Test pulling SEP Mobile events with API

book

Article ID: 208483

calendar_today

Updated On:

Products

Endpoint Protection Mobile

Issue/Introduction

Test pulling SEP Mobile events with API

Resolution

NOTE: This article is provided for convenience only. Broadcom Support cannot assist with creation or troubleshooting of scripts and/or third party tools that are used to parse data delivered by the API.

To get started with pulling SEP Mobile with the API, first review the API documentation. Sign into the SEP Mobile Management Console and navigate to Settings>Integrations>API and select API Documentation. Scroll down or find Security events. Click on GET /organizations/:organization_id/security_events and/or POST /organizations/:organization_id/security_events/store_security_events to see header and parameter information for these queries.

Enable/disable storing of security events for your organization with POST /organizations/:organization_id/security_events/store_security_events

NOTE: By default, the SEP Mobile API will delete events after retrieving them. Set the parameter for Remove to False to keep events.

Retrieve security events for your organization with GET /organizations/:organization_id/security_events

It is normal on a first retrieval for the API to find no events. If this is the case the response is:

{
"success"true,
"data": [],
"pending_events_count"0
}

To test and verify that pulling the events is working, create incidents using the EICAR test file.

Android File Test

Android Malware Test

Retrieve security events again.

The response will start similar to this:

{
    "success"true,
    "data": [
        {
            "timestamp""2021-02-12T16:28:22.541+00:00",
            "event_type""incident_opened",
            "id"1855257260,
            "type""HarmfulPcFile",
            "sub_type""Harmful PC File",
            "severity""medium",