application security integration. ### Query findings across all applications - [GET /v1/app-sec/findings](https://docs.synqly.com/api-reference/connectors/appsec/appsec_query_findings.md): {% admonition type="warning" name="In Development" %} This operation is actively being developed. Breaking changes should be expected. Please contact us before using this operation. {% /admonition %} Returns a list of each findings details combined with the application details for all applications in the token-linked application security integration. This API may perform multiple provider API calls per executation so can be slower to respond. ### Get Application Finding Details - [GET /v1/app-sec/applications/{applicationId}/findings/{findingId}](https://docs.synqly.com/api-reference/connectors/appsec/appsec_get_application_finding_details.md): {% admonition type="warning" name="In Development" %} This operation is actively being developed. Breaking changes should be expected. Please contact us before using this operation. {% /admonition %} Returns the details of the finding matching where the finding belongs to the application matching from the token-linked application security integration. ## Assets ### Query Devices - [GET /v1/assets/devices](https://docs.synqly.com/api-reference/connectors/assets/assets_query_devices.md): Query devices from an asset inventory system ### Create Devices - [POST /v1/assets/devices](https://docs.synqly.com/api-reference/connectors/assets/assets_create_asset.md): Creates a object in the token-linked Integration. ### Get Labels - [GET /v1/assets/labels](https://docs.synqly.com/api-reference/connectors/assets/assets_get_labels.md): Get labels from an asset inventory system ## Cloud Security (In Development) {% admonition type="warning" name="In Development" %} This feature is actively being developed. Breaking changes should be expected. Please contact us before using this feature. {% /admonition %} ### Query Events - [GET /v1/cloudsecurity/events](https://docs.synqly.com/api-reference/connectors/cloudsecurity/cloudsecurity_query_events.md): {% admonition type="warning" name="In Development" %} This operation is actively being developed. Breaking changes should be expected. Please contact us before using this operation. {% /admonition %} Returns a list of events that match the query from the cloud security provider. ### Query IOMs - [GET /v1/cloudsecurity/ioms](https://docs.synqly.com/api-reference/connectors/cloudsecurity/cloudsecurity_query_ioms.md): {% admonition type="warning" name="In Development" %} This operation is actively being developed. Breaking changes should be expected. Please contact us before using this operation. {% /admonition %} Returns a list of Indicators of Misconfiguration (IOM) findings that match the query from the cloud security provider. ### Query Cloud Resource Inventory - [GET /v1/cloudsecurity/cloudresourcesinventory](https://docs.synqly.com/api-reference/connectors/cloudsecurity/cloudsecurity_query_cloud_resource_inventory.md): {% admonition type="warning" name="In Development" %} This operation is actively being developed. Breaking changes should be expected. Please contact us before using this operation. {% /admonition %} Returns a list of cloud resources that match the query from the cloud security provider. ### Query Compliance Findings - [GET /v1/cloudsecurity/compliancefindings](https://docs.synqly.com/api-reference/connectors/cloudsecurity/cloudsecurity_query_compliance_findings.md): {% admonition type="warning" name="In Development" %} This operation is actively being developed. Breaking changes should be expected. Please contact us before using this operation. {% /admonition %} Returns a list of compliance findings matching the query from the cloud security provider. ## Endpoint Detection & Response (EDR) ### Query Endpoints - [GET /v1/edr/endpoints](https://docs.synqly.com/api-reference/connectors/edr/edr_query_endpoints.md): Returns a list of endpoint assets matching the query from the token-linked EDR source. ### Get Endpoint - [GET /v1/edr/endpoints/{id}](https://docs.synqly.com/api-reference/connectors/edr/edr_get_endpoint.md): Gets a single endpoint assets matching the UID from the token-linked EDR source. ### Query Applications - [GET /v1/edr/applications](https://docs.synqly.com/api-reference/connectors/edr/edr_query_applications.md): Returns a list of applications matching the query from the token-linked EDR source. ### Quarantine Endpoints - [POST /v1/edr/endpoints/actions/quarantine](https://docs.synqly.com/api-reference/connectors/edr/edr_network_quarantine.md): Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections. ### Query Threat Events - [GET /v1/edr/threats](https://docs.synqly.com/api-reference/connectors/edr/edr_query_threatevents.md): Returns a list of threats that match the query from the token-linked EDR source. ### Query Alerts - [GET /v1/edr/alerts](https://docs.synqly.com/api-reference/connectors/edr/edr_query_alerts.md): Returns a list of alerts that match the query from the token-linked EDR source. ### Query IOCs - [GET /v1/edr/iocs](https://docs.synqly.com/api-reference/connectors/edr/edr_query_iocs.md): Returns a list of iocs that match the query from the token-linked EDR source. ### Create IOCs - [POST /v1/edr/iocs](https://docs.synqly.com/api-reference/connectors/edr/edr_create_iocs.md): Creates a list of iocs that match the stix input for the EDR source. ### Delete IOCs - [DELETE /v1/edr/iocs](https://docs.synqly.com/api-reference/connectors/edr/edr_delete_iocs.md): Deletes a list of iocs that match the input of ids in the query param ### Query Posture Score - [GET /v1/edr/posture_score](https://docs.synqly.com/api-reference/connectors/edr/edr_query_posture_score.md): Returns the posture score of the endpoint assets that match the query from the token-linked EDR source. ### Query EDR Events - [GET /v1/edr/edr_events](https://docs.synqly.com/api-reference/connectors/edr/edr_query_edr_events.md): {% admonition type="warning" name="In Development" %} This operation is actively being developed. Breaking changes should be expected. Please contact us before using this operation. {% /admonition %} Returns a list of EDR events that match the query from the token-linked EDR source. ## Hooks ### Proxy Webhook - [POST /v1/hooks](https://docs.synqly.com/api-reference/connectors/hooks/hooks_proxy.md): Proxy webhook messages from webhook providers to webhook recievers. For exact webhook implementations please refer to providers e.g. Ticketing. This is just an API call used in that context, not a standalone implementation. ### Open Proxy Webhook - [POST /v1/hooks/passthrough/{webHookCursor}](https://docs.synqly.com/api-reference/connectors/hooks/hooks_passthrough.md): Proxy webhook messages from webhook providers to webhook recievers. For exact webhook implementations please refer to providers e.g. Ticketing. This is just an API call used in that context, not a standalone implementation. ## Identity ### Query Audit Log - [GET /v1/identity/audit](https://docs.synqly.com/api-reference/connectors/identity/identity_query_audit_log.md): Returns a list of objects from the token-linked audit log. ### Query Users - [GET /v1/identity/users](https://docs.synqly.com/api-reference/connectors/identity/identity_query_users.md): Returns a list of objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider. ### Get User - [GET /v1/identity/users/{userId}](https://docs.synqly.com/api-reference/connectors/identity/identity_get_user.md): Returns a object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending on the providers offerings, this may include additional user information, such as the user's current groups and roles. ### Query Groups - [GET /v1/identity/groups](https://docs.synqly.com/api-reference/connectors/identity/identity_query_groups.md): Returns a list of objects wrapped in the OCSF Entity Management event of type Read from the token-linked identity provider. ### Get Group - [GET /v1/identity/groups/{groupId}](https://docs.synqly.com/api-reference/connectors/identity/identity_get_group.md): Returns a object wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider. Depending on the providers offerings, this may include additional group information, such as the roles assigned. ### Get Group Members - [GET /v1/identity/groups/{groupId}/members](https://docs.synqly.com/api-reference/connectors/identity/identity_get_group_members.md): Returns list of objects wrapped in an OCSF Entity Management event of type Read from the token-linked identity provider that are members in the group referenced by ID. ### Enable User - [POST /v1/identity/users/{userId}/actions/enable](https://docs.synqly.com/api-reference/connectors/identity/identity_enable_user.md): Reenables a disabled user in the identity system based on user ID. ### Disable User - [POST /v1/identity/users/{userId}/actions/disable](https://docs.synqly.com/api-reference/connectors/identity/identity_disable_user.md): Disables a user in the identity system based on user ID. ### Force User Password Reset - [POST /v1/identity/users/{userId}/actions/force_reset_password](https://docs.synqly.com/api-reference/connectors/identity/identity_force_user_password_reset.md): Forces a user to reset their password before they can log in again. ### Expire All User Sessions - [POST /v1/identity/users/{userId}/actions/expire_all_sessions](https://docs.synqly.com/api-reference/connectors/identity/identity_expire_all_user_sessions.md): Logs a user out of all current sessions so they must log in again. ## Integration Webhooks ### Create Integration WebHook Configuration - [POST /v1/integration-webhooks](https://docs.synqly.com/api-reference/connectors/integrationwebhooks/integrationwebhooks_create_webhook.md): Creates a WebHook for the token-linked Integration. ### Delete Integration WebHook Configuration - [DELETE /v1/integration-webhooks](https://docs.synqly.com/api-reference/connectors/integrationwebhooks/integrationwebhooks_delete_webhook.md): Deletes the WebHook matching the token-linked Integration. ### List Integration WebHook Configurations - [GET /v1/integration-webhooks](https://docs.synqly.com/api-reference/connectors/integrationwebhooks/integrationwebhooks_list_webhooks.md): Lists all WebHooks from the token-linked Integration. ## Notifications ### Get Notification - [GET /v1/notifications/get/{notificationId}](https://docs.synqly.com/api-reference/connectors/notifications/notifications_get_message.md): Returns the object matching from the token-linked . ### Create Notification - [POST /v1/notifications/create](https://docs.synqly.com/api-reference/connectors/notifications/notifications_create_message.md): Creates a object in the token-linked . ### Clear Notification - [POST /v1/notifications/clear/{notificationId}](https://docs.synqly.com/api-reference/connectors/notifications/notifications_clear_message.md): Resolves a object in the token-linked . ## Operations (In Development) {% admonition type="warning" name="In Development" %} This feature is actively being developed. Breaking changes should be expected. Please contact us before using this feature. {% /admonition %} ### Get Asynchronous Operation state - [GET /v1/operations/{operationId}](https://docs.synqly.com/api-reference/connectors/operations/operations_get.md): {% admonition type="warning" name="In Development" %} This operation is actively being developed. Breaking changes should be expected. Please contact us before using this operation. {% /admonition %} Returns the object matching . ### Cancel Asynchronous Operation - [POST /v1/operations/{operationId}](https://docs.synqly.com/api-reference/connectors/operations/operations_cancel.md): {% admonition type="warning" name="In Development" %} This operation is actively being developed. Breaking changes should be expected. Please contact us before using this operation. {% /admonition %} Cancels the matching . ### Create Asynchronous Operation - [POST /v1/operations](https://docs.synqly.com/api-reference/connectors/operations/operations_create.md): {% admonition type="warning" name="In Development" %} This operation is actively being developed. Breaking changes should be expected. Please contact us before using this operation. {% /admonition %} Creates an object. ## Security Information & Event Management (SIEM) ### Query Investigations - [GET /v1/siem/investigations](https://docs.synqly.com/api-reference/connectors/siem/siem_query_investigations.md): Queries investigations ### Get Investigation - [GET /v1/siem/investigations/{id}](https://docs.synqly.com/api-reference/connectors/siem/siem_get_investigation.md): Retrieves an investigation by ID. ### Patch Investigation - [PATCH /v1/siem/investigations/{id}](https://docs.synqly.com/api-reference/connectors/siem/siem_patch_investigation.md): Updates an investigation by ID. ### Get Evidence - [GET /v1/siem/investigations/{id}/evidence](https://docs.synqly.com/api-reference/connectors/siem/siem_get_evidence.md): Retrieves the evidence for an investigation. ### Query Log Providers - [GET /v1/siem/log-providers](https://docs.synqly.com/api-reference/connectors/siem/siem_query_log_providers.md): Queries available log providers in the source SIEM ### Post Events - [POST /v1/siem/events](https://docs.synqly.com/api-reference/connectors/siem/siem_post_events.md): Writes a batch of objects to the SIEM configured with the token used for authentication. ### Query Events - [GET /v1/siem/events](https://docs.synqly.com/api-reference/connectors/siem/siem_query_events.md): Queries events from the SIEM configured with the token used for authentication. ### Query Alerts - [GET /v1/siem/alerts](https://docs.synqly.com/api-reference/connectors/siem/siem_query_alerts.md): Queries alerts from the SIEM configured with the token used for authentication. ## Sink ### Post Events - [POST /v1/sink/events](https://docs.synqly.com/api-reference/connectors/sink/sink_post_events.md): Writes a batch of objects to the Sink configured with the token used for authentication. ## Storage ### List Files - [GET /v1/storage/folders/{path}](https://docs.synqly.com/api-reference/connectors/storage/storage_list_files.md): Returns a list of contents from the token-linked . ### Upload File - [POST /v1/storage/files/{path}](https://docs.synqly.com/api-reference/connectors/storage/storage_upload_file.md): Uploads a file from the provided to the token-linked . ### Download File - [GET /v1/storage/files/{path}](https://docs.synqly.com/api-reference/connectors/storage/storage_download_file.md): Downloads a file from the provided in the token-linked . ### Delete File - [DELETE /v1/storage/files/{path}](https://docs.synqly.com/api-reference/connectors/storage/storage_delete_file.md): Deletes a file from the provided in the token-linked . ## Ticketing ### List Remote Fields - [GET /v1/ticketing/remote-fields](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_list_remote_fields.md): List all remote fields for all Projects in a ticketing integration. The response will include a list of fields for each issue type in the ticketing provider. ### List Projects - [GET /v1/ticketing/projects](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_list_projects.md): Returns a list of from the token-linked . Tickets must be created and retrieved within the context of a specific Project. ### Query Tickets - [GET /v1/ticketing/tickets](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_query_tickets.md): Returns a list of objects from the token-linked . ### Create Ticket - [POST /v1/ticketing/tickets](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_create_ticket.md): Creates a object in the token-linked Integration. ### Get Ticket - [GET /v1/ticketing/tickets/{ticketId}](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_get_ticket.md): Returns a object matching from the token-linked . ### Patch Ticket - [PATCH /v1/ticketing/tickets/{ticketId}](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_patch_ticket.md): Updates the object matching in the token-linked . ### Create Attachment - [POST /v1/ticketing/attachments/{ticketId}](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_create_attachment.md): [beta: currently supported by Jira] Creates an for the ticket with id in the token-linked . ### List Attachments Metadata - [GET /v1/ticketing/attachments/{ticketId}](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_list_attachments_metadata.md): [beta: currently supported by Jira] Returns metadata for all Attachments for a object matching from the token-linked . ### Download Attachment - [GET /v1/ticketing/attachments/{ticketId}/{attachmentId}/download](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_download_attachment.md): [beta: currently supported by Jira] Downloads the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration. ### Delete Attachment - [DELETE /v1/ticketing/attachments/{ticketId}/{attachmentId}](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_delete_attachment.md): [beta: currently supported by Jira] Deletes the Attachment object matching {attachmentId} for the Ticket matching {tickedId} from the token-linked Integration. ### List Comments - [GET /v1/ticketing/tickets/{ticketId}/comments](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_list_comments.md): Lists all comments for the ticket matching {ticketId} from the token-linked Integration. ### Create Comment - [POST /v1/ticketing/tickets/{ticketId}/comments](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_create_comment.md): Creates a comment on the ticket matching {ticketId} from the token-linked Integration. ### Delete Comment - [DELETE /v1/ticketing/tickets/{ticketId}/comments/{commentId}](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_delete_comment.md): Deletes the comment matching {commentId} form the ticket matching {ticketId} from the token-linked Integration. ### Create Note - [POST /v1/ticketing/tickets/{ticketId}/notes](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_create_note.md): Creates a note on the ticket matching {ticketId} from the token-linked Integration. ### List Notes - [GET /v1/ticketing/tickets/{ticketId}/notes](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_list_notes.md): Lists all notes for the ticket matching {ticketId} from the token-linked Integration. ### Delete Note - [DELETE /v1/ticketing/tickets/{ticketId}/notes/{noteId}](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_delete_note.md): Deletes the note matching {noteId} form the ticket matching {ticketId} from the token-linked Integration. ### Patch Note - [PATCH /v1/ticketing/tickets/{ticketId}/notes/{noteId}](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_patch_note.md): Update a note matching {noteId} title and/or content on the ticket matching {ticketId} from the token-linked Integration. ### Query Escalation Policies - [GET /v1/ticketing/escalation-policies](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_query_escalation_policies.md): {% admonition type="warning" name="In Development" %} This operation is actively being developed. Breaking changes should be expected. Please contact us before using this operation. {% /admonition %} Returns a list of escalation policies. ### List On Call Agents - [GET /v1/ticketing/escalation-policies/{escalationPolicyId}/on-call](https://docs.synqly.com/api-reference/connectors/ticketing/ticketing_list_on_call.md): {% admonition type="warning" name="In Development" %} This operation is actively being developed. Breaking changes should be expected. Please contact us before using this operation. {% /admonition %} Returns a list of all on-call agents for an escalation policy. ## Vulnerabilities ### Query Findings - [GET /v1/vulnerabilities/findings](https://docs.synqly.com/api-reference/connectors/vulnerabilities/vulnerabilities_query_findings.md): Query vulnerability findings ### Create Findings - [POST /v1/vulnerabilities/findings/bulk](https://docs.synqly.com/api-reference/connectors/vulnerabilities/vulnerabilities_create_findings.md): Create findings (bulk) in a vulnerability scanning system ### Update Finding - [PUT /v1/vulnerabilities/findings/{findingId}](https://docs.synqly.com/api-reference/connectors/vulnerabilities/vulnerabilities_update_finding.md): update a finding in a vulnerability scanning system ### Query Assets - [GET /v1/vulnerabilities/assets](https://docs.synqly.com/api-reference/connectors/vulnerabilities/vulnerabilities_query_assets.md): Query assets in a vulnerability scanning system ### Create Asset - [POST /v1/vulnerabilities/assets](https://docs.synqly.com/api-reference/connectors/vulnerabilities/vulnerabilities_create_asset.md): Create assets in a vulnerability scanning system ### Update Asset - [PUT /v1/vulnerabilities/assets/{assetId}](https://docs.synqly.com/api-reference/connectors/vulnerabilities/vulnerabilities_update_asset.md): update an asset in a vulnerability scanning system ### Query Scans - [GET /v1/vulnerabilities/scans](https://docs.synqly.com/api-reference/connectors/vulnerabilities/vulnerabilities_query_scans.md): Query scans in a vulnerability scanning system ### Upload Scan - [POST /v1/vulnerabilities/scans](https://docs.synqly.com/api-reference/connectors/vulnerabilities/vulnerabilities_upload_scan.md): Upload a scan in a vulnerability scanning system ### Get Scan Activity - [GET /v1/vulnerabilities/scans/{scan_id}/activity](https://docs.synqly.com/api-reference/connectors/vulnerabilities/vulnerabilities_get_scan_activity.md): Get a list of activity generated by a configured scan.