Get cyber resilience reports
The reports that indicate presence of security threats in your environment.
View rollback actions report
This report provides a consolidated and point-in-time view of your protected entities that were deleted within a specified date range.
URL
https://apis.druva.com/platform/reporting/v1/reports/dgRollbackActions
Request type
HTTP POST
Sample cURL request
curl --request POST \
--url https://apis.druva.com/platform/reporting/v1/reports/dgRollbackActions \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "deleteRequestID",
"operator": "EQUAL",
"value": "string"
}
]
},
"pageToken": ""
}
'
To try this API endpoint, see Reports API reference.
Note
On the API reference page, select
dgRollbackActions
as the report ID under path params to test this endpoint.
Sample responses
{
"data": [
{
"dataSize": 20,
"deleteRequestID": "11ef158d-929c-4841-ab83-0ca4179c1420",
"deletedBy": "rollbackTest rollbackTest",
"deletedDateTime": "2023-04-26T10:53:52.000Z",
"deletionReason": "Automation testing - deletion for workload Teams",
"entityName": "entity-1",
"deletedItem": "Snapshot",
"entityType": "SharePoint",
"rollbackDateTime": "2023-04-26T10:57:51.000Z",
"rolledBackBy": "rollbackTest rollbackTest",
"status": "Rolled back",
"permanentDeleteTime": "2023-04-28T10:57:51.000Z",
"lastUpdatedDateTime": "2023-04-26T11:00:56.000Z"
}
],
"lastSyncTimestamp": "2024-03-26T15:32:09.788Z",
"filters": {},
"nextPageToken": "YTBDNDk6Rjk1MmViY1FpTVpBejNFTU9lSWxzUT09OjA="
}
Field | Type | Description |
---|---|---|
data | array of objects | The collection of rollback actions. |
dataSize | integer | The data size. |
deleteRequestID | string (UUID) | The delete request ID. |
deletedBy | string | The admin who deleted the entity. |
deletedDateTime | date-time | The date on which the entity was deleted. The time is in the UTC time zone. Example - 2019-10-25T00:00:00Z |
deletionReason | string | The reason for which the entity was deleted. |
entityName | string | The name of the entity. |
deletedItem | string | Type of deleted entity. |
entityType | string | The type of entity. (Endpoints, Exchange Online,File Servers,Google Drive,Google Mail,Groups,NAS,One Drive,Profiles,Public Folders,SharePoint,Shared Drives,Teams,Users, VMware) |
rollbackDateTime | date-time | The date on which the entity was rolled-back. The time is in the UTC time zone. Example - 2019-10-26T00:00:00Z |
rolledBackBy | string | The admin who rolled-back the entity. |
status | string | The status of the request. Possible values(Available for rollback, Permanently deleted, Rollback in progress, Rolled back) |
permanentDeleteTime | date-time | The date on which the entity will be permanently deleted if not rolled-back. Example - 2019-10-28T00:00:00Z |
lastUpdatedDateTime | date-time | The last updated time stamp. The time is in the UTC time zone. Example - 2019-10-25T00:00:00Z |
lastSyncTimestamp | date-time | Time stamp until which report data is returned in the API. The time is in the UTC time zone. |
filters | object | Filters applied to the report. |
nextPageToken | string | The token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes. |
{
"code": "string",
"data": {
"additionalProp": {}
},
"message": "string",
"retryable": true
}
Field | Type | Description |
---|---|---|
code | string | Error code. |
data | object | Data of the error. |
message | string | Error message. |
retryable | boolean | Can retry the API call (true for yes and false for no.) |
View data protection risk report
This report provides a consolidated view of the connection status of the enterprise workload agents with Druva.
Endpoint URL
https://apis.druva.com/platform/reporting/v1/reports/dgDataProtectionRisk
Request type
HTTP POST
Sample cURL request
curl --request POST \
--url https://apis.druva.com/platform/reporting/v1/reports/dgDataProtectionRisk \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "workloadName",
"operator": "EQUAL",
"value": "string"
}
]
},
"pageToken": ""
}
'
To try this API endpoint, see Reports API reference.
Note
On the API reference page, select
dgDataProtectionRisk
as the report ID under path params to test this endpoint.
Sample responses
{
"data": [
{
"organization": "custom-org",
"workloadName": "Files",
"workloadAgent": "device123",
"connectionStatusToCloud": "Disconnected",
"disconnectedFromCloudSince": "2024-03-26T15:32:09.788Z",
"lastUpdatedTime": "2023-04-28T10:57:51.000Z",
"vCenterESXiHosts": "centerhost123",
"connectionStatusToVCenter": "Disconnected"
}
],
"lastSyncTimestamp": "2024-03-26T15:32:09.788Z",
"filters": {},
"nextPageToken": "YTBDNDk6Rjk1MmViY1FpTVpBejNFTU9lSWxzUT09OjA="
}
Field | Type | Description |
---|---|---|
data | array of objects | The collection of enterprise workload agents' connection statuses with the cloud. |
organization | string | The name of the organization. |
workloadAgent | string | The name of the workload. Possible values (Files, Hyper-V, MS-SQL, NAS, Oracle, Oracle-DTC, VMware) |
connectionStatusToCloud | string | The connection status to the cloud. Example - Possible values (Connected,Disconnected) |
disconnectedFromCloudSince | date-time | The date since which device is disconnected from cloud. The time is in the UTC time zone. Example - 2019-10-25T00:00:00Z |
lastUpdatedTime | date-time | The last updated time stamp. The time is in the UTC time zone. Example - 2019-10-25T00:00:00Z |
vCenterESXiHosts | string | Name of the vCentre or ESXi host where the backup proxy is deployed. |
connectionStatusToVcenter | string | The connection status to the vCenter. Possible values (Connected,Disconnected) |
lastSyncTimestamp | string | Time stamp until which report data is returned in the API. The time is in the UTC time zone. |
filters | object | Filters applied to the report. |
nextPageToken | string | The token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes. |
{
"code": "string",
"data": {
"additionalProp": {}
},
"message": "string",
"retryable": true
}
Field | Type | Description |
---|---|---|
code | string | Error code. |
data | object | Data of the error. |
message | string | Error message. |
retryable | boolean | Can retry the API call (true for yes and false for no.) |
View data access events report
This report provides a consolidated and point-in-time view of data access events, such as restore or download events. For example, you can specify whether you want the list of successful restore events.
URL
https://apis.druva.com/platform/reporting/v1/reports/dgDataAccessEvents
Request type
HTTP POST
Sample cURL request
curl --location 'https://apis.druva.com/platform/reporting/v1/reports/dgDataAccessEvents' \
--header 'Content-Type: application/json' \
--data '
{
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "jobStatus",
"value": "Successful"
"operator": "EQUAL"
}
]
},
"pageToken": ""
}'
To try this API endpoint, see Reports API reference.
Note
On the API reference page, select
dgDataAccessEvents
as the report ID under path params to test this endpoint.
Sample HTTP 200 response
{
"data": [
{
"accessType": "Admin Restore",
"adminName": "C P",
"endTime": "2024-01-29T04:54:56.000Z",
"ipAddress": "114.143.238.10",
"jobId": 74,
"jobStatus": "Successful",
"location": "Mumbai, India",
"resourceName": "backupset_CPJFXH",
"size": 1389581394,
"startTime": "2024-01-29T04:52:22.000Z"
},
],
"filters": {
"pageSize": 100,
"filterBy": null
},
"lastSyncTimestamp": "2024-03-28T12:15:22.000Z",
"nextPageToken": "MmZhOTBlMGUtMjBhMi00YWEwLWIwNzgtOTMxNzJlM2Y4NGU0"
}
Field | Type | Description |
---|---|---|
data | array of objects | The collection of data access events. |
accessType | string | The name of the event. |
adminName | string | The name of the administrator who triggered the event. |
endTime | date-time | The timestamp when the job ended. |
ipAddress | string | The IP address of the admin's computer. |
jobId | integer | The event's job ID. |
jobStatus | string | Whether the job succeeded or failed. |
location | string | The admin's computer's location. |
resourceName | string | The backup object's name that the admin used to trigger the event (ran a restore job in this case.) |
size | integer | The size of the data (restored data in this example.) |
startTime | date-time | The timestamp when the job started. |
lastSyncTimestamp | string | Time stamp until which report data is returned in the API. The time is in the UTC time zone. |
filters | object | Filters applied to the report. |
nextPageToken | string | The token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes. |
{
"code": "string",
"data": {
"additionalProp": {}
},
"message": "string",
"retryable": true
}
Field | Type | Description |
---|---|---|
code | string | Error code. |
data | object | Data of the error. |
message | string | Error message. |
retryable | boolean | Can retry the API call (true for yes and false for no.) |
View admin login events report
This report provides a consolidated view of when your Druva admins logged in to the Druva Console.
URL
https://apis.druva.com/platform/reporting/v1/reports/dgAdminLoginEvents
Request type
HTTP POST
Sample cURL request
curl --location 'https://apis.druva.com/platform/reporting/v1/reports/dgAdminLoginEvents' \
--header 'Content-Type: application/json' \
--data '{
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "loginResult",
"value": "Failed",
"operator": "EQUAL"
}
]
}
}'
To try this API endpoint, see Reports API reference.
Note
On the API reference page, select
dgAdminLoginEvents
as the report ID under path params to test this endpoint.
Sample HTTP 200 response
{
"data": [
{
"adminName": "C P",
"ipAddress": "114.143.238.10",
"location": "Mumbai, India",
"loginResult": "Failed",
"loginTime": "2024-03-27T05:56:16.000Z"
}
],
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "loginResult",
"value": "Failed",
"operator": "EQUAL"
}
]
},
"lastSyncTimestamp": "2024-06-04T07:43:37Z",
"nextPageToken": "NWFlODMwY2YtZDcxMC00NTZiLTlhNzEtMTJmZDU3NWFkYjhm"
}
Field | Type | Description |
---|---|---|
data | array of objects | The collection of admin login events. |
adminName | string | The name of the administrator who triggered the event. |
ipAddress | string | The IP address of the admin's computer. |
location | string | The admin's computer's location. |
loginResult | string | The result of the login attempt. For example, "successful" or "failed". |
loginTime | date-time | The timestamp when the admin tried to login to the Druva Console. |
lastSyncTimestamp | string | Time stamp until which report data is returned in the API. The time is in the UTC time zone. |
filters | object | Filters applied to the report. |
nextPageToken | string | The token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes. |
{
"code": "string",
"data": {
"additionalProp": {}
},
"message": "string",
"retryable": true
}
Field | Type | Description |
---|---|---|
code | string | Error code. |
data | object | Data of the error. |
message | string | Error message. |
retryable | boolean | Can retry the API call (true for yes and false for no.) |
View unusual data activity alerts report
This reports provides a list of unusual data activity alerts.
URL
https://apis.druva.com/platform/reporting/v1/reports/dgUnusualDataActivityAlerts
Request type
HTTP POST
Sample cURL request
curl --location 'https://apis.druva.com/platform/reporting/v1/reports/dgUnusualDataActivityAlerts' \
--header 'Content-Type: application/json' \
--data '{
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "resourceType",
"value": "NAS",
"operator": "EQUAL"
}
]
}
}'
To try this API endpoint, see Reports API reference.
Note
On the API reference page, select
dgUnusualDataActivityAlerts
as the report ID under path params to test this endpoint.
Sample HTTP response
{
"data": [
{
"affectedSnapshotName": "Apr 16 2024, 10:00",
"alertGeneratedOn": "2024-04-15T10:00:28.000Z",
"alertStatus": "Active",
"alertType": "Modification",
"encryptionReason": "High Entropy detected",
"filesCreated": 0,
"filesDeleted": 0,
"filesEncrypted": 0,
"filesModified": 80,
"id": 258,
"impactedFiles": 184,
"resolvedStatus": "-",
"resourceName": "test_report_dummy_NAS_ZIE2DN",
"resourceParentName": "parent_7AZQ69",
"resourceType": "NAS"
}
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "resourceType",
"value": "NAS",
"operator": "EQUAL"
}
]
},
"lastSyncTimestamp": "2024-06-05T06:03:11Z",
"nextPageToken": ""
}
Field | Type | Description |
---|---|---|
data | array of objects | The collection of unusual data activity alerts. |
affectedSnapshotName | string | The name of the snapshot that triggered the alert. |
alertGeneratedOn | date-time | The timestamp when the alert was generated. |
alertStatus | string | The alert's status. For more information, see View UDA alerts. |
alertType | string | The type of alert. For more information, see View UDA alerts . |
encryptionReason | string | The reason for encryption alerts. |
filesCreated | integer | The number of files that were created. |
filesDeleted | integer | The number of files that were delete. |
filesEncrypted | integer | The number of files that were encrypted. |
filesModified | integer | The number of files that were modified. |
id | integer | The alert's ID. |
impactedFiles | integer | The total number of files that were impacted. |
resolvedStatus | string | The status of the alert, whether it's resolved or not. |
resourceName | string | The device or computer on which Druva detected unusual data activity. |
resourceParentName | string | The name of the device's parent. For example, ESXi host's name if the device is VMware virtual machine. |
resourceType | string | The type of resource on which Druva detected an unusual data activity. |
filters | object | The filters applied to the report. |
lastSyncTimestamp | date-time | Time stamp until which report data is returned in the API. The time is in the UTC time zone. |
nextPageToken | string | The token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes. |
{
"code": "string",
"data": {
"additionalProp": {}
},
"message": "string",
"retryable": true
}
Field | Type | Description |
---|---|---|
code | string | Error code. |
data | object | Data of the error. |
message | string | Error message. |
retryable | boolean | Can retry the API call (true for yes and false for no.) |
View quarantined resources report
This reports provides the list of resources that Druva marked as quarantined.
URL
https://apis.druva.com/platform/reporting/v1/reports/dgQuarantineResources
Request type
HTTP POST
Sample cURL request
curl --location --request POST 'https://apis.druva.com/platform/reporting/v1/reports/dgQuarantineResources' \
--header 'Content-Type: application/json' \
--data '{
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "resourceType",
"value": "Endpoint",
"operator": "EQUAL"
}
]
}
}'
To try this API endpoint, see Reports API reference.
Note
On the API reference page, select
dgQuarantineResources
as the report ID under path params to test this endpoint.
Sample HTTP 200 response
{
"data": [
{
"addedTime": "2024-05-29T10:41:15.000Z",
"removedFromQR": "No",
"fromTime": "2024-05-01T00:00:00.000Z",
"lastUpdatedTime": "2024-05-29T11:25:14.000Z",
"resourceName": "INTERN-PIYUSHK",
"resourceType": "Endpoint",
"toTime": "2024-05-02T23:59:59.000Z"
}
],
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "resourceType",
"value": "Endpoint",
"operator": "EQUAL"
}
]
} ,
"lastSyncTimestamp": "2024-06-05T08:54:45Z",
"nextPageToken": ""
}
Field | Type | Description |
---|---|---|
data | array of objects | The collection of quarantined resources. |
addedTime | date-time | The timestamp when the device or entity was added to the quarantined resources list. |
fromTime | date-time | The start of the date range to quarantine this resource. |
lastUpdatedTime | date-time | The timestamp when the quarantined resource was updated. |
resourceName | string | The name of the device or entity that was quarantined. |
resourceType | string | The type of the quarantined resource. For example, an endpoint. |
toTime | date-time | The end of the date range to quarantine this resource. |
filters | object | The filters applied to the report. |
lastSyncTimestamp | date-time | Time stamp until which report data is returned in the API. The time is in the UTC time zone. |
nextPageToken | string | The token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes. |
{
"code": "string",
"data": {
"additionalProp": {}
},
"message": "string",
"retryable": true
}
Field | Type | Description |
---|---|---|
code | string | Error code. |
data | object | Data of the error. |
message | string | Error message. |
retryable | boolean | Can retry the API call (true for yes and false for no.) |
View malicious scan jobs report
This report provides the list of malicious scan jobs.
URL
https://apis.druva.com/platform/reporting/v1/reports/dgMaliciousScanJob
Request type
HTTP POST
Sample cURL request
curl --location 'https://apis.druva.com/platform/reporting/v1/reports/dgMaliciousScanJob' \
--header 'Content-Type: application/json' \
--data '
{ "filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "resourceName",
"value": "INTERN-PIYUSHK",
"operator": "EQUAL"
}
]
}
}'
To try this API endpoint, see Reports API reference.
Note
On the API reference page, select
dgMaliciousScanJob
as the report ID under path params to test this endpoint.
Sample HTTP 200 response
{
"data": [
{
"deletedFiles": 0,
"filesScanned": 2,
"jobEndTime": "2024-05-28T10:19:44.000Z",
"jobId": 1,
"jobStartTime": "2024-05-28T10:19:41.000Z",
"jobStatus": "Successful",
"maliciousFiles": 0,
"resourceName": "INTERN-PIYUSHK",
"resourceType": "Endpoint",
"scanType": "Restore Scan",
"skippedFiles": 0
}
],
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "resourceName",
"value": "INTERN-PIYUSHK",
"operator": "EQUAL"
}
]
},
"lastSyncTimestamp": "2024-06-04T07:29:22Z",
"nextPageToken": ""
}
Field | Type | Description |
---|---|---|
data | array of objects | The collection of malicious scan jobs. |
deletedFiles | integer | The number of files identified as deleted in the job. |
filesScanned | integer | The number of files scanned in the job. |
jobEndTime | date-time | The timestamp when the job ended. |
jobId | integer | The scan job's ID. |
jobStartTime | date-time | The timestamp when the job ended. |
jobStatus | string | The job's status. |
maliciousFiles | integer | The number malicious files detected in the job. |
filesEncrypted | integer | The number of files that were encrypted. |
resourceName | string | The device or computer on which Druva detected unusual data activity. |
resourceType | string | The type of resource on which Druva detected an unusual data activity. |
scanType | string | The scan job's type. |
skippedFiles | integer | The number of files that Druva couldn't scan in the job. |
filters | object | The filters applied to the report. |
lastSyncTimestamp | date-time | Time stamp until which report data is returned in the API. The time is in the UTC time zone. |
nextPageToken | string | The token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes. |
{
"code": "string",
"data": {
"additionalProp": {}
},
"message": "string",
"retryable": true
}
Field | Type | Description |
---|---|---|
code | string | Error code. |
data | object | Data of the error. |
message | string | Error message. |
retryable | boolean | Can retry the API call (true for yes and false for no.) |
View curated snapshots report
This report provides a list of curated snapshots.
URL
https://apis.druva.com/platform/reporting/v1/reports/dgCuratedSnapshots
Request type
HTTP POST
Sample cURL request
curl --location 'https://apis.druva.com/platform/reporting/v1/reports/dgCuratedSnapshots' \
--header 'Content-Type: application/json' \
--data '{ "filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "jobStatus",
"value": "Successful",
"operator": "EQUAL"
}
]
}
}'
To try this API endpoint, see Reports API reference.
Note
On the API reference page, select
dgCuratedSnapshots
as the report ID under path params to test this endpoint.
Sample HTTP 200 response
{
"data": [
{
"createdBy": "p k",
"expiry": "Jun 14 2024, 12:40",
"filesIncluded": 4,
"jobEndTime": "2024-05-30T12:40:09.000Z",
"jobId": 7,
"jobStartTime": "2024-05-30T12:40:02.000Z",
"jobStatus": "Successful",
"resourceName": "INTERN-PIYUSHK",
"resourceType": "3",
"size": 19962,
"snapshot": "May 30, 2024 12:40",
"snapshotRangeEndDate": "2024-05-30T23:59:59.000Z",
"snapshotRangeStartDate": "2024-05-02T00:00:00.000Z",
"snapshotStatus": "Deleted"
}
],
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "jobStatus",
"value": "Successful",
"operator": "EQUAL"
}
]
} ,
"lastSyncTimestamp": "2024-06-05T08:54:45Z",
"nextPageToken": ""
}
Field | Type | Description |
---|---|---|
data | array of objects | The collection of malicious scan jobs. |
createdBy | string | The name of the admin who created this snapshot. |
expiry | string | The timestamp when this snapshot expires. |
jobEndTime | date-time | The timestamp when the job ended. |
jobId | integer | The snapshot creation job's ID. |
jobStartTime | date-time | The timestamp when the job ended. |
jobStatus | string | The job's status. |
resourceName | string | The device or computer for which you create a curated snapshot. |
resourceType | string | The type of resource for which you create curated snapshot. |
size | integer | The curated snapshot's size. |
snapshot | string | The name of the curated snapshot (generally the date and time when it was created). |
snapshotRangeEndDate | date-time | The end of the date range to create this snapshot. |
snapshotRangeStartDate | date-time | The start of the date range to create this snapshot. |
snapshotStatus | string | The snapshot's status within Druva. |
filters | object | The filters applied to the report. |
lastSyncTimestamp | date-time | Time stamp until which report data is returned in the API. The time is in the UTC time zone. |
nextPageToken | string | The token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes. |
{
"code": "string",
"data": {
"additionalProp": {}
},
"message": "string",
"retryable": true
}
Field | Type | Description |
---|---|---|
code | string | Error code. |
data | object | Data of the error. |
message | string | Error message. |
retryable | boolean | Can retry the API call (true for yes and false for no.) |
Updated 3 months ago