EDR Connector: Accessed Provider APIs

The following APIs are accessed by the EDR connector.

Sophos Endpoint

Synqly APIProvider API
GET /v1/edr/alertsGET /common/v1/alerts
GET /v1/edr/endpointsGET /whoami/{item}
GET /endpoint/v1/endpoints

ThreatDown EDR

Synqly APIProvider API
GET /v1/edr/applicationsPOST /nebula/v1/assets/software
GET /v1/edr/endpointsPOST /nebula/v1/endpoints
GET /v1/edr/threatsPOST /nebula/v1/detections

Tanium EDR

Synqly APIProvider API
GET /v1/edr/alertsGET /plugin/products/threat-response/api/v1/alerts
GET /v1/edr/applicationsPOST /plugin/products/gateway/graphql
GET /v1/edr/endpointsPOST /plugin/products/gateway/graphql
GET /v1/edr/posture_scorePOST /plugin/products/gateway/graphql

SentinelOne Endpoint

Synqly APIProvider API
DELETE /v1/edr/iocsDELETE /web/api/v2.1/threat-intelligence/iocs
GET /web/api/v2.1/threat-intelligence/iocs
GET /v1/edr/alertsGET /web/api/v2.1/cloud-detection/alerts
GET /v1/edr/applicationsGET /web/api/v2.1/application-management/inventory
GET /v1/edr/edr_eventsPOST /api/query
GET /v1/edr/endpointsGET /web/api/v2.1/agents
GET /v1/edr/iocsGET /web/api/v2.1/threat-intelligence/iocs
GET /v1/edr/threatsGET /web/api/v2.1/threats
POST /v1/edr/iocsPOST /web/api/v2.1/threat-intelligence/iocs

CrowdStrike Insight EDR

Synqly APIProvider API
DELETE /v1/edr/iocsDELETE /iocs/entities/indicators/{item}
GET /v1/edr/applicationsGET /discover/queries/applications/{item}
GET /discover/entities/applications/{item}
GET /v1/edr/edr_eventsGET /detects/queries/detects/{item}
POST /detects/entities/summaries/GET/{item}
GET /v1/edr/endpointsGET /devices/queries/devices/{item}
GET /devices/entities/devices/{item}
GET /v1/edr/iocsGET /iocs/queries/indicators/{item}
GET /iocs/entities/indicators/{item}
GET /v1/edr/posture_scoreGET /devices/queries/devices/{item}
GET /devices/entities/devices/{item}
GET /zero-trust-assessment/entities/assessments/{item}
GET /zero-trust-assessment/queries/assessments/{item}
GET /v1/edr/threatsGET /detects/queries/detects/{item}
POST /detects/entities/summaries/GET/{item}
POST /v1/edr/iocsPOST /iocs/entities/indicators/{item}

Microsoft Defender

Synqly APIProvider API
DELETE /v1/edr/iocsPOST /api/indicators/batchdelete
GET /v1/edr/alertsGET /api/alerts
GET /v1/edr/endpointsGET /api/machines
GET /v1/edr/iocsGET /api/indicators
GET /v1/edr/posture_scoreGET /api/machines
GET /v1/edr/threatsGET /api/incidents
POST /v1/edr/iocsPOST /api/indicators