EDR Connector: Accessed Provider APIs
The following APIs are accessed by the EDR connector.
Sophos Endpoint
Synqly API | Provider API |
---|---|
GET /v1/edr/alerts | GET /common/v1/alerts |
GET /v1/edr/endpoints | GET /whoami/{item} GET /endpoint/v1/endpoints |
ThreatDown EDR
Synqly API | Provider API |
---|---|
GET /v1/edr/applications | POST /nebula/v1/assets/software |
GET /v1/edr/endpoints | POST /nebula/v1/endpoints |
GET /v1/edr/threats | POST /nebula/v1/detections |
Tanium EDR
Synqly API | Provider API |
---|---|
GET /v1/edr/alerts | GET /plugin/products/threat-response/api/v1/alerts |
GET /v1/edr/applications | POST /plugin/products/gateway/graphql |
GET /v1/edr/endpoints | POST /plugin/products/gateway/graphql |
GET /v1/edr/posture_score | POST /plugin/products/gateway/graphql |
SentinelOne Endpoint
Synqly API | Provider API |
---|---|
DELETE /v1/edr/iocs | DELETE /web/api/v2.1/threat-intelligence/iocs GET /web/api/v2.1/threat-intelligence/iocs |
GET /v1/edr/alerts | GET /web/api/v2.1/cloud-detection/alerts |
GET /v1/edr/applications | GET /web/api/v2.1/application-management/inventory |
GET /v1/edr/edr_events | POST /api/query |
GET /v1/edr/endpoints | GET /web/api/v2.1/agents |
GET /v1/edr/iocs | GET /web/api/v2.1/threat-intelligence/iocs |
GET /v1/edr/threats | GET /web/api/v2.1/threats |
POST /v1/edr/iocs | POST /web/api/v2.1/threat-intelligence/iocs |
CrowdStrike Insight EDR
Synqly API | Provider API |
---|---|
DELETE /v1/edr/iocs | DELETE /iocs/entities/indicators/{item} |
GET /v1/edr/applications | GET /discover/queries/applications/{item} GET /discover/entities/applications/{item} |
GET /v1/edr/edr_events | GET /detects/queries/detects/{item} POST /detects/entities/summaries/GET/{item} |
GET /v1/edr/endpoints | GET /devices/queries/devices/{item} GET /devices/entities/devices/{item} |
GET /v1/edr/iocs | GET /iocs/queries/indicators/{item} GET /iocs/entities/indicators/{item} |
GET /v1/edr/posture_score | GET /devices/queries/devices/{item} GET /devices/entities/devices/{item} GET /zero-trust-assessment/entities/assessments/{item} GET /zero-trust-assessment/queries/assessments/{item} |
GET /v1/edr/threats | GET /detects/queries/detects/{item} POST /detects/entities/summaries/GET/{item} |
POST /v1/edr/iocs | POST /iocs/entities/indicators/{item} |
Microsoft Defender
Synqly API | Provider API |
---|---|
DELETE /v1/edr/iocs | POST /api/indicators/batchdelete |
GET /v1/edr/alerts | GET /api/alerts |
GET /v1/edr/endpoints | GET /api/machines |
GET /v1/edr/iocs | GET /api/indicators |
GET /v1/edr/posture_score | GET /api/machines |
GET /v1/edr/threats | GET /api/incidents |
POST /v1/edr/iocs | POST /api/indicators |