Get cyber resilience reports
The reports that indicate presence of security threats in your environment.
View rollback actions report
This report provides a consolidated and point-in-time view of your protected entities that were deleted within a specified date range.
URL
https://apis.druva.com/platform/reporting/v1/reports/dgRollbackActions
Request type
HTTP POST
Sample cURL request
curl --request POST \
--url https://apis.druva.com/platform/reporting/v1/reports/dgRollbackActions \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "deleteRequestID",
"operator": "EQUAL",
"value": "string"
}
]
},
"pageToken": ""
}
'
To try this API endpoint, see Reports API reference.
NoteOn the API reference page, select
dgRollbackActions
as the report ID under path params to test this endpoint.
Sample responses
{
"data": [
{
"dataSize": 20,
"deleteRequestID": "11ef158d-929c-4841-ab83-0ca4179c1420",
"deletedBy": "rollbackTest rollbackTest",
"deletedDateTime": "2023-04-26T10:53:52.000Z",
"deletionReason": "Automation testing - deletion for workload Teams",
"entityName": "entity-1",
"deletedItem": "Snapshot",
"entityType": "SharePoint",
"rollbackDateTime": "2023-04-26T10:57:51.000Z",
"rolledBackBy": "rollbackTest rollbackTest",
"status": "Rolled back",
"permanentDeleteTime": "2023-04-28T10:57:51.000Z",
"lastUpdatedDateTime": "2023-04-26T11:00:56.000Z"
}
],
"lastSyncTimestamp": "2024-03-26T15:32:09.788Z",
"filters": {},
"nextPageToken": "YTBDNDk6Rjk1MmViY1FpTVpBejNFTU9lSWxzUT09OjA="
}
Field | Type | Description |
---|---|---|
data | array of objects | The collection of rollback actions. |
dataSize | integer | The data size. |
deleteRequestID | string (UUID) | The delete request ID. |
deletedBy | string | The admin who deleted the entity. |
deletedDateTime | date-time | The date on which the entity was deleted. The time is in the UTC time zone. Example - 2019-10-25T00:00:00Z |
deletionReason | string | The reason for which the entity was deleted. |
entityName | string | The name of the entity. |
deletedItem | string | Type of deleted entity. |
entityType | string | The type of entity. (Endpoints, Exchange Online,File Servers,Google Drive,Google Mail,Groups,NAS,One Drive,Profiles,Public Folders,SharePoint,Shared Drives,Teams,Users, VMware) |
rollbackDateTime | date-time | The date on which the entity was rolled-back. The time is in the UTC time zone. Example - 2019-10-26T00:00:00Z |
rolledBackBy | string | The admin who rolled-back the entity. |
status | string | The status of the request. Possible values(Available for rollback, Permanently deleted, Rollback in progress, Rolled back) |
permanentDeleteTime | date-time | The date on which the entity will be permanently deleted if not rolled-back. Example - 2019-10-28T00:00:00Z |
lastUpdatedDateTime | date-time | The last updated time stamp. The time is in the UTC time zone. Example - 2019-10-25T00:00:00Z |
lastSyncTimestamp | date-time | Time stamp until which report data is returned in the API. The time is in the UTC time zone. |
filters | object | Filters applied to the report. |
nextPageToken | string | The token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes. |
{
"code": "string",
"data": {
"additionalProp": {}
},
"message": "string",
"retryable": true
}
Field | Type | Description |
---|---|---|
code | string | Error code. |
data | object | Data of the error. |
message | string | Error message. |
retryable | boolean | Can retry the API call (true for yes and false for no.) |
View data protection risk report
This report provides a consolidated view of the connection status of the enterprise workload agents with Druva.
Endpoint URL
https://apis.druva.com/platform/reporting/v1/reports/dgDataProtectionRisk
Request type
HTTP POST
Sample cURL request
curl --request POST \
--url https://apis.druva.com/platform/reporting/v1/reports/dgDataProtectionRisk \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "workloadName",
"operator": "EQUAL",
"value": "string"
}
]
},
"pageToken": ""
}
'
To try this API endpoint, see Reports API reference.
NoteOn the API reference page, select
dgDataProtectionRisk
as the report ID under path params to test this endpoint.
Sample responses
{
"data": [
{
"organization": "custom-org",
"workloadName": "Files",
"workloadAgent": "device123",
"connectionStatusToCloud": "Disconnected",
"disconnectedFromCloudSince": "2024-03-26T15:32:09.788Z",
"lastUpdatedTime": "2023-04-28T10:57:51.000Z",
"vCenterESXiHosts": "centerhost123",
"connectionStatusToVCenter": "Disconnected"
}
],
"lastSyncTimestamp": "2024-03-26T15:32:09.788Z",
"filters": {},
"nextPageToken": "YTBDNDk6Rjk1MmViY1FpTVpBejNFTU9lSWxzUT09OjA="
}
Field | Type | Description |
---|---|---|
data | array of objects | The collection of enterprise workload agents' connection statuses with the cloud. |
organization | string | The name of the organization. |
workloadAgent | string | The name of the workload. Possible values (Files, Hyper-V, MS-SQL, NAS, Oracle, Oracle-DTC, VMware) |
connectionStatusToCloud | string | The connection status to the cloud. Example - Possible values (Connected,Disconnected) |
disconnectedFromCloudSince | date-time | The date since which device is disconnected from cloud. The time is in the UTC time zone. Example - 2019-10-25T00:00:00Z |
lastUpdatedTime | date-time | The last updated time stamp. The time is in the UTC time zone. Example - 2019-10-25T00:00:00Z |
vCenterESXiHosts | string | Name of the vCentre or ESXi host where the backup proxy is deployed. |
connectionStatusToVcenter | string | The connection status to the vCenter. Possible values (Connected,Disconnected) |
lastSyncTimestamp | string | Time stamp until which report data is returned in the API. The time is in the UTC time zone. |
filters | object | Filters applied to the report. |
nextPageToken | string | The token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes. |
{
"code": "string",
"data": {
"additionalProp": {}
},
"message": "string",
"retryable": true
}
Field | Type | Description |
---|---|---|
code | string | Error code. |
data | object | Data of the error. |
message | string | Error message. |
retryable | boolean | Can retry the API call (true for yes and false for no.) |
View data access events report
This report provides a consolidated and point-in-time view of data access events, such as restore or download events. For example, you can specify whether you want the list of successful restore events.
URL
https://apis.druva.com/platform/reporting/v1/reports/dgDataAccessEvents
Request type
HTTP POST
Sample cURL request
curl --location 'https://apis.druva.com/platform/reporting/v1/reports/dgDataAccessEvents' \
--header 'Content-Type: application/json' \
--data '
{
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "jobStatus",
"value": "Successful"
"operator": "EQUAL"
}
]
},
"pageToken": ""
}'
To try this API endpoint, see Reports API reference.
NoteOn the API reference page, select
dgDataAccessEvents
as the report ID under path params to test this endpoint.
Sample HTTP 200 response
{
"data": [
{
"accessType": "Admin Restore",
"adminName": "C P",
"endTime": "2024-01-29T04:54:56.000Z",
"ipAddress": "114.143.238.10",
"jobId": 74,
"jobStatus": "Successful",
"location": "Mumbai, India",
"resourceName": "backupset_CPJFXH",
"size": 1389581394,
"startTime": "2024-01-29T04:52:22.000Z"
},
],
"filters": {
"pageSize": 100,
"filterBy": null
},
"lastSyncTimestamp": "2024-03-28T12:15:22.000Z",
"nextPageToken": "MmZhOTBlMGUtMjBhMi00YWEwLWIwNzgtOTMxNzJlM2Y4NGU0"
}
Field | Type | Description |
---|---|---|
data | array of objects | The collection of data access events. |
accessType | string | The name of the event. |
adminName | string | The name of the administrator who triggered the event. |
endTime | date-time | The timestamp when the job ended. |
ipAddress | string | The IP address of the admin's computer. |
jobId | integer | The event's job ID. |
jobStatus | string | Whether the job succeeded or failed. |
location | string | The admin's computer's location. |
resourceName | string | The backup object's name that the admin used to trigger the event (ran a restore job in this case.) |
size | integer | The size of the data (restored data in this example.) |
startTime | date-time | The timestamp when the job started. |
lastSyncTimestamp | string | Time stamp until which report data is returned in the API. The time is in the UTC time zone. |
filters | object | Filters applied to the report. |
nextPageToken | string | The token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes. |
{
"code": "string",
"data": {
"additionalProp": {}
},
"message": "string",
"retryable": true
}
Field | Type | Description |
---|---|---|
code | string | Error code. |
data | object | Data of the error. |
message | string | Error message. |
retryable | boolean | Can retry the API call (true for yes and false for no.) |
View admin login events report
This report provides a consolidated view of when your Druva admins logged in to the Druva Console.
URL
https://apis.druva.com/platform/reporting/v1/reports/dgAdminLoginEvents
Request type
HTTP POST
Sample cURL request
curl --location 'https://apis.druva.com/platform/reporting/v1/reports/dgAdminLoginEvents' \
--header 'Content-Type: application/json' \
--data '{
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "loginResult",
"value": "Failed",
"operator": "EQUAL"
}
]
}
}'
To try this API endpoint, see Reports API reference.
NoteOn the API reference page, select
dgAdminLoginEvents
as the report ID under path params to test this endpoint.
Sample HTTP 200 response
{
"data": [
{
"adminName": "C P",
"ipAddress": "114.143.238.10",
"location": "Mumbai, India",
"loginResult": "Failed",
"loginTime": "2024-03-27T05:56:16.000Z"
}
],
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "loginResult",
"value": "Failed",
"operator": "EQUAL"
}
]
},
"lastSyncTimestamp": "2024-06-04T07:43:37Z",
"nextPageToken": "NWFlODMwY2YtZDcxMC00NTZiLTlhNzEtMTJmZDU3NWFkYjhm"
}
Field | Type | Description |
---|---|---|
data | array of objects | The collection of admin login events. |
adminName | string | The name of the administrator who triggered the event. |
ipAddress | string | The IP address of the admin's computer. |
location | string | The admin's computer's location. |
loginResult | string | The result of the login attempt. For example, "successful" or "failed". |
loginTime | date-time | The timestamp when the admin tried to login to the Druva Console. |
lastSyncTimestamp | string | Time stamp until which report data is returned in the API. The time is in the UTC time zone. |
filters | object | Filters applied to the report. |
nextPageToken | string | The token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes. |
{
"code": "string",
"data": {
"additionalProp": {}
},
"message": "string",
"retryable": true
}
Field | Type | Description |
---|---|---|
code | string | Error code. |
data | object | Data of the error. |
message | string | Error message. |
retryable | boolean | Can retry the API call (true for yes and false for no.) |
View unusual data activity alerts report
This reports provides a list of unusual data activity alerts.
URL
https://apis.druva.com/platform/reporting/v1/reports/dgUnusualDataActivityAlerts
Request type
HTTP POST
Sample cURL request
curl --location 'https://apis.druva.com/platform/reporting/v1/reports/dgUnusualDataActivityAlerts' \
--header 'Content-Type: application/json' \
--data '{
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "resourceType",
"value": "NAS",
"operator": "EQUAL"
}
]
}
}'
To try this API endpoint, see Reports API reference.
NoteOn the API reference page, select
dgUnusualDataActivityAlerts
as the report ID under path params to test this endpoint.
Sample HTTP response
{
"data": [
{
"affectedSnapshotName": "Apr 16 2024, 10:00",
"alertGeneratedOn": "2024-04-15T10:00:28.000Z",
"alertStatus": "Active",
"alertType": "Modification",
"encryptionReason": "High Entropy detected",
"filesCreated": 0,
"filesDeleted": 0,
"filesEncrypted": 0,
"filesModified": 80,
"id": 258,
"impactedFiles": 184,
"resolvedStatus": "-",
"resourceName": "test_report_dummy_NAS_ZIE2DN",
"resourceParentName": "parent_7AZQ69",
"resourceType": "NAS"
}
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "resourceType",
"value": "NAS",
"operator": "EQUAL"
}
]
},
"lastSyncTimestamp": "2024-06-05T06:03:11Z",
"nextPageToken": ""
}
Field | Type | Description |
---|---|---|
data | array of objects | The collection of unusual data activity alerts. |
affectedSnapshotName | string | The name of the snapshot that triggered the alert. |
alertGeneratedOn | date-time | The timestamp when the alert was generated. |
alertStatus | string | The alert's status. For more information, see View UDA alerts. |
alertType | string | The type of alert. For more information, see View UDA alerts . |
encryptionReason | string | The reason for encryption alerts. |
filesCreated | integer | The number of files that were created. |
filesDeleted | integer | The number of files that were delete. |
filesEncrypted | integer | The number of files that were encrypted. |
filesModified | integer | The number of files that were modified. |
id | integer | The alert's ID. |
impactedFiles | integer | The total number of files that were impacted. |
resolvedStatus | string | The status of the alert, whether it's resolved or not. |
resourceName | string | The device or computer on which Druva detected unusual data activity. |
resourceParentName | string | The name of the device's parent. For example, ESXi host's name if the device is VMware virtual machine. |
resourceType | string | The type of resource on which Druva detected an unusual data activity. |
filters | object | The filters applied to the report. |
lastSyncTimestamp | date-time | Time stamp until which report data is returned in the API. The time is in the UTC time zone. |
nextPageToken | string | The token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes. |
{
"code": "string",
"data": {
"additionalProp": {}
},
"message": "string",
"retryable": true
}
Field | Type | Description |
---|---|---|
code | string | Error code. |
data | object | Data of the error. |
message | string | Error message. |
retryable | boolean | Can retry the API call (true for yes and false for no.) |
View quarantined resources report
This reports provides the list of resources that Druva marked as quarantined.
URL
https://apis.druva.com/platform/reporting/v1/reports/dgQuarantineResources
Request type
HTTP POST
Sample cURL request
curl --location --request POST 'https://apis.druva.com/platform/reporting/v1/reports/dgQuarantineResources' \
--header 'Content-Type: application/json' \
--data '{
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "resourceType",
"value": "Endpoint",
"operator": "EQUAL"
}
]
}
}'
To try this API endpoint, see Reports API reference.
NoteOn the API reference page, select
dgQuarantineResources
as the report ID under path params to test this endpoint.
Sample HTTP 200 response
{
"data": [
{
"addedTime": "2024-05-29T10:41:15.000Z",
"removedFromQR": "No",
"fromTime": "2024-05-01T00:00:00.000Z",
"lastUpdatedTime": "2024-05-29T11:25:14.000Z",
"resourceName": "INTERN-PIYUSHK",
"resourceType": "Endpoint",
"toTime": "2024-05-02T23:59:59.000Z"
}
],
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "resourceType",
"value": "Endpoint",
"operator": "EQUAL"
}
]
} ,
"lastSyncTimestamp": "2024-06-05T08:54:45Z",
"nextPageToken": ""
}
Field | Type | Description |
---|---|---|
data | array of objects | The collection of quarantined resources. |
addedTime | date-time | The timestamp when the device or entity was added to the quarantined resources list. |
fromTime | date-time | The start of the date range to quarantine this resource. |
lastUpdatedTime | date-time | The timestamp when the quarantined resource was updated. |
resourceName | string | The name of the device or entity that was quarantined. |
resourceType | string | The type of the quarantined resource. For example, an endpoint. |
toTime | date-time | The end of the date range to quarantine this resource. |
filters | object | The filters applied to the report. |
lastSyncTimestamp | date-time | Time stamp until which report data is returned in the API. The time is in the UTC time zone. |
nextPageToken | string | The token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes. |
{
"code": "string",
"data": {
"additionalProp": {}
},
"message": "string",
"retryable": true
}
Field | Type | Description |
---|---|---|
code | string | Error code. |
data | object | Data of the error. |
message | string | Error message. |
retryable | boolean | Can retry the API call (true for yes and false for no.) |
View malicious scan jobs report
This report provides the list of malicious scan jobs.
URL
https://apis.druva.com/platform/reporting/v1/reports/dgMaliciousScanJob
Request type
HTTP POST
Sample cURL request
curl --location 'https://apis.druva.com/platform/reporting/v1/reports/dgMaliciousScanJob' \
--header 'Content-Type: application/json' \
--data '
{ "filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "resourceName",
"value": "INTERN-PIYUSHK",
"operator": "EQUAL"
}
]
}
}'
To try this API endpoint, see Reports API reference.
NoteOn the API reference page, select
dgMaliciousScanJob
as the report ID under path params to test this endpoint.
Sample HTTP 200 response
{
"data": [
{
"deletedFiles": 0,
"filesScanned": 2,
"jobEndTime": "2024-05-28T10:19:44.000Z",
"jobId": 1,
"jobStartTime": "2024-05-28T10:19:41.000Z",
"jobStatus": "Successful",
"maliciousFiles": 0,
"resourceName": "INTERN-PIYUSHK",
"resourceType": "Endpoint",
"scanType": "Restore Scan",
"skippedFiles": 0
}
],
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "resourceName",
"value": "INTERN-PIYUSHK",
"operator": "EQUAL"
}
]
},
"lastSyncTimestamp": "2024-06-04T07:29:22Z",
"nextPageToken": ""
}
Field | Type | Description |
---|---|---|
data | array of objects | The collection of malicious scan jobs. |
deletedFiles | integer | The number of files identified as deleted in the job. |
filesScanned | integer | The number of files scanned in the job. |
jobEndTime | date-time | The timestamp when the job ended. |
jobId | integer | The scan job's ID. |
jobStartTime | date-time | The timestamp when the job ended. |
jobStatus | string | The job's status. |
maliciousFiles | integer | The number malicious files detected in the job. |
filesEncrypted | integer | The number of files that were encrypted. |
resourceName | string | The device or computer on which Druva detected unusual data activity. |
resourceType | string | The type of resource on which Druva detected an unusual data activity. |
scanType | string | The scan job's type. |
skippedFiles | integer | The number of files that Druva couldn't scan in the job. |
filters | object | The filters applied to the report. |
lastSyncTimestamp | date-time | Time stamp until which report data is returned in the API. The time is in the UTC time zone. |
nextPageToken | string | The token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes. |
{
"code": "string",
"data": {
"additionalProp": {}
},
"message": "string",
"retryable": true
}
Field | Type | Description |
---|---|---|
code | string | Error code. |
data | object | Data of the error. |
message | string | Error message. |
retryable | boolean | Can retry the API call (true for yes and false for no.) |
View curated snapshots report
This report provides a list of curated snapshots.
URL
https://apis.druva.com/platform/reporting/v1/reports/dgCuratedSnapshots
Request type
HTTP POST
Sample cURL request
curl --location 'https://apis.druva.com/platform/reporting/v1/reports/dgCuratedSnapshots' \
--header 'Content-Type: application/json' \
--data '{ "filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "jobStatus",
"value": "Successful",
"operator": "EQUAL"
}
]
}
}'
To try this API endpoint, see Reports API reference.
NoteOn the API reference page, select
dgCuratedSnapshots
as the report ID under path params to test this endpoint.
Sample HTTP 200 response
{
"data": [
{
"createdBy": "p k",
"expiry": "Jun 14 2024, 12:40",
"filesIncluded": 4,
"jobEndTime": "2024-05-30T12:40:09.000Z",
"jobId": 7,
"jobStartTime": "2024-05-30T12:40:02.000Z",
"jobStatus": "Successful",
"resourceName": "INTERN-PIYUSHK",
"resourceType": "3",
"size": 19962,
"snapshot": "May 30, 2024 12:40",
"snapshotRangeEndDate": "2024-05-30T23:59:59.000Z",
"snapshotRangeStartDate": "2024-05-02T00:00:00.000Z",
"snapshotStatus": "Deleted"
}
],
"filters": {
"pageSize": 100,
"filterBy": [
{
"fieldName": "jobStatus",
"value": "Successful",
"operator": "EQUAL"
}
]
} ,
"lastSyncTimestamp": "2024-06-05T08:54:45Z",
"nextPageToken": ""
}
Field | Type | Description |
---|---|---|
data | array of objects | The collection of malicious scan jobs. |
createdBy | string | The name of the admin who created this snapshot. |
expiry | string | The timestamp when this snapshot expires. |
jobEndTime | date-time | The timestamp when the job ended. |
jobId | integer | The snapshot creation job's ID. |
jobStartTime | date-time | The timestamp when the job ended. |
jobStatus | string | The job's status. |
resourceName | string | The device or computer for which you create a curated snapshot. |
resourceType | string | The type of resource for which you create curated snapshot. |
size | integer | The curated snapshot's size. |
snapshot | string | The name of the curated snapshot (generally the date and time when it was created). |
snapshotRangeEndDate | date-time | The end of the date range to create this snapshot. |
snapshotRangeStartDate | date-time | The start of the date range to create this snapshot. |
snapshotStatus | string | The snapshot's status within Druva. |
filters | object | The filters applied to the report. |
lastSyncTimestamp | date-time | Time stamp until which report data is returned in the API. The time is in the UTC time zone. |
nextPageToken | string | The token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes. |
{
"code": "string",
"data": {
"additionalProp": {}
},
"message": "string",
"retryable": true
}
Field | Type | Description |
---|---|---|
code | string | Error code. |
data | object | Data of the error. |
message | string | Error message. |
retryable | boolean | Can retry the API call (true for yes and false for no.) |
Updated about 1 month ago