Get cyber resilience reports

The reports that indicate presence of security threats in your environment.

View rollback actions report

This report provides a consolidated and point-in-time view of your protected entities that were deleted within a specified date range.

URL

https://apis.druva.com/platform/reporting/v1/reports/dgRollbackActions

Request type

HTTP POST

Sample cURL request

curl --request POST \
     --url https://apis.druva.com/platform/reporting/v1/reports/dgRollbackActions \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "filters": {
    "pageSize": 100,
    "filterBy": [
      {
        "fieldName": "deleteRequestID",
        "operator": "EQUAL",
        "value": "string"
      }
    ]
  },
  "pageToken": ""
}
'

To try this API endpoint, see Reports API reference.

📘

Note

On the API reference page, select dgRollbackActions as the report ID under path params to test this endpoint.

Sample responses

{
  "data": [
    {
      "dataSize": 20,
      "deleteRequestID": "11ef158d-929c-4841-ab83-0ca4179c1420",
      "deletedBy": "rollbackTest rollbackTest",
      "deletedDateTime": "2023-04-26T10:53:52.000Z",
      "deletionReason": "Automation testing - deletion for workload Teams",
      "entityName": "entity-1",
      "deletedItem": "Snapshot",
      "entityType": "SharePoint",
      "rollbackDateTime": "2023-04-26T10:57:51.000Z",
      "rolledBackBy": "rollbackTest rollbackTest",
      "status": "Rolled back",
      "permanentDeleteTime": "2023-04-28T10:57:51.000Z",
      "lastUpdatedDateTime": "2023-04-26T11:00:56.000Z"
    }
  ],
  "lastSyncTimestamp": "2024-03-26T15:32:09.788Z",
  "filters": {},
  "nextPageToken": "YTBDNDk6Rjk1MmViY1FpTVpBejNFTU9lSWxzUT09OjA="
}
FieldTypeDescription
dataarray of objectsThe collection of rollback actions.
dataSizeintegerThe data size.
deleteRequestIDstring (UUID)The delete request ID.
deletedBystringThe admin who deleted the entity.
deletedDateTimedate-timeThe date on which the entity was deleted. The time is in the UTC time zone. Example - 2019-10-25T00:00:00Z
deletionReasonstringThe reason for which the entity was deleted.
entityNamestringThe name of the entity.
deletedItemstringType of deleted entity.
entityTypestringThe type of entity. (Endpoints, Exchange Online,File Servers,Google Drive,Google Mail,Groups,NAS,One Drive,Profiles,Public Folders,SharePoint,Shared Drives,Teams,Users, VMware)
rollbackDateTimedate-timeThe date on which the entity was rolled-back. The time is in the UTC time zone. Example - 2019-10-26T00:00:00Z
rolledBackBystringThe admin who rolled-back the entity.
statusstringThe status of the request. Possible values(Available for rollback, Permanently deleted, Rollback in progress, Rolled back)
permanentDeleteTimedate-timeThe date on which the entity will be permanently deleted if not rolled-back. Example - 2019-10-28T00:00:00Z
lastUpdatedDateTimedate-timeThe last updated time stamp. The time is in the UTC time zone. Example - 2019-10-25T00:00:00Z
lastSyncTimestampdate-timeTime stamp until which report data is returned in the API. The time is in the UTC time zone.
filtersobjectFilters applied to the report.
nextPageTokenstringThe token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes.

{
  "code": "string",
  "data": {
    "additionalProp": {}
  },
  "message": "string",
  "retryable": true
}
FieldTypeDescription
codestringError code.
dataobjectData of the error.
messagestringError message.
retryablebooleanCan retry the API call (true for yes and false for no.)

View data protection risk report

This report provides a consolidated view of the connection status of the enterprise workload agents with Druva.

Endpoint URL

https://apis.druva.com/platform/reporting/v1/reports/dgDataProtectionRisk

Request type

HTTP POST

Sample cURL request

curl --request POST \
     --url https://apis.druva.com/platform/reporting/v1/reports/dgDataProtectionRisk \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "filters": {
    "pageSize": 100,
    "filterBy": [
      {
        "fieldName": "workloadName",
        "operator": "EQUAL",
        "value": "string"
      }
    ]
  },
  "pageToken": ""
}
'

To try this API endpoint, see Reports API reference.

📘

Note

On the API reference page, select dgDataProtectionRisk as the report ID under path params to test this endpoint.

Sample responses

{
  "data": [
    {
      "organization": "custom-org",
      "workloadName": "Files",
      "workloadAgent": "device123",
      "connectionStatusToCloud": "Disconnected",
      "disconnectedFromCloudSince": "2024-03-26T15:32:09.788Z",
      "lastUpdatedTime": "2023-04-28T10:57:51.000Z",
      "vCenterESXiHosts": "centerhost123",
      "connectionStatusToVCenter": "Disconnected"
    }
  ],
  "lastSyncTimestamp": "2024-03-26T15:32:09.788Z",
  "filters": {},
  "nextPageToken": "YTBDNDk6Rjk1MmViY1FpTVpBejNFTU9lSWxzUT09OjA="
}
FieldTypeDescription
dataarray of objectsThe collection of enterprise workload agents' connection statuses with the cloud.
organizationstringThe name of the organization.
workloadAgentstringThe name of the workload. Possible values (Files, Hyper-V, MS-SQL, NAS, Oracle, Oracle-DTC, VMware)
connectionStatusToCloudstringThe connection status to the cloud. Example - Possible values (Connected,Disconnected)
disconnectedFromCloudSincedate-timeThe date since which device is disconnected from cloud. The time is in the UTC time zone. Example - 2019-10-25T00:00:00Z
lastUpdatedTimedate-timeThe last updated time stamp. The time is in the UTC time zone. Example - 2019-10-25T00:00:00Z
vCenterESXiHostsstringName of the vCentre or ESXi host where the backup proxy is deployed.
connectionStatusToVcenterstringThe connection status to the vCenter. Possible values (Connected,Disconnected)
lastSyncTimestampstringTime stamp until which report data is returned in the API. The time is in the UTC time zone.
filtersobjectFilters applied to the report.
nextPageTokenstringThe token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes.

{
  "code": "string",
  "data": {
    "additionalProp": {}
  },
  "message": "string",
  "retryable": true
}
FieldTypeDescription
codestringError code.
dataobjectData of the error.
messagestringError message.
retryablebooleanCan retry the API call (true for yes and false for no.)

View data access events report

This report provides a consolidated and point-in-time view of data access events, such as restore or download events. For example, you can specify whether you want the list of successful restore events.

URL

https://apis.druva.com/platform/reporting/v1/reports/dgDataAccessEvents

Request type

HTTP POST

Sample cURL request

curl --location 'https://apis.druva.com/platform/reporting/v1/reports/dgDataAccessEvents' \
--header 'Content-Type: application/json' \
--data '
{
  "filters": {
    "pageSize": 100,
    "filterBy": [
      {
        "fieldName": "jobStatus",
        "value": "Successful"
        "operator": "EQUAL"
      }
    ]
  },
  "pageToken": ""    
}'

To try this API endpoint, see Reports API reference.

📘

Note

On the API reference page, select dgDataAccessEvents as the report ID under path params to test this endpoint.

Sample HTTP 200 response

{
    "data": [
        {
            "accessType": "Admin Restore",
            "adminName": "C P",
            "endTime": "2024-01-29T04:54:56.000Z",
            "ipAddress": "114.143.238.10",
            "jobId": 74,
            "jobStatus": "Successful",
            "location": "Mumbai, India",
            "resourceName": "backupset_CPJFXH",
            "size": 1389581394,
            "startTime": "2024-01-29T04:52:22.000Z"
        },
    ],
    "filters": {
        "pageSize": 100,
        "filterBy": null
    },
    "lastSyncTimestamp": "2024-03-28T12:15:22.000Z",
    "nextPageToken": "MmZhOTBlMGUtMjBhMi00YWEwLWIwNzgtOTMxNzJlM2Y4NGU0"
}
FieldTypeDescription
dataarray of objectsThe collection of data access events.
accessTypestringThe name of the event.
adminNamestringThe name of the administrator who triggered the event.
endTimedate-timeThe timestamp when the job ended.
ipAddressstringThe IP address of the admin's computer.
jobIdintegerThe event's job ID.
jobStatusstringWhether the job succeeded or failed.
locationstringThe admin's computer's location.
resourceNamestringThe backup object's name that the admin used to trigger the event (ran a restore job in this case.)
sizeintegerThe size of the data (restored data in this example.)
startTimedate-timeThe timestamp when the job started.
lastSyncTimestampstringTime stamp until which report data is returned in the API. The time is in the UTC time zone.
filtersobjectFilters applied to the report.
nextPageTokenstringThe token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes.
{
  "code": "string",
  "data": {
    "additionalProp": {}
  },
  "message": "string",
  "retryable": true
}
FieldTypeDescription
codestringError code.
dataobjectData of the error.
messagestringError message.
retryablebooleanCan retry the API call (true for yes and false for no.)

View admin login events report

This report provides a consolidated view of when your Druva admins logged in to the Druva Console.

URL

https://apis.druva.com/platform/reporting/v1/reports/dgAdminLoginEvents

Request type

HTTP POST

Sample cURL request

curl --location 'https://apis.druva.com/platform/reporting/v1/reports/dgAdminLoginEvents' \
--header 'Content-Type: application/json' \
--data '{
  "filters": {
        "pageSize": 100,
        "filterBy": [
            {
                "fieldName": "loginResult",
                "value": "Failed",
                "operator": "EQUAL"
            }
        ]
    }   
}'

To try this API endpoint, see Reports API reference.

📘

Note

On the API reference page, select dgAdminLoginEvents as the report ID under path params to test this endpoint.

Sample HTTP 200 response

{
    "data": [
        {
            "adminName": "C P",
            "ipAddress": "114.143.238.10",
            "location": "Mumbai, India",
            "loginResult": "Failed",
            "loginTime": "2024-03-27T05:56:16.000Z"
        }
    ],
    "filters": {
        "pageSize": 100,
        "filterBy": [
            {
                "fieldName": "loginResult",
                "value": "Failed",
                "operator": "EQUAL"
            }
        ]
    },
    "lastSyncTimestamp": "2024-06-04T07:43:37Z",
    "nextPageToken": "NWFlODMwY2YtZDcxMC00NTZiLTlhNzEtMTJmZDU3NWFkYjhm"
}

FieldTypeDescription
dataarray of objectsThe collection of admin login events.
adminNamestringThe name of the administrator who triggered the event.
ipAddressstringThe IP address of the admin's computer.
locationstringThe admin's computer's location.
loginResultstringThe result of the login attempt. For example, "successful" or "failed".
loginTimedate-timeThe timestamp when the admin tried to login to the Druva Console.
lastSyncTimestampstringTime stamp until which report data is returned in the API. The time is in the UTC time zone.
filtersobjectFilters applied to the report.
nextPageTokenstringThe token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes.
{
  "code": "string",
  "data": {
    "additionalProp": {}
  },
  "message": "string",
  "retryable": true
}
FieldTypeDescription
codestringError code.
dataobjectData of the error.
messagestringError message.
retryablebooleanCan retry the API call (true for yes and false for no.)

View unusual data activity alerts report

This reports provides a list of unusual data activity alerts.

URL

https://apis.druva.com/platform/reporting/v1/reports/dgUnusualDataActivityAlerts

Request type

HTTP POST

Sample cURL request

curl --location 'https://apis.druva.com/platform/reporting/v1/reports/dgUnusualDataActivityAlerts' \
--header 'Content-Type: application/json' \
--data '{
  "filters": {
        "pageSize": 100,
        "filterBy": [
            {
                "fieldName": "resourceType",
                "value": "NAS",
                "operator": "EQUAL"
            }
        ]
    }   
}'

To try this API endpoint, see Reports API reference.

📘

Note

On the API reference page, select dgUnusualDataActivityAlerts as the report ID under path params to test this endpoint.

Sample HTTP response

{
    "data": [
        {
            "affectedSnapshotName": "Apr 16 2024, 10:00",
            "alertGeneratedOn": "2024-04-15T10:00:28.000Z",
            "alertStatus": "Active",
            "alertType": "Modification",
            "encryptionReason": "High Entropy detected",
            "filesCreated": 0,
            "filesDeleted": 0,
            "filesEncrypted": 0,
            "filesModified": 80,
            "id": 258,
            "impactedFiles": 184,
            "resolvedStatus": "-",
            "resourceName": "test_report_dummy_NAS_ZIE2DN",
            "resourceParentName": "parent_7AZQ69",
            "resourceType": "NAS"
        }
    "filters": {
        "pageSize": 100,
        "filterBy": [
            {
                "fieldName": "resourceType",
                "value": "NAS",
                "operator": "EQUAL"
            }
        ]
    },
    "lastSyncTimestamp": "2024-06-05T06:03:11Z",
    "nextPageToken": ""
}

FieldTypeDescription
dataarray of objectsThe collection of unusual data activity alerts.
affectedSnapshotNamestringThe name of the snapshot that triggered the alert.
alertGeneratedOndate-timeThe timestamp when the alert was generated.
alertStatusstringThe alert's status. For more information, see View UDA alerts.
alertTypestringThe type of alert. For more information, see View UDA alerts .
encryptionReasonstringThe reason for encryption alerts.
filesCreatedintegerThe number of files that were created.
filesDeletedintegerThe number of files that were delete.
filesEncryptedintegerThe number of files that were encrypted.
filesModifiedintegerThe number of files that were modified.
idintegerThe alert's ID.
impactedFilesintegerThe total number of files that were impacted.
resolvedStatusstringThe status of the alert, whether it's resolved or not.
resourceNamestringThe device or computer on which Druva detected unusual data activity.
resourceParentNamestringThe name of the device's parent. For example, ESXi host's name if the device is VMware virtual machine.
resourceTypestringThe type of resource on which Druva detected an unusual data activity.
filtersobjectThe filters applied to the report.
lastSyncTimestampdate-timeTime stamp until which report data is returned in the API. The time is in the UTC time zone.
nextPageTokenstringThe token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes.
{
  "code": "string",
  "data": {
    "additionalProp": {}
  },
  "message": "string",
  "retryable": true
}
FieldTypeDescription
codestringError code.
dataobjectData of the error.
messagestringError message.
retryablebooleanCan retry the API call (true for yes and false for no.)

View quarantined resources report

This reports provides the list of resources that Druva marked as quarantined.

URL

https://apis.druva.com/platform/reporting/v1/reports/dgQuarantineResources

Request type

HTTP POST

Sample cURL request

curl --location --request POST 'https://apis.druva.com/platform/reporting/v1/reports/dgQuarantineResources' \
--header 'Content-Type: application/json' \
--data '{
    "filters": {
        "pageSize": 100,
        "filterBy": [
            {
                "fieldName": "resourceType",
                "value": "Endpoint",
                "operator": "EQUAL"
            }
        ]
    }
}'

To try this API endpoint, see Reports API reference.

📘

Note

On the API reference page, select dgQuarantineResources as the report ID under path params to test this endpoint.

Sample HTTP 200 response

{
    "data": [
        {
            "addedTime": "2024-05-29T10:41:15.000Z",
            "removedFromQR": "No",
            "fromTime": "2024-05-01T00:00:00.000Z",
            "lastUpdatedTime": "2024-05-29T11:25:14.000Z",
            "resourceName": "INTERN-PIYUSHK",
            "resourceType": "Endpoint",
            "toTime": "2024-05-02T23:59:59.000Z"
        }
    ],
    "filters": {
        "pageSize": 100,
        "filterBy": [
            {
                "fieldName": "resourceType",
                "value": "Endpoint",
                "operator": "EQUAL"
            }
        ]
    } ,
    "lastSyncTimestamp": "2024-06-05T08:54:45Z",
    "nextPageToken": ""
}
FieldTypeDescription
dataarray of objectsThe collection of quarantined resources.
addedTimedate-timeThe timestamp when the device or entity was added to the quarantined resources list.
fromTimedate-timeThe start of the date range to quarantine this resource.
lastUpdatedTimedate-timeThe timestamp when the quarantined resource was updated.
resourceNamestringThe name of the device or entity that was quarantined.
resourceTypestringThe type of the quarantined resource. For example, an endpoint.
toTimedate-timeThe end of the date range to quarantine this resource.
filtersobjectThe filters applied to the report.
lastSyncTimestampdate-timeTime stamp until which report data is returned in the API. The time is in the UTC time zone.
nextPageTokenstringThe token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes.
{
  "code": "string",
  "data": {
    "additionalProp": {}
  },
  "message": "string",
  "retryable": true
}
FieldTypeDescription
codestringError code.
dataobjectData of the error.
messagestringError message.
retryablebooleanCan retry the API call (true for yes and false for no.)

View malicious scan jobs report

This report provides the list of malicious scan jobs.

URL

https://apis.druva.com/platform/reporting/v1/reports/dgMaliciousScanJob

Request type

HTTP POST

Sample cURL request

curl --location 'https://apis.druva.com/platform/reporting/v1/reports/dgMaliciousScanJob' \
--header 'Content-Type: application/json' \
--data '
 { "filters": {
        "pageSize": 100,
        "filterBy": [
            {
                "fieldName": "resourceName",
                "value": "INTERN-PIYUSHK",
                "operator": "EQUAL"
            }
        ]
    }   
}'

To try this API endpoint, see Reports API reference.

📘

Note

On the API reference page, select dgMaliciousScanJob as the report ID under path params to test this endpoint.

Sample HTTP 200 response

{
    "data": [
        {
            "deletedFiles": 0,
            "filesScanned": 2,
            "jobEndTime": "2024-05-28T10:19:44.000Z",
            "jobId": 1,
            "jobStartTime": "2024-05-28T10:19:41.000Z",
            "jobStatus": "Successful",
            "maliciousFiles": 0,
            "resourceName": "INTERN-PIYUSHK",
            "resourceType": "Endpoint",
            "scanType": "Restore Scan",
            "skippedFiles": 0
        }
    ],
    "filters": {
        "pageSize": 100,
        "filterBy": [
            {
                "fieldName": "resourceName",
                "value": "INTERN-PIYUSHK",
                "operator": "EQUAL"
            }
        ]
    },
    "lastSyncTimestamp": "2024-06-04T07:29:22Z",
    "nextPageToken": ""
}

FieldTypeDescription
dataarray of objectsThe collection of malicious scan jobs.
deletedFilesintegerThe number of files identified as deleted in the job.
filesScannedintegerThe number of files scanned in the job.
jobEndTimedate-timeThe timestamp when the job ended.
jobIdintegerThe scan job's ID.
jobStartTimedate-timeThe timestamp when the job ended.
jobStatusstringThe job's status.
maliciousFilesintegerThe number malicious files detected in the job.
filesEncryptedintegerThe number of files that were encrypted.
resourceNamestringThe device or computer on which Druva detected unusual data activity.
resourceTypestringThe type of resource on which Druva detected an unusual data activity.
scanTypestringThe scan job's type.
skippedFilesintegerThe number of files that Druva couldn't scan in the job.
filtersobjectThe filters applied to the report.
lastSyncTimestampdate-timeTime stamp until which report data is returned in the API. The time is in the UTC time zone.
nextPageTokenstringThe token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes.
{
  "code": "string",
  "data": {
    "additionalProp": {}
  },
  "message": "string",
  "retryable": true
}
FieldTypeDescription
codestringError code.
dataobjectData of the error.
messagestringError message.
retryablebooleanCan retry the API call (true for yes and false for no.)

View curated snapshots report

This report provides a list of curated snapshots.

URL

https://apis.druva.com/platform/reporting/v1/reports/dgCuratedSnapshots

Request type

HTTP POST

Sample cURL request

curl --location 'https://apis.druva.com/platform/reporting/v1/reports/dgCuratedSnapshots' \
--header 'Content-Type: application/json' \
--data '{ "filters": {
        "pageSize": 100,
        "filterBy": [
            {
                "fieldName": "jobStatus",
                "value": "Successful",
                "operator": "EQUAL"
            }
        ]
    }   
}'

To try this API endpoint, see Reports API reference.

📘

Note

On the API reference page, select dgCuratedSnapshots as the report ID under path params to test this endpoint.

Sample HTTP 200 response

{
    "data": [
        {
            "createdBy": "p k",
            "expiry": "Jun 14 2024, 12:40",
            "filesIncluded": 4,
            "jobEndTime": "2024-05-30T12:40:09.000Z",
            "jobId": 7,
            "jobStartTime": "2024-05-30T12:40:02.000Z",
            "jobStatus": "Successful",
            "resourceName": "INTERN-PIYUSHK",
            "resourceType": "3",
            "size": 19962,
            "snapshot": "May 30, 2024 12:40",
            "snapshotRangeEndDate": "2024-05-30T23:59:59.000Z",
            "snapshotRangeStartDate": "2024-05-02T00:00:00.000Z",
            "snapshotStatus": "Deleted"
        }
    ],
    "filters": {
        "pageSize": 100,
        "filterBy": [
            {
                "fieldName": "jobStatus",
                "value": "Successful",
                "operator": "EQUAL"
            }
        ]
    } ,
    "lastSyncTimestamp": "2024-06-05T08:54:45Z",
    "nextPageToken": ""
}

FieldTypeDescription
dataarray of objectsThe collection of malicious scan jobs.
createdBystringThe name of the admin who created this snapshot.
expirystringThe timestamp when this snapshot expires.
jobEndTimedate-timeThe timestamp when the job ended.
jobIdintegerThe snapshot creation job's ID.
jobStartTimedate-timeThe timestamp when the job ended.
jobStatusstringThe job's status.
resourceNamestringThe device or computer for which you create a curated snapshot.
resourceTypestringThe type of resource for which you create curated snapshot.
sizeintegerThe curated snapshot's size.
snapshotstringThe name of the curated snapshot (generally the date and time when it was created).
snapshotRangeEndDatedate-timeThe end of the date range to create this snapshot.
snapshotRangeStartDatedate-timeThe start of the date range to create this snapshot.
snapshotStatusstringThe snapshot's status within Druva.
filtersobjectThe filters applied to the report.
lastSyncTimestampdate-timeTime stamp until which report data is returned in the API. The time is in the UTC time zone.
nextPageTokenstringThe token to access the next page of results. This parameter will be empty for the last page of the results. This token is valid for 5 minutes.
{
  "code": "string",
  "data": {
    "additionalProp": {}
  },
  "message": "string",
  "retryable": true
}
FieldTypeDescription
codestringError code.
dataobjectData of the error.
messagestringError message.
retryablebooleanCan retry the API call (true for yes and false for no.)