0% found this document useful (0 votes)

624 views85 pages

Zimperium Zconsole API Guide V4.28

The Zimperium zConsole Mobile Threat Defense API Guide (Release 4.28) provides detailed instructions for developers on how to access and utilize various APIs for managing mobile threat data. It includes information on authorization, input parameters, API operations, and sample commands for retrieving user and device information, as well as threat events. The guide is intended for developers and integrators looking to automate interactions with the zConsole platform without direct login.

Uploaded by

Darwin John

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

624 views85 pages

Zimperium Zconsole API Guide V4.28

Uploaded by

Darwin John

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 85

Zimperium zConsole Mobile Threat Defense

API Guide

Release 4.28

July 2020
Copyright © 2020, Zimperium®, Inc. and/or its affiliates. All rights reserved.
This document, as well as the software described in it, is furnished under license. The information in this
manual may only be used in accordance with the terms of the license. This document should not be
reproduced, stored or transmitted in any form, except as permitted by the license or by the express
permission of Zimperium, Inc.
All other marks and names mentioned herein may be trademarks or trade names of their respective
companies.

zConsole API Guide, Release 4.28, July 2020 2

Table of Contents
Preface 8
Audience 8
New Features 8
Document Update Log 8
Document Overview 10
Getting Started 10
About the APIs 10
Authorization and Tokens 10
Example curl Command 11
About the API URLs 11
Input Parameters 11
About API Responses 13
Date and Time Fields 13
zConsole API Operations 14
API Overview 14
Retrieve Users with a Search 17
Command 17
Sample Command 18
URL 18
Sample Response 18
Retrieve Details for a Single User 19
Command 19
Sample Command 19
URL 19
Sample Response 19
Retrieve a Single Device by Device ID 20
Command 20
Sample Command 20
URL 21
Sample Response 21
Retrieve Devices from Greater than Last Updated 22
Command 22
Sample Command 22

zConsole API Guide, Release 4.28, July 2020 3

URL 22
Sample Response 22
Retrieve Devices with a Search 23
Command 23
Sample Command 24
URL 24
Sample Response 24
Retrieve a Single Device by zdid Identifier 25
Command 25
Sample Command 25
URL 25
Sample Response 26
Delete a Single Device 26
URL 26
Sample Response 27
Retrieve Events with a Search 27
Command 27
Sample Command 28
URL 28
Sample Response 28
Retrieve a Single Threat Event 30
Command 30
Sample Command 31
URL 31
Sample Response 31
Retrieve Event from Greater than Last Update 32
Command 32
Sample Command 33
URL 33
Sample Response 33
Retrieve a Detailed Threat Event 34
Command 34
Sample Command 35
URL 35
Sample Response 35

zConsole API Guide, Release 4.28, July 2020 4

Retrieve an App Classification with a Name 38
Command 38
Sample Command 38
URL 38
Sample Response 39
Retrieve an App Classification with a Hash Code 39
Command 39
Sample Command 40
URL 40
Sample Response 40
Retrieve a Report with a Bundle Identifier 41
Android Command 41
iOS Command 41
Sample Android Command 41
Sample iOS Command 41
URL 41
Sample Response 41
Retrieve a Report with a Hash Code 41
Command 42
Android Command 42
iOS Command 42
URL 42
Sample Android Commands 42
Sample iOS Commands 42
Sample Response 42
Retrieve a Report with an iTunes Identifier 50
Command 50
Sample Command 50
URL 51
Sample Response 51
Upload Application File for Analysis 51
Command 51
Sample Command 52
URL 52
Sample Response 52

zConsole API Guide, Release 4.28, July 2020 5

Upload an Application File for Analysis with URL 53
Sample Command 53
Sample Response 54
Create a Tenant 54
URL 54
Sample Body 54
Sample Response 55
Update a Tenant 55
URL 55
Sample Body 55
Sample Response 56
Delete a Tenant 57
URL 57
Sample Response 58
Retrieve a Tenant 58
URL 58
Sample Response 58
Update a User by an Email 59
URL 60
Sample Body 60
Create a User for a Tenant 60
URL 61
Sample Body 61
Delete a User 62
URL 62
Sample Response 62
Retrieve a User 62
URL 62
Sample Response 62
Update a User by User Id 63
URL 63
Sample Body 63
Retrieve a User Activation URL 64
URL 64
Sample Response 64

zConsole API Guide, Release 4.28, July 2020 6

Create an Order 65
URL 65
Sample Body 65
Appendix A – Sample Output 67
Sample Output Returning Detailed Event Information 67

zConsole API Guide, Release 4.28, July 2020 7

Preface
This guide covers the API capabilities and usage to access zConsole data. It covers the list of available APIs
and details on invoking them, such as input parameters.

Audience
The intended audience for this guide is a developer or integrator. The zConsole application provides
threat protection to mobile devices, and the system administrator sets policies for threats, and monitors
and manages threats detected. Developers or integrators use APIs to access the zConsole information
without logging into zConsole itself.

New Features
Refer to the “Zimperium zConsole Release Notes” document for the list of new features in this release.

Document Update Log

Date Topic Description

Information on Apps can now be retrieved including:

Added App Retrieval API
Classification, z3A reports and app uploads for analysis.
July 2017
Modified format of the The format was modified to include all possible API calls
document for a specific item in a single table.

Added Additional Additional retrieve and post methods are added.

Operations
August 2018 Restructured Document Added overview sections and put each method in a
separate section.
Updated some of the sample output sections.

December 2018 zConsole Release 4.16 Formatting updates.

Made additions, changes, and deletions of fields for the

APIs with devices, events, and users.
For event output, the following changes were made:
● The customerContactPhone and userPhoneNumber
fields are removed (except the userPhoneNumber
field exists in the event search API with full details).
January 2019 zConsole Release 4.22 ● The env section is removed. Several sections
changed the level where the information is provided.
● The eventDetail section is restructured. For instance
the “zips_event” section is removed, and those fields
are provided in a flatter structure.
● The eventState field changed from an Integer value
to a String value.

zConsole API Guide, Release 4.28, July 2020 8

● These new fields are added: eventStateCode, event
FullName, incidentSummary, tag1, tag2.

For device output, the following changes were made:

● The status field changed from an Integer to a String.
● These new fields are added: statusCode,
updatedDate, externalTrackingId1, externalTracking
Id2, osUpgradeable, osVulnerable, riskPostureCode,
riskPosture, and vulnerabilities.

Additions for tenant and Changes are made to include the tenant and user APIs,
March 2019
user APIs which are now available.

April 2019 Release 4.23 Minor changes with the Release 4.23 version.

Additional details are listed in the Document Update Log

May 2019 Minor Updates
section for changes in January 2019.

August 2019 Release 4.24.1 Updates for zConsole Release.

Additions for zConsole Release.

● Added the Create an Order API.
August 2019 Release 4.24.x ● Added the segment field to the tenant APIs.
These additions are available in zConsole Release 4.24.2
or later.

Updated formatting.
July 2020 Release 4.28
Updated Curl Commands and Sample Responses.

zConsole API Guide, Release 4.28, July 2020 9

Document Overview
The Zimperium zConsole is an interface to manage users, devices, events, and apps seen in the inventory
of devices. An Application Program Interface (API) is provided to access zConsole information through a
secure web call over HTTPS. This document provides information on zConsole APIs for other applications
to utilize. This guide provides descriptions of how you can retrieve the information through the APIs.

In addition, some customers require methods to automate tenant creation and changes. These are
included in this document also.

The “Zimperium zConsole Configuration Guide” provides an overview the zConsole and how to manage
your environment. It is available on the Customer Portal at this website:
https://support.zimperium.com.

Getting Started
This section summarizes the items which need to get started calling the APIs and they include the
following:
● Contact the Zimperium Customer Success team and request an API Key value to access the API
requests. Also, contact them to confirm the value of the zConsole host and the URL endpoint to
use. See the “Authorization and Tokens” section for more information.
● Familiarize yourself with the details of this document.
● Determine which API operations you want to call.
● Use a curl command to try and execute once you have the API key value and a zConsole host to
query.

About the APIs

This section provides the common information across the API operations on the following topics:
● Authorization and Tokens
● API URLs
● Input Parameters Details - these are parameters that are common across multiple APIs
● API Responses
● Date and Time Fields

Authorization and Tokens

Authorization is required to use Zimperium APIs. It requires the use of an access token to allow requests.
To access your zConsole data using an API, contact your Zimperium customer success team and they
provide a REST API token or API Key for authorization.

Open a support ticket at the email address: [email protected]

This token needs to be populated in the API request header under a key called the ‘api_key’. When making
a request to the API service, insert this header so the system can determine which is your environment
for information retrieval.

zConsole API Guide, Release 4.28, July 2020 10

Unlike the zConsole login, which requires a username and password, the API operations only need the
‘api_key’ token value to be authenticated.

Example curl Command

This is an example curl command:

curl -X GET --header 'Accept: application/json' --header 'api_key:

e60a6bcaf5b14ee081ccbfebc0235b75' 'https://console-
qi.zimperium.com/api/v1/malware/public/reports/itunes/284882215'

Note: The port number 443 is defaulted for the caller and is not needed.

About the API URLs

Various functions can be used by using a RESTful API client. The URL format for the API resources is the
following:

Request URL: https://zConsole_host/api/v1/suffix

where:
● zConsole_host is the name of the host where zConsole is installed. Ensure this value is similar
to "hostConsole-qi" for the prefix.
● suffix is the remainder of the URL for the specific request.

For example, a call to a server, to retrieve a classification by an input hash value of ‘123’ has the URL of
the following:

https://console-qi.zimperium.com/api/v1/malware/public/classify/hash/123

A call to the server, to retrieve a list of 20 devices has the URL of the following:

https://console-qi.zimperium.com/api/v1/devices/public/search?rsql=deviceId%3D%3D*&
size=20

Details of this and other API calls are covered in the remainder of this guide.

Check with your Customer Success team for verification of the correct URL.

Input Parameters
The retrieve or search API methods use Remote SQL or RSQL queries. This type of search allows the API
call to have multiple query options.

Refer to this website for more information on these queries:

zConsole API Guide, Release 4.28, July 2020 11

https://github.com/jirutka/rsql-parser

For example, search for user information is done by using a user’s last name, and also the create date for
the user.

RSQL operators are designed to be URL-friendly. Equality operators can include wildcards. This table lists
the different operators that are available.

Operation Operator
Equal to ==
Not equal to !=
Greater than =gt=
Greater than or equal to =ge=
Less than =lt=
Less than or equal to =le=
IN =in=
Not IN =out=
AND ;
OR ,

Example Search Strings are shown below:

firstName==Jo*
dateJoined=lt=2015-12-25
firstName==Chris*;dateJoined=gt=2018-07-01
lastName==Prab*,lastName==Mano*

This table lists the input parameters for the search API methods. These parameters tailor the response of
the query.

Item Usage
page Page of the response to be retrieved. 0 = all pages
size Size of the page you want to retrieve.
Properties that should be sorted in the format
sort
property,property(,ASC|DESC) (default = ASC)

Example Input Parameters for Paging are shown below:

&page=0&size=20

Example of a Full Search URL are shown as follows:

With the different parameters, a search URL is created by piecing different sections together. For
instance, for a search string that:

zConsole API Guide, Release 4.28, July 2020 12

● Searches for events
● Where an app name starts with a “N”
● A number of pages as size of 0 (all)
● A size for the page of 20

The resulting URL is the following:

https://console-qi.zimperium.com/api/v1/events/public/search?
rsql=appName%3D%3DN*&includeFullEventDetail=false&page=0&size=20&sor
t=deviceTime%2Cdesc

About API Responses

This table describes the various response codes and whether the value is success or failure.

Response Reason Success/Failure

200 Complete Success

201 Created Success

400 Bad Request Failure

401 Unauthorized Failure

403 Forbidden Failure

404 Not Found Failure

405 Method Not Allowed Failure

406 Not Acceptable Format Failure

503 Service Unavailable - Failure

Try Later

504 Timeout with Server Unknown

Note: In the sample responses within this document, the details of each
operation’s output are often altered to avoid using valid values, such as
domains, emails, or usernames. They are also altered to reduce the
output quantity such as items within an array

Date and Time Fields

There are several date and time fields for the different topics. The following table provides more
information on what these time fields represent.

zConsole API Guide, Release 4.28, July 2020 13

Topic Field
● createdDate is the date and time when the user is first created.
● modifiedDate is the date and time when the user record is changed.
Users
● lastSyncFromMdm is the date and time when the user is synched with the MDM
(if applicable).
● createdAt is the date and time when the device is created.
Devices ● lastSeen is the date and time when zConsole last received information from the
device.
● persistedTime is the date and time when the event happened.
Threat
● deviceTime is also the date and time when the event happened, and can be
Events
millisecond difference between this and persisted.
Apps ● modifiedDate is the date and time when the app record was last updated.

zConsole API Operations

API Overview
The API operations are broken into four sections:
● Search Users: Retrieves a list or details about users. This set of API operations provides a
mechanism to search for users in an environment given some search criteria or an identifier for a
specific match.
● Devices: Retrieves list or details about devices. This set of API operations provides a mechanism
to search for devices in an environment given some identifying input to return all matches.
● Events: Retrieves a list or details about threats. This set of API operations provides a mechanism
to search for threat events in an environment given some identifying data to return all matches.
Search for all threats, then using the eventID, search for specific events to get more details.
● Apps: Retrieves information about device applications, such as classifications and reports.
Applications are also uploaded with these operations.
● Tenants and Users: Creates, reads, updates, and removes a tenant. These operations also create,
update (several methods, refresh an activation URL), and delete a user within a tenant. These
operations require an API key to be able to call, and are reserved for specific types of callers.
● Orders: Creates an order. This operation requires an API key to be able to call, and is reserved
for specific types of callers.

This table lists the zConsole RESTful API requests provided, along with the method, resource, and
description for each request. This table is ordered first by topic order below, and then by the method
(GET, POST, DELETE). The topic order is the following:
● Search Users
● Devices
● Events
● Apps
● Tenants and Users
● Orders

zConsole API Guide, Release 4.28, July 2020 14

Note: For resource strings below and in this document, literal text values
are bold and parameter values are given in italics.

Request Method Resource Description

Search Users

This operation is a query for all

Retrieve Users with a /api/v1/users/public/search?rsql=s
GET users matching the input search
Search earchString
string.

This operation retrieves

information on an individual
user given the object identifier
Retrieve Details for a
GET /api/v1/users/public/userid of the user. You can find the
Single User
object identifier or userid in the
operation that retrieves all users
for a given search string.

Devices

This operation is a query for the

Retrieve a Single Device /api/v1/devices/public/deviceId/d
GET device matching the input
by Device Id eviceId
device identifier.

This operation is a query for the

Retrieve Devices from
/api/v1/devices/public/device_up devices matching the input
Greater than Last GET
dates criteria such as devices from the
Updated
last updated date.

This operation is a query for all

Retrieve Devices with a /api/v1/devices/public/search?rsql
GET devices matching the input
Search =searchString
search string.

This operation is a query for the

Retrieve a Single Device
GET /api/v1/devices/public/zdid device matching the input zdid
by zdid Identifier
identifier.

This operation deletes a device

Delete a Single Device DELETE /api/v1/devices/public/deviceId matching the input device
identifier.

Events

zConsole API Guide, Release 4.28, July 2020 15

This operation is a query for
Retrieve Events with a /api/v1/events/public/search?rsql
GET threat events matching the
Search =searchString
input search criteria string.

This operation is a query for the

Retrieve a Single Threat
GET /api/v1/events/public/eventId threat event matching the input
Event
event identifier.

This operation is a query for the

Retrieve a Detailed /api/v1/events/public/eventId/det threat event, including details,
GET
Single Threat Event ailed matching the input event
identifier.

Apps

Retrieve an App This operation gets an app

/api/v1/malware/public/classify/n
Classification with a GET classification for a given app
ame/name
Name name.

Retrieve an App /api/v1/malware/public/classify/h This operation gets an app

Classification with a GET ash/hash classification for a given hash
Hash Code code.

This operation retrieves an

Retrieve a Report with /api/v1/malware/public/reports/b
GET analysis report on the app given
a Bundle Identifier undle/bundleId
a bundle identifier.

This operation retrieves an

Retrieve a Report with /api/v1/malware/public/reports/h
GET analysis report on the app given
a Hash Code ash/hash
a hash code for the application.

This operation retrieves an

Retrieve a Report with /api/v1/malware/public/reports/it
GET analysis report on the app given
an iTunes Identifier unes/itunesId
an itunes identifier.

This operation uploads an

Upload Application File /api/v1/malware/public/upload/a
POST application given a specific input
for Analysis pp
file.

Upload an Application
/api/v1/malware/public/upload/it This operation uploads an
File for Analysis with POST
unes application given an iTunes URL.
URL

Tenants and Users

This operation creates a new

Create a Tenant POST /api/v1/appdirect/public/tenant
tenant.

zConsole API Guide, Release 4.28, July 2020 16

This operation updates an
Update a Tenant PUT /api/v1/appdirect/public/tenant
existing tenant.

/api/v1/appdirect/public/tenant/i This operation deletes an

Delete a Tenant DELETE
d existing tenant.

/api/v1/appdirect/public/tenant/i This operation retrieves an

Retrieve a Tenant GET
d existing tenant.

Update a User by an This operation updates a user by

PUT /api/v1/appdirect/public/user
Email email.

Create a User for a /api/v1/appdirect/public/user/ten This operation creates a user for

POST
Tenant ant/tenantId a tenant.

This operation deletes an

Delete a User DELETE /api/v1/appdirect/public/user/id
existing user.

This retrieves a user with a given

Retrieve a User GET /api/v1/appdirect/public/user/id
identifier.

Update a User by User This operation updates a user

PUT /api/v1/appdirect/public/user/id
Id given a user identifier.

Retrieve a User /api/v1/appdirect/public/user/id/r This operation retrieves a user

GET
Activation URL efresh-activation-url activation URL given a user id.

Create an Order

This operation creates a new

Create an Order POST /api/v1/appdirect/public/order order. This is available in
zConsole Release 4.24.2 or later.

The following sections detail the different operations and provide specifics for each.

Retrieve Users with a Search

This operation retrieves all the users matching the input search string.

Command
Use the following command to retrieve the users matching the input string:

zConsole API Guide, Release 4.28, July 2020 17

curl -X GET --header 'Accept: application/json' --header 'api_key:
<YourAPIkey>' 'https://uat-qi.zimperium.com:443/api/v1/user
/public/search?rsql=lastName%3D%3D<InputString>&page=0&size=20'

where
● <YourAPIkey> is the Api key required to access the zConsole.
● <InputString> is the last name of the user.

Sample Command
curl -X GET --header 'Accept: application/json' --header 'api_key:
555555' 'https://uat-qi.zimperium:443/api/v1/user
/public/search?rsql=lastName%3D%3DParker&page=0&size=20’

URL
https://zConsole_host/api/v1/users/public/search?rsql=searchString

where:
● <zConsole_host> is the name of the host where zConsole is installed.
● <searchString> is a value of a search string with query criteria.
● See the “Input Parameters” section for more information.

Sample Response
{
"content": [
{
"objectId": "1B9182C7-8C12-4499-ADF0-A338DEFDFC33",
"lastLogin": "2019-02-01T17:12:35+0000",
"email": "[email protected]",
"alias": "e7f4eb20-5433-42e0-8229-8910e342d4fc",
"firstName": "zAuto",
"middleName": "Tool",
"lastName": "QA",
"status": 1,
"dateJoined": "2019-02-01T17:12:35+0000",
"agreedToTerms": true,
"pwdRecoveryRequest": false,
"role": 4,
"signupSteps": 1,
"createdDate": "2019-02-01T17:12:35+0000",
"modifiedDate": "2019-02-01T17:12:35+0000",
"roles": [
{
"roleId": 150061
}
],
"activationTokenUrl": "https://demo-device-
api.zimperium.com/activation?stoken\...redirect_uri\u003dzips",
"superuser": false,

zConsole API Guide, Release 4.28, July 2020 18

"staff": false,
"phoneNumberVerified": false,
"syncedFromMdm": false
}
],
"last": true,
"totalPages": 1,
"totalElements": 1,
"first": true,
"size": 20,
"number": 0,
"numberOfElements": 1
}

Retrieve Details for a Single User

This operation retrieves a single user given its object identifier or user identifier.

Command
Use the following command to retrieve a single user given its object identifier or user identifier.

curl -X GET --header 'Accept: application/json' --header 'api_key:

<YourAPIkey>' 'https://uat-qi.zimperium.com:443/api/v1
/user/public/search?rsql=objectId%3D%3D<ObjectId>&page=0&size=20'

where

● <YourAPIkey> is the Api key required to access the zConsole.

● <ObjectId> is the user identifier. ObjectId and userId are the same value.

Sample Command
curl -X GET --header 'Accept: application/json' --header 'api_key:
5555555555' 'https://uat-qi.zimperium.com:443/api/v1/user/public/
/search?rsql=objectId%3D%3D77777777777&page=0&size=20'

URL
https://zConsole_host/api/v1/users/public/userId

where:
● zConsole_host is the name of the host where zConsole is installed.
● userId is the user identifier. ObjectId and userId are the same value.

Sample Response

zConsole API Guide, Release 4.28, July 2020 19

{
"objectId": "1B9182C7-8C12-4499-ADF0-A338DEFDFC33",
"lastLogin": "2019-02-01T17:12:35+0000",
"email": "[email protected]",
"alias": "e7f4eb20-5433-42e0-8229-8910e342d4fc",
"firstName": "zAuto",
"middleName": "Tool",
"lastName": "QA",
"status": 1,
"dateJoined": "2019-02-01T17:12:35+0000",
"agreedToTerms": true,
"pwdRecoveryRequest": false,
"role": 4,
"signupSteps": 1,
"createdDate": "2019-02-01T17:12:35+0000",
"modifiedDate": "2019-02-01T17:12:35+0000",
"roles": [
{
"roleId": 150061
}
],
"activationTokenUrl": "https://demo-device-
api.zimperium.com/activation?stoken\...u6redirect_uri\u0dzips",
"superuser": false,
"staff": false,
"phoneNumberVerified": false,
"syncedFromMdm": false
}

Retrieve a Single Device by Device ID

This operation retrieves a device matching the device identifier input string.

Command
Use the following command to retrieve a device matching the device identifier input string.

curl -X GET --header 'Accept: application/json' --header 'api_key:

<YourAPIKey>' 'https://uat-qi.zimperium.com:443/api/v1/devices/
/public/search?rsql=deviceId%3D%3D<InputString>&size=20'

where:
● -<YourAPIkey> is the Api key required to access the zConsole.
● -<InputString> is the actual device id of a particular device

Sample Command
curl -X GET --header 'Accept: application/json' --header 'api_key:
55555555' 'https://uat-qi.zimperium.com:443/api/v1/devices/public/
search?rsql=deviceId%3D%3D1982806142&size=20'

zConsole API Guide, Release 4.28, July 2020 20

URL
https://zConsole_host/api/v1/devices/public/deviceId/deviceId

where:
● zConsole_host is the name of the host where zConsole is installed.
● deviceId is the device identifier for the device.

Sample Response
{
"zdid": "87a587de-283f-48c9-9ff2-047c8b025b6d",
"deviceId": "1dbf5a9e-b0e8-4625-9205-6d9df8750c3f",
"deviceHash":
"3dce52cf609b70d00865fa8a4bbc3ccb8c49cdd05ea88dd897fe98c6e510f0a3",
"mdmId": "a44c26d580a4358130dc2d35044d2bd044e6",
"statusCode": 1,
"status": "Active",
"zipsVersion": "4.8.0",
"lastSeen": "2019-02-01 05:13:12 UTC",
"createdAt": "2019-02-01 05:13:12 UTC",
"updatedDate": "2019-02-01 05:13:12 UTC",
"country": "US",
"countryCode": "310",
"operatorAlpha": "AT\u0026T",
"type": "iPhone",
"zipsDistributionVersion": "n/a",
"appName": "zIPS",
"bundleId": "com.zimperium.vzips",
"externalTrackingId1": "",
"externalTrackingId2": "",
"version": "4.8.0",
"osUpgradeable": false,
"osVulnerable": false,
"model": "iPhoneXS Max",
"osVersion": "12.0.0",
"osType": "iOS",
"userId": "868CEA8B-7796-44B6-B249-724A325EDE78",
"email": "[email protected]",
"firstName": "Pat",
"middleName": "T",
"lastName": "Smith",
"systemToken": "automation-rest",
"riskPostureCode": 0,
"riskPosture": "Normal",
"vulnerabilities": []
}

zConsole API Guide, Release 4.28, July 2020 21

Retrieve Devices from Greater than Last Updated
This operation retrieves device matching the input criteria of greater than the last updated date for the
device. The default is to exclude the deleted devices, and the fromLastUpdate is yesterday.

Note: This is a retrieve and no devices are updated with this call.

Command
Use the following command to device matching the input criteria of greater than the last updated date
for the device.

curl -X GET --header 'Accept: application/json' --header 'api_key:

<YourAPIKey>' "https://uat-qi.zimperium.com:443/api/v1/devices/
/public/search?rsql=lastSeen=gt='2020-06-20T10:15:30'&page=0&size=20"

where:
● -<YourAPIkey> is the Api key required to access the zConsole.
● -<Timestamp> is the actual time stamp.

Sample Command
curl -X GET --header 'Accept: application/json' --header 'api_key:
5555555555' "https://uat-qi.zimperium.com:443/api/v1/devices/public/
search?rsql=lastSeen=gt='2020-06-20T10:15:30'&page=0&size=20"

URL
https://zConsole_host/api/v1/devices/public/device_updates

where:
● zConsole_host is the name of the host where zConsole is installed.

Parameter List:
● excludeDeleted is a boolean if the deleted devices should be excluded.
● fromLastUpdate is the comparison for greater than this date is compared in the query.

zConsole API Guide, Release 4.28, July 2020 22

"mdmId": "a44c26d580a4358130dc2d35044d2bd044e6",
"statusCode": 1,
"status": "Active",
"zipsVersion": "4.8.0",
"lastSeen": "2019-02-01 05:13:12 UTC",
"createdAt": "2019-02-01 05:13:12 UTC",
"updatedDate": "2019-02-01 05:13:12 UTC",
"country": "US",
"countryCode": "310",
"operatorAlpha": "AT\u0026T",
"type": "iPhone",
"zipsDistributionVersion": "n/a",
"appName": "zIPS",
"bundleId": "com.zimperium.vzips",
"externalTrackingId1": "",
"externalTrackingId2": "",
"version": "4.8.0",
"osUpgradeable": false,
"osVulnerable": false,
"model": "iPhoneXS Max",
"osVersion": "12.0.0",
"osType": "iOS",
"userId": "868CEA8B-7796-55B6-B249-724A325EDE78",
"email": "[email protected]",
"firstName": "Joe",
"middleName": "T",
"lastName": "Doe",
"systemToken": "automation-rest",
"riskPostureCode": 0,
"riskPosture": "Normal",
"vulnerabilities": []
}
],
"last": true,
"totalPages": 1,
"totalElements": 1,
"first": true,
"numberOfElements": 1,
"size": 50,
"number": 0
}

Retrieve Devices with a Search

This operation retrieves all the devices matching the input search string.

Command
Use the following command to retrieve all the devices matching the input search string

curl -X GET --header 'Accept: application/json' --header 'api_key:

<YourAPIKey>' 'https://uat-qi.zimperium.com:443/api/v1/devices/
public/search?rsql=deviceHash%3D%3D<InputString>&size=20'

zConsole API Guide, Release 4.28, July 2020 23

where:
● -<YourAPIkey> is the Api key required to access the zConsole.
● -<InputString> is the actual device Hash code of that particular device.

Sample Command
curl -X GET --header 'Accept: application/json' --header 'api_key:
555555' 'https://uat-qi.zimperium.com:443/api/v1/devices/public
/search?rsql=deviceHash%3D%3D12341234&page=0&size=20’

URL
https://zConsole_host/api/v1/devices/public/search?rsql=searchString

where:
● zConsole_host is the name of the host where zConsole is installed.
● searchString is a value of a search string with query criteria.
● See the “Input Parameters” section for more information.

Sample Response
{
"content": [
{
"zdid": "87a587de-283f-48c9-9ff2-047c8b025b6d",
"deviceId": "1dbf5a9e-b0e8-4625-9205-6d9df8750c3f",
"deviceHash":
"3dce52cf609b70d00865fa8a4bbc3ccb49cdd05ea88dd897fe98c6e510f0a3",
"mdmId": "1dbf5a9e-b0e8-4625-9205-6d9df8750c3f",
"statusCode": 1,
"status": "Active",
"zipsVersion": "4.8.0",
"lastSeen": "2019-02-01 05:13:12 UTC",
"createdAt": "2019-02-01 05:13:12 UTC",
"updatedDate": "2019-02-01 05:13:12 UTC",
"country": "US",
"countryCode": "310",
"operatorAlpha": "AT\u0026T",
"type": "iPhone",
"zipsDistributionVersion": "n/a",
"appName": "zIPS",
"bundleId": "com.zimperium.vzips",
"externalTrackingId1": "",
"externalTrackingId2": "",
"version": "4.8.0",
"osUpgradeable": false,
"osVulnerable": false,
"model": "iPhoneXS Max",
"osVersion": "12.0.0",
"osType": "iOS",

zConsole API Guide, Release 4.28, July 2020 24

"userId": "868CEA8B-7796-44B6-B249-724A325EDE78",
"email": "[email protected]",
"firstName": "zAuto",
"middleName": "Tool",
"lastName": "QA",
"systemToken": "automation-rest",
"riskPostureCode": 0,
"riskPosture": "Normal",
"vulnerabilities": []
}
],
"last": true,
"totalPages": 1,
"totalElements": 1,
"first": true,
"numberOfElements": 1,
"size": 20,
"number": 0
}

Retrieve a Single Device by zdid Identifier

This operation retrieves a device matching the internal device identifier input string.

Command
Use the following command to retrieve all the devices matching the input search string:

curl -X GET --header 'Accept: application/json' --header 'api_key:

<YourAPIKey>' 'https://uat-qi.zimperium.com:443/api/v1/devices/
search?rsql=zdid%3D%3D<InputString>&size=20'

where:
● -<YourAPIkey> is the Api key required to access the zConsole.
● -<InputString> is the actual zdid of a particular device.

URL
https://zConsole_host/api/v1/devices/public/zdid

where:
● zConsole_host is the name of the host where zConsole is installed.
● zdid is an internal identifier for the device.

zConsole API Guide, Release 4.28, July 2020 25

Sample Response
{
"zdid": "87a587de-283f-48c9-9ff2-047c8b025b6d",
"deviceId": "1dbf5a9e-b0e8-4625-9205-6d9df8750c3f",
"deviceHash":
"3dce52cf609b70d00865fa8a4bbc3ccb8c49cdd05ea88dd897fe98c6e510f0a3",
"statusCode": 1,
"status": "Active",
"zipsVersion": "4.8.0",
"lastSeen": "2019-02-01 05:13:12 UTC",
"createdAt": "2019-02-01 05:13:12 UTC",
"updatedDate": "2019-02-01 05:13:12 UTC",
"country": "US",
"countryCode": "310",
"operatorAlpha": "AT\u0026T",
"type": "iPhone",
"zipsDistributionVersion": "n/a",
"appName": "zIPS",
"bundleId": "com.zimperium.vzips",
"externalTrackingId1": "",
"externalTrackingId2": "",
"version": "4.8.0",
"osUpgradeable": false,
"osVulnerable": false,
"model": "iPhoneXS Max",
"osVersion": "12.0.0",
"osType": "iOS",
"userId": "868CEA8B-7796-44B6-B249-724A325EDE78",
"email": "[email protected]",
"firstName": "zAuto",
"middleName": "Tool",
"lastName": "QA",
"systemToken": "automation-rest",
"riskPostureCode": 0,
"riskPosture": "Normal",
"vulnerabilities": []
}

Delete a Single Device

This operation deletes a single device matching the input device identifier.
Method
DELETE

URL
https://zConsole_host/api/v1/devices/public/deviceId

where:
● zConsole_host is the name of the host where zConsole is installed.

zConsole API Guide, Release 4.28, July 2020 26

● deviceId is an identifier of the device, which is the “zdid” field value.

Sample Response
{
"zdid": "87a587de-283f-48c9-9ff2-047c8b025b6d",
"deviceId": "1dbf5a9e-b0e8-4625-9205-6d9df8750c3f",
"deviceHash":
"3dce52cf609b70d00865fa8a4bbc3ccb8c49cdd05ea88dd897fe98c6e510f0a3",
"mdmId": "a44c26d580a4358130dc2d35044d2bd044e6",
"statusCode": 7,
"status": "Deleted",
"zipsVersion": "4.8.0",
"lastSeen": "2019-02-01 05:13:12 UTC",
"createdAt": "2019-02-01 05:13:12 UTC",
"updatedDate": "2019-02-01 05:13:15 UTC",
"country": "US",
"countryCode": "310",
"operatorAlpha": "AT\u0026T",
"type": "iPhone",
"zipsDistributionVersion": "n/a",
"appName": "zIPS",
"bundleId": "com.zimperium.vzips",
"externalTrackingId1": "",
"externalTrackingId2": "",
"version": "4.8.0",
"osUpgradeable": false,
"osVulnerable": false,
"model": "iPhoneXS Max",
"osVersion": "12.0.0",
"osType": "iOS",
"userId": "868CEA8B-7796-44B6-B249-724A325EDE78",
"email": "[email protected]",
"firstName": "zAuto",
"middleName": "Tool",
"lastName": "QA",
"systemToken": "automation-rest",
"riskPostureCode": 0,
"riskPosture": "Normal",
"vulnerabilities": []
}

Retrieve Events with a Search

This operation retrieves all the threat events matching the input search string.

Command
Use the following command to retrieve all the threat events matching the input search string:

curl -X GET --header 'Accept: application/json' --header 'api_key:

zConsole API Guide, Release 4.28, July 2020 27

<YourAPIKey>' 'https://uat.qi.zimperium.com/api/v1/events/public/
search?rsql=deviceId%3D%3D<InputString>&includeFullEventDetail=false
&page=0&size=20&sort=deviceTime%2Cdesc'

where:
● -<YourAPIkey> is the Api key required to access the zConsole.
● -<SearchString> is any attribute from the response which can be used as a Search string.
● -<InputString> is the actual value of search attribute.

Sample Command
curl -X GET --header 'Accept: application/json' --header 'api_key:
5555555555' 'https://uat-qi.zimperium.com/api/v1/events/public/
search?rsql=deviceId%3D%3D2389182938983&includeFullEventDetail=false
&page=0&size=20&sort=deviceTime%2Cdesc'

URL
https://zConsole_host/api/v1/events/public/search?rsql=searchString&includeFullEventDetail=f
ullFlag

where:
● zConsole_host is the name of the host where zConsole is installed.
● searchString is a query string parameter.
● See the “Input Parameters” section for more information.
● includeFullEventDetail is a parameter flag to indicate if full details are needed for the output
matching events.
● fullFlag is the value true or false.

Sample Response
{
"content": [
{
"eventId": "c4220bdf-0c0b-489c-a915-7d71bba7197a",
"eventStateCode": 1,
"eventState": "Pending",
"typeDesc": "ZIPS_EVENT",
"eventVector": "2",
"severity": "IMPORTANT",
"eventName": "THREAT_DETECTED",
"eventFullName": "host.vulnerable.ios",
"customerId": "becky",
"customerContactName": "becky",
"customerContactPhone": "+1 415 1234567",
"deviceHash":
"ae14a9f3359cc75f122c4b38f0a033503b82995e5ec4fe54d5a93df35f9b81",
"deviceId": “37245C48-D3B9-474A-80BA-54E66DDF0D94",
"mdmId": null,
"zdid": "0082956f-380c-4e91-baf6-6e36da54040a",

zConsole API Guide, Release 4.28, July 2020 28

"latitude": 32.925141094962385,
"longitude": -96.84469371892781,
"bssid": "Unknown",
"ssid": "Unknown",
"deviceTime": "2019-01-08 18:39:56 +0000",
"queuedTime": "2019-01-08 18:39:56 +0000",
"persistedTime": "2019-01-08 18:39:56 +0000",
"lastSeenTime": "2019-01-08 18:39:55 +0000",
"mitigatedDate": null,
"deviceModel": "iPhone",
"osType": "iOS",
"osVersion": "11.4.1",
"country": "US",
"userEmail": "[email protected]",
"userPhoneNumber": "",
"firstName": "anonymous",
"middleName": null,
"lastName": "user",
"locationDetail": {
"previousLongitude": -96.84469371892781,
"previousLatitude": 32.925141094962385,
"exact": true,
"previousSampledTimeAsDate": 1546972781000,
"sampledTimeAsDate": 1546972796046
},
"bundleId": "com.zimperium.zIPS.appstore",
"zipsVersion": "4.7.0",
"appName": "zIPS",
"tag1": "",
"tag2": "",
"incidentSummary": "The system has detected that the iOS
version installed on your device is not up-to-date. The outdated
operating system exposes the device to known vulnerabilities and the
threat of being exploited by malicious actors. It is advised to
update your operating system immediately.",
"eventDetail": null
},
{
"eventId": "8065749b-c12c-4ba5-995c-7efaa3eef254",
"eventStateCode": 1,
"eventState": "Pending",
"typeDesc": "ZIPS_EVENT",
"eventVector": "2",
"severity": "IMPORTANT",
"eventName": "THREAT_DETECTED",
"eventFullName": "host.pin",
"customerId": "becky",
"customerContactName": "becky",
"customerContactPhone": "+1 415 1234567",
"deviceHash":
"ae14a9f3359cc75f122c4b38f0a033503b82995e5ec4fe54d5a93df35f9b81",
"deviceId": "37245C48-D3B9-474A-80BA-54E66DDF0D94",
"mdmId": null,
"zdid": "0082956f-380c-4e91-baf6-6e36da54040a",

zConsole API Guide, Release 4.28, July 2020 29

"latitude": 32.925141094962385,
"longitude": -96.84469371892781,
"bssid": "9c:5d:12:fa:b7:27",
"ssid": "z-Wifi",
"deviceTime": "2019-01-08 18:39:43 +0000",
"queuedTime": "2019-01-08 18:39:43 +0000",
"persistedTime": "2019-01-08 18:39:43 +0000",
"lastSeenTime": "2019-01-08 18:39:55 +0000",
"mitigatedDate": null,
"deviceModel": "iPhone",
"osType": "iOS",
"osVersion": "11.4.1",
"country": "US",
"userEmail": "[email protected]",
"userPhoneNumber": "",
"firstName": "Test",
"middleName": null,
"lastName": "User",
"locationDetail": {
"previousLongitude": 0,
"previousLatitude": 0,
"exact": true,
"sampledTimeAsDate": 1546972783751
},
"bundleId": "com.zimperium.zIPS.appstore",
"zipsVersion": "4.7.0",
"appName": "zIPS",
"tag1": "",
"tag2": "",
"incidentSummary": "Your device is not setup to use a PIN
code, Password, or Pattern to lock your device. By not using a PIN
code, Password, or Pattern to lock your device, sensitive data on
the device could be exposed to attackers if your device is stolen or
compromised. It is advised that a PIN code, Password, or Pattern be
enabled as a standard security practice in securing your device and
securing the sensitive data on the device.",
"eventDetail": null
}
]
}

Retrieve a Single Threat Event

This operation retrieves a threat event matching the threat event identifier input value and provides basic
threat information.

Command
Use the following command to retrieve a threat event matching the threat event identifier input value,
and provides basic threat information:

curl -X GET --header 'Accept: application/json' --header 'api_key:

zConsole API Guide, Release 4.28, July 2020 30

<YourAPIKey>' 'https://uat-qi.zimperium.com/API/v1/events/public/
search?rsql=eventId%3D%3D<EventID>&includeFullEventDetail=false&page
=0&size=20&sort=deviceTime%2Cdesc'

where:
● -<YourAPIkey> is the Api key required to access the zConsole.
● -<EventId> is the actual Event ID for that particular event.

Sample Command
curl -X GET --header 'Accept: application/json' --header 'api_key:
5555555555' 'https://uat-qi.zimperium.com/api/v1/events/public/
search?rsql=eventId%3D%3D<EventID>&includeFullEventDetail=false&page
=0&size=20&sort=deviceTime%2Cdesc'

URL
https://zConsole_host/api/v1/events/public/eventId

where:
● zConsole_host is the name of the host where zConsole is installed.
● eventId is the identifier for the event.

Sample Response
{
"eventId": "0a13498d-2c39-48c9-80b1-97434cf315b2",
"eventStateCode": 2,
"eventState": "Fixed",
"typeDesc": "ZIPS_EVENT",
"eventVector": "2",
"severity": "CRITICAL",
"eventName": "THREAT_DETECTED",
"eventFullName": "host.app_tampering",
"customerId": "automation-rest",
"customerContactName": "zauto",
"deviceHash":
"52400f712bff4e1f1cfc9f5cc22794864af1fa65540ac25fe435564351d",
"deviceId": "d6526d0d-87bf-44ce-ac0d-199ac4025a73",
"zdid": "11a57d1e-b516-4321-9e40-173b38a0e764",
"latitude": 49.62370300292969,
"longitude": -104.8738021850586,
"bssid": "e8:fc:af:f6:a5:8d",
"ssid": "AUTO",
"deviceTime": "2019-02-01 17:13:25 +0000",
"queuedTime": "2019-02-01 17:13:25 +0000",
"persistedTime": "2019-02-01 17:13:25 +0000",
"lastSeenTime": "2019-02-01 17:13:25 +0000",
"deviceModel": "iPhoneXS Max",

zConsole API Guide, Release 4.28, July 2020 31

"osType": "iOS",
"osVersion": "12.0.0",
"country": "US",
"userEmail": "[email protected]",
"firstName": "Joe",
"middleName": "T",
"lastName": "Doe",
"locationDetail": {
"previousLongitude": 0.0,
"city": "Englewood",
"previousLatitude": 0.0,
"countryCode": "US",
"exact": false,
"countryName": "United States",
"region": "CO",
"sampledTimeAsDate": 1549041205623
},
"bundleId": "com.zimperium.zips",
"zipsVersion": "4.8.0",
"appName": "zIPS",
"tag1": "",
"tag2": "",
"incidentSummary": "Detected App Tampering while connected to
AUTO."
}

Retrieve Event from Greater than Last Update

This operation retrieves events matching the input criteria of greater than the last updated date for the
event.

Note: This is a retrieve and no events are updated with this call.

Command
Use the following command to retrieve detailed information on a threat event based on the timestamp:

curl -X GET --header 'Accept: application/json' --header 'api_key:

<YourAPIKey>' "https://uat-qi.zimperium.com/api/v1/events/public/
search?rsql=severity%3D%3D'CRITICAL';persistedTime=gt='2020-06-
02T10:15:30'&includeFullEventDetail=false&page=0&size=20&sort=device
Time,desc"

where:
● -<YourAPIkey> is the Api key required to access the zConsole.
● -<Timestamp> is the actual timestamp.

zConsole API Guide, Release 4.28, July 2020 32

Sample Command
curl -X GET --header 'Accept: application/json' --header 'api_key:
5555555' “https://uat-qi.zimperium.com/api/v1/events/public/
search?rsql=severity%3D%3D'CRITICAL';persistedTime=gt='2020-06-
02T10:15:30'&includeFullEventDetail=false&page=0&size=20&sort=device
Time,desc”

URL
https://zConsole_host/api/v1/events/public/severity

where:
● zConsole_host is the name of the host where zConsole is installed.
● severity is the actual severity for the particular event.

Sample Response
{
"content":[
{
"eventId":"eed6700d-465b-453d-b585-276199eca7a0",
"eventStateCode":1,
"eventState":"Pending",
"typeDesc":"ZIPS_EVENT",
"eventVector":"3",
"severity":"CRITICAL",
"eventName":"THREAT_DETECTED",
"eventFullName":"host.app.malicious",
"customerId":"paxsoar",
"customerContactName":"PAXSOAR",
"customerContactPhone":"14151234567",
"deviceHash":"f5b42533a5cd2e4452a954b62a5bbab7ac2147d5bf1ad
e726a48f1f1d111c9",
"deviceId":"c3e39cf6-97aa-38df-86eb-60a8a2cafbc1",
"mdmId":null,
"zdid":"2a086e00-32f3-4c03-90b2-b9fd4ea836e5",
"latitude":null,
"longitude":null,
"bssid":"50:6a:03:ab:b6:6f",
"ssid":"FortressOfSolitude",
"deviceTime":"2020-06-10 21:41:02 +0000",
"queuedTime":"2020-06-10 21:41:02 +0000",
"persistedTime":"2020-06-10 21:41:02 +0000",
"lastSeenTime":"2020-06-15 19:15:00 +0000",
"mitigatedDate":null,
"deviceModel":null,
"osType":null,
"osVersion":null,
"country":null,
"userEmail":"[email protected]",
"userPhoneNumber":"",

zConsole API Guide, Release 4.28, July 2020 33

"firstName":"Fname",
"middleName":null,
"lastName":"Lname",
"locationDetail":null,
"bundleId":"com.zimperium.zips",
"zipsVersion":"4.13.3",
"appName":"zIPS",
"tag1":"",
"tag2":"",
"incidentSummary":"Detected a malicious app on your device.
It is recommended to remove this app from the device.",
"eventDetail":null

}
],
"last":true,
"totalPages":1,
"totalElements":14,
"sort":[
{
"direction":"DESC",
"property":"deviceTime",
"ignoreCase":false,
"nullHandling":"NATIVE",
"ascending":false,
"descending":true

}
],
"size":20,
"number":0,
"numberOfElements":14,
"first":true
}"%"

Retrieve a Detailed Threat Event

This operation retrieves detailed information on a threat event matching the threat event identifier input
value.

Command
Use the following command to retrieve detailed information on a threat event matching the threat event
identifier input value:

curl -X GET --header 'Accept: application/json' --header 'api_key:

<YourAPIKey>' 'https://uat-qi.zimperium.com/api/v1/events/public/
search?rsql=eventId%3D%3D<EventID>&includeFullEventDetail=true&page=
0&size=20&sort=deviceTime%2Cdesc'

where:
● -<YourAPIkey> is the Api key required to access the zConsole.
● -<EventId> is the actual Event ID for that particular event.

zConsole API Guide, Release 4.28, July 2020 34

Sample Command
curl -X GET --header 'Accept: application/json' --header 'api_key:
<YourAPIKey>' 'https://uat-qi.zimperium.com/api/v1/events/public/
search?rsql=eventId%3D%3D55555555555555&includeFullEventDetail=true&
page=0&size=20&sort=deviceTime%2Cdesc'

URL
https://zConsole_host/api/v1/events/public/eventId/detailed

where:
● zConsole_host is the name of the host where zConsole is installed.
● eventId is the identifier for the event.

Sample Response
{
"eventId": "0a13498d-2c39-48c9-80b1-97434cf315b2",
"eventStateCode": 2,
"eventState": "Fixed",
"typeDesc": "ZIPS_EVENT",
"eventVector": "2",
"severity": "CRITICAL",
"eventName": "THREAT_DETECTED",
"eventFullName": "host.app_tampering",
"customerId": "automation-rest",
"customerContactName": "zauto",
"deviceHash":
"52400f712bff4be5e1e1f1cfc9f5cc22794864af1fa65540ac25fe435564351d",
"deviceId": "d6526d0d-87bf-44ce-ac0d-199ac4025a73",
"zdid": "11a57d1e-b516-4321-9e40-173b38a0e764",
"latitude": 49.62370300292969,
"longitude": -104.8738021850586,
"bssid": "e8:fc:af:f6:a5:8d",
"ssid": "AUTOMATION",
"deviceTime": "2019-02-01 17:13:25 +0000",
"queuedTime": "2019-02-01 17:13:25 +0000",
"persistedTime": "2019-02-01 17:13:25 +0000",
"lastSeenTime": "2019-02-01 17:13:25 +0000",
"deviceModel": "iPhoneXS Max",
"osType": "iOS",
"osVersion": "12.0.0",
"country": "US",
"userEmail": "[email protected]",
"firstName": "zAuto",
"middleName": "Tool",
"lastName": "QA",
"locationDetail": {
"previousLongitude": 0,
"city": "Englewood",

zConsole API Guide, Release 4.28, July 2020 35

"previousLatitude": 0,
"countryCode": "US",
"exact": false,
"countryName": "United States",
"region": "CO",
"sampledTimeAsDate": 1549041205623
},
"bundleId": "com.zimperium.vzips",
"zipsVersion": "4.8.0",
"appName": "zIPS",
"tag1": "",
"tag2": "",
"incidentSummary": "Detected App Tampering while connected to
AUTOMATION.",
"eventDetail": {
"severity": 3,
"process_list": [],
"os": 2,
"threat_uuid": "${threatUDID}",
"network_threat": {
"my_ip": "192.0.2.0",
"basestation": "",
"gw_ip": "192.0.2.0",
"routing_table": [],
"my_mac": "NO_MDM",
"gw_mac": "00:00:00:00:00:00",
"interface": "lo0",
"arp_tables": {},
"net_stat": [
{
"Recv-Q": "0",
"Proto": "TCP",
"State": "LISTEN",
"Foreign Address": "*:0",
"Send-Q": "0",
"Local Address": "*:50381"
},
{
"Recv-Q": "0",
"Proto": "UDP",
"State": "CLOSE",
"Foreign Address": "*:0",
"Send-Q": "0",
"Local Address": "*:5060"
}
]
},
"app_tampering_reasons": "MobileSubstrate code injection library
detected",
"directory_entries": [
{
"file_name": "/usr/lib/FDRSealingMap.plist",
"nlink": 1,
"is_symlink": false,

zConsole API Guide, Release 4.28, July 2020 36

"permission": "-rw-r--r--",
"hash":
"de706e0c44d65d3a9eca570030d9cb8e8ff3511e562052a52a352f680fc10f",
"file_size": 6987
},
.
.
.
{
"file_name": "/usr/lib/xpc/support.bundle/support",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"9c1343025e7406ced0b37dde627f611549facc9e25576770da685e412f7098",
"file_size": 104224
}
],
"type": 75,
"time_interval": 0,
"general": [
{
"val": "0",
"name": "Time Interval",
"type": "interval"
},
{
"val": "App Tampering",
"name": "Threat Type"
},
{
"val": "00:00:00:00:00:00",
"name": "Gateway MAC"
},
.
.
.
{
"val": "127.0.0.1",
"name": "Gateway IP"
},
{
"val": "02 01 2019 17:13:23",
"name": "Device Time"
}
],
"BSSID": "e8:fc:af:f6:a5:8d",
"attack_time": {
"$date": 1549041203000
},
"routing_table": [
{
"refs": 7,
"use": 17698,

zConsole API Guide, Release 4.28, July 2020 37

"netif": "lo0",
"flags": "UH ",
"destination": "127.0.0.1",
"gateway": "127.0.0.1"
}
],
"close_networks": [
{
"capabilities": "N/A",
"BSSID": "e8:fc:af:f6:a5:8d",
"level": 0,
"SSID": "AUTOMATION",
"frequency": 0
}
],
"SSID": "AUTOMATION"
}
}

Retrieve an App Classification with a Name

This operation retrieves an app classification given an app name.

Command
Use the following command to retrieve an app classification given an app name:

curl -X GET --header 'Accept: application/json' --header 'api_key:

<YourAPIKey>' “https://uat.qi.zimperium.com/api/v1/malware/public/
classify/name/<appname>”

where:
● -<YourAPIkey> is the Api key required to access the zConsole.
● -<AppName> is the name of the app.

Sample Command
curl -X GET --header 'Accept: application/json' --header 'api_key:
55555555' "https://uat-qi.zimperium.com/api/v1/malware/public/
classify/name/Instagram”

URL
https://zConsole_host/api/v1/malware/public/classify/name/name

where:
● zConsole_host is the name of the host where zConsole is installed.
● name is the name of the app.

zConsole API Guide, Release 4.28, July 2020 38

Sample Response
{
"content": [
{
"objectId": "d28bf74c-c978-488e-a7e4-e15f4d864927",
"systemToken": "joseph",
"hash":
"aad9b2fd4606467f06931d72048ee1dff137cbc9b601860a88ad6a2c092",
"modifiedDate": "2018-12-14 12:37:52 UTC",
"classification": "Legitimate",
"name": "Test",
"version": "2.1.3",
"score": 0.00,
"privacyEnum": 0,
"securityEnum": 1,
"processState": "AVAILABLE",
"deviceCount": 0,
"metadata": {
"name": "Test",
"bundleId": "com.apple.Test",
"applicationSize": 10600448,
"id": "045c470c-e636-9da6-5b1005c8459f",
"version": "2.1.3",
"hash":
"aad9b2fd4606467f06931d72048ee1dff137cbc9b601860a88ad6a2c092",
"platform": "iOS"
},
"securityRisk": "Medium",
"privacyRisk": "Low"
}
],
"first": true,
"last": true,
"size": 30,
"number": 0,
"numberOfElements": 1
}

Retrieve an App Classification with a Hash Code

This operation retrieves an app classification given a hash code.

Command
Use the following command to retrieve an app classification given an app name:

curl -X GET --header 'Accept: application/json' --header 'api_key:

<YourAPIKey>' "https://uat.qi.zimperium.com/api/v1/malware/public/
classify/hash/<hashcode>”

where:
● -<YourAPIkey> is the Api key required to access the zConsole.

zConsole API Guide, Release 4.28, July 2020 39

● -<hashcode> is the hash code of the app.

URL
https://zConsole_host/api/v1/malware/public/classify/hash/hash

where:
● zConsole_host is the name of the host where zConsole is installed.
● hash is the hash code of the app.

Sample Response
[
{
"objectId": "d28bf74c-c978-488e-a7e4-e15f4d864927",
"systemToken": "joseph",
"hash":
"aad9b2fd4606467f06931d72048ee1dff137cbc9b601860a88ad6a2c092",
"modifiedDate": "2018-12-14 12:37:52 UTC",
"classification": "Legitimate",
"name": "Test",
"version": "2.1.3",
"score": 0.00,
"privacyEnum": 0,
"securityEnum": 1,
"processState": "AVAILABLE",
"deviceCount": 0,
"metadata": {
"name": "Test",
"bundleId": "com.apple.Test",
"applicationSize": 10600448,
"id": "045c470c-e6f4-3b86-9da6-5b1005c8459f",
"version": "2.1.3",
"hash":
"aad9b2fd4606467f06931d72048ee1dff137cbc9b601860a88ad6a2c092",
"platform": "iOS"
},
"securityRisk": "Medium",
"privacyRisk": "Low"
}
]

zConsole API Guide, Release 4.28, July 2020 40

Retrieve a Report with a Bundle Identifier
This operation retrieves an application report given an input bundle identifier.

Android Command
Use the following command to retrieve an application report given an input bundle identifier:

curl -X GET --header 'Accept: application/json' --header 'api_key:

<YourAPIKey>' "https://uat-qi.zimperium.com/api/v1/malware/public/
reports/bundle/<bundleId>?platform=android"

iOS Command
curl -X GET --header 'Accept: application/json' --header 'api_key:
<YourAPIKey>' "https://uat-qi.zimperium.com/api/v1/malware/public/
reports/bundle/<bundleID>?platform=ios"

where:
● -<YourAPIkey> is the Api key required to access the zConsole.
● -<bundleid>is the Bundle identifier for the application, such as “com.zimperium.ZIPS”

Sample Android Command

curl -X GET --header 'Accept: application/json' --header 'api_key:
555555555' “https://uat-qi.zimperium.com/api/v1/malare/public/
reports/bundle/com.google.android.deskclock?platform=android”

Sample iOS Command

curl -X GET --header 'Accept: application/json' --header 'api_key:
555555555' "https://uat-qi.zimperium.com/api/v1/malware/public/
reports/bundle/com.starbucks.mystarbucks?platform=ios”

URL
https://zConsole_host/api/v1/malware/public/reports/bundle/bundleId

where:
● zConsole_host is the name of the host where zConsole is installed.
● bundleId is the bundle identifier for an application, such as “com.zimperium.ZIPS”.

Sample Response
This operation’s response is a report similar to the report given a hash code input. The report response is
provided in the “Retrieve a Report with a Hash Code” section.

Retrieve a Report with a Hash Code

This operation retrieves an application report given an input hash code.

zConsole API Guide, Release 4.28, July 2020 41

Command
Use the following command to retrieve an application report given an input hash code:

Android Command
Use the following command to retrieve an application report given an input bundle identifier:

curl -X GET --header 'Accept: application/json' --header 'api_key:

<YourAPIKey>' "https://uat-qi.zimperium.com/api/v1/malware/public/
reports/hash/<HashCode>?platform=android"

where:
● <YourAPIkey> is the Api key required to access the zConsole.
● <HashCode> is the actual hash code of the app.

URL
https://zConsole_host/api/v1/malware/public/reports/hash/hash
where:
● zConsole_host is the name of the host where zConsole is installed.
● hash is a hash code for an application.

Sample Android Commands

curl -X GET --header 'Accept: application/json' --header 'api_key:
55555555555' “https://uat-qi.zimperium.com/api/v1/malware/public/
reports/hash/493e7e9fc7689956a65682a7a28f18b0?platform=android”

Sample iOS Commands

curl -X GET --header 'Accept: application/json' --header 'api_key:
5555555555' "https://uat-qi.zimperium.com/api/v1/malware/public/
reports/hash/f1ad2c3ea941c396e3aede5127908c07?platform=ios"

Sample Response
Because of the length of the report response, this response was reduced in size. For instance, the array
instances were reduced, and also some of the messages were shortened for readability.
{
"report": {
"report": {
"threats": {

zConsole API Guide, Release 4.28, July 2020 42

"total": null,
"status": "Waiting in the queue",
"detected": null,
"scan_details": [],
"detected_skip": 0
},
"behavior": {
"sms": [],
"network": {
"http_requests": null
},
"count_sms": 0,
"telephony": null,
"broadcast_receivers": []
},
"certificate": {
"app_signature": "\tMETA-INF/INST.RSA\nOwner: CN=John
Camp, O=Inst Inc, L=San Francisco, ST=California, C=US\nSignature
algorithm name: SHA1withRSA\nSubject Public Key Algorithm: 1024-bit
RSA key\nVersion: 3\n",
"serial_number_risk_score": 93,
"serial_number_app_instances": 913
},
"app_analysis": {
"name": "Inst",
"urls": [
{
"url": "https://www.fc.com/maps/report/?",
"source": [
{
"class": "com.fc.android.maps.m"
}
],
"url_info": {
"hb": 0,
"site": {
"domain": "fc.com"
},
"hb_tm": null,
"robot": 0,
"whois": {
"creation": "1997-03-28",
"expiration": "2025-03-29",
"name_server": "a.ns.fc.com,b.ns.fc.com"
},
"server": {
"ip": "192.0.2.0",
"city": "",
"region": "",
"as_name": "FB - Fb, Inc., US",
"country": "Ireland",
"latitude": "53.3472",
"as_number": "32934",
"longitude": "-6.2439",

zConsole API Guide, Release 4.28, July 2020 43

"BGP_Prefix": "31.13.93.0/24",
"allocated_date": "2011-04-18"
},
"exp_check": 0,
"has_problem": 0,
"site_reputation": "No reputation violations
discovered",
"freak_vulnerability": false,
"robot_vulnerability": false,
"valid_chain_of_trust": true
}
}
],
"owasp": [
{
"name": "m1",
"found": false,
"risks": "No information available.",
"description": "M1: Improper Platform Usage"
},
{
"name": "m2",
"found": false,
"risks": "No information available.",
"description": "M2: Insecure Data Storage"
}
],
"status": "Completed",
"intents": {
"android.intent.extra.TEXT": [
{
"class": "com.inst.util.t.d",
"description": "A constant CharSequence that is
associated with the Intent, used with ACTION_SEND to supply the
literal data to be sent."
},
{
"class": "com.inst.inappbrowser.service.e",
"description": "A constant CharSequence that is
associated with the Intent, used with ACTION_SEND to supply the
literal data to be sent."
}
],
"android.intent.extra.EMAIL": [
{
"class": "com.inst.business.g.dm",
"description": "A String[] holding e-mail
addresses that should be delivered to."
}
]
},
"analysis": {
"native_files": [
{

zConsole API Guide, Release 4.28, July 2020 44

"md5": "cff6312c7802a482595de43091633a3f",
"name": "/lib/armeabi-
v7a/libnative_redex_tools_oatmeal_oatmeal-src.so"
},
{
"md5": "a91d47df57b40ce81c05f7753e0b8850",
"name": "/lib/armeabi-v7a/libclasstracing.so"
}
],
"embedded_files": [],
"Creates a new unconnected socket.": [
{
"class":
"com.inst.video.videocall.activity.VideoCallActivity",
"category": "Network",
"unique code": false
},
{
"class": "com.fc.acra.util.b",
"category": "System",
"unique code": false
}
],
"Returns the ISO country code equivalent for the SIM
provider's country code. This could be considered data leakage if
the information is sent to a remote server.This is an informational
finding.": [
{
"class":
"com.inst.video.videocall.activity.VideoCallActivity",
"category": "Telephony",
"unique code": false
},
{
"class": "com.fc.common.e.a",
"category": "Telephony",
"unique code": false
},
{
"class":
"com.inst.phonenumber.model.CountryCodeData",
"category": "Telephony",
"unique code": false
}
],
"This application uses getLastKnownLocation() to
retrieve the last known GPS coordinates.": [
{
"class":
"com.inst.video.videocall.activity.VideoCallActivity",
"category": "Location",
"unique code": false
},
{

zConsole API Guide, Release 4.28, July 2020 45

"class": "com.inst.util.f.f",
"category": "Location",
"unique code": false
},
{
"class":
"android.support.v4.content.FileProvider",
"category": "Location",
"unique code": false
}
]
},
"hardware": {
"android-hardware-wifi": {
"classes": [],
"description": "The application uses 802.11
networking (wifi) features on the device."
},
"android-hardware-camera": {
"classes": [
{
"class": "com.inst.bugreporter.q"
},
{
"class": "com.fc.tools.dextr.runtime.a.b"
},
{
"class": "com.fc.optic.dn"
}
],
"description": "The application uses the device's
camera."
}
},
"md5_hash": "fc3870c5ddc8ee13342b8e9dd1de7484",
"sha1_hash": "ec9300dc33bdcfae9acd3485ee01240b79da8878",
"components": {
"activity": {
"classes": [
{
"class":
"com.inst.mainactivity.MainActivity",
"access": "public"
},
{
"class":
"com.google.android.gms.auth.api.signin.RevocationBoundService",
"access": "public"
}
],
"description": "A service is a component that runs
in the background to perform long-running operations."
},
"providers": {

zConsole API Guide, Release 4.28, July 2020 46

"classes": [
{
"class":
"com.inst.contentprovider.users.impl.IgLoggedInUsersContentProvider"
,
"access": "public"
},
{
"class":
"com.inst.common.analytics.phoneid.InstPhoneIdProvider",
"access": "public"
}
],
"description": "A content provider manages a
shared set of application data.For more information, see the Content
Providers developer guide."
},
"activity_alias": {
"classes": [
{
"class":
"com.inst.android.activity.MainTabActivity",
"access": "private"
}
],
"description": "The alias presents the target
activity as a independent entity."
}
},
"app_version": "",
"permissions": {
".permission.C2D_MESSAGE": {
"classes": [
"Unused permission"
],
"description": "No information available"
},
"android.permission.CAMERA": {
"classes": [
{
"class": "com.inst.bugreporter.q"
},
{
"class": "com.fc.optic.dn"
}
],
"description": "Required to be able to access the
camera device."
},

"com.inst.direct.permission.DIRECT_APP_THREAD_STORE_SERVICE": {
"classes": [
"Unused permission"
],

zConsole API Guide, Release 4.28, July 2020 47

"description": "No information available"
}
},
"sdk_version": null,
"sha256_hash":
"bb579d61869ec810f314970ba16ae7544217fe0d8bd85fceb8954aeb71ad0f12",
"third_party": [
{
"desc": null,
"name": "Signpost",
"type": "OAuth Library",
"reference_url": "https://code.google.com/p/oauth-
signpost/"
},
{
"desc": null,
"name": "Inst",
"type": "Photo Sharing",
"reference_url": "http://inst.com"
}
],
"package_name": "com.inst.android",
"schemes_list": [
"content://com.htc.launcher.settings/favorites",
"file:///android_asset/webview_error.html",
"market://details?id=com.inst.android"
],
"repacked_list": [],
"engine_version": "4.2.6",
"app_version_code": "",
"application_type": "Android",
"discovered_emails": []
},
"distribution": {
"markets": {
"Socio": "No",
"ZIP Apk": "No",
"AppChina":
"http://www.appchina.com/app/com.inst.android/",
"Slide me": "No",
"Brothersoft": "No"
},
"torrents": "Not present",
"file_share": [
{
"url":
"http://www.4shared.com/servlet/signin/fc?fp=http://www.4shared.com/
file/OStiMGmC/inst_apk.html",
"app_name": "inst apk.apk ",
"file_size": "1.65 MB",
"site_name": "4shared"
},
{

zConsole API Guide, Release 4.28, July 2020 48

"url":
"http://getwapi.com/software/getload/4yZfEcKnba/inst_repack.html",
"app_name": "Inst Repack.apk",
"file_size": "Size:",
"site_name": "Getwapi"
},
{
"url":
"http://www.mediafire.com/?g2mene43bbhgvy1",
"app_name": "inst-androideetc.apk ",
"file_size": "12.77 MB",
"site_name": "Mediafire"
}
],
"market_data": {
"app_url":
"http://www.appchina.com/app/com.inst.android/",
"app_name": "Inst照片分享",
"app_type": "apk",
"category": "社交网络",
"file_size": "9.4 MB",
"app_market": "appchina",
"date_added": "May 19, 2013",
"product_id": "com.inst.android",
"description": "\r\n\t\t\t超过 2.0 亿用户对 Inst \r\n\t\t",
"company_name": "venice0871",
"average_rating": "0",
"date_last_updated": "October 20, 2013",
"download_file_url":
"http://www.appchina.com/market/r/1276786/com.inst.android.apk?c=www
.direct&uid=3D349CD0FFA3A3805B7F2D5F7FD7684D&p=www.detail",
"number_of_ratings": "0",
"number_of_reviews": "0"
}
},
"risk_profile": {
"privacy": [
{
"desc": "The permission to one or more content
provider's data is granted, this could potentially lead to
information disclosure.",
"Risk Level": "High"
},
{
"desc": "Returns the current enabled/disabled
status of the given provider.",
"Risk Level": "Medium"
}
],
"security": [
{
"desc": "The apps creates new OS subprocess.",
"Risk Level": "High"

zConsole API Guide, Release 4.28, July 2020 49

},
{
"desc": "Within the Android APK package we
identified additional files in native code format. These files could
conceal additional privacy and security risks that will be elsewhere
in this report.",
"Risk Level": "Low"
}
],
"overall_risk": "Out",
"privacy_risk": 64,
"security_risk": 90,
"detection_rate": "0/0",
"intell_privacy": [
"This application requests location updates from the
Location Manager.",
"The app loads cryptographic keystores"
],
"intell_security": [
"URL's were found embedded in the app that do not use
a secure protocol. The app stores key mapped value strings to the
SharedPreferences storage."
]
}
}
},
"ContentInformation": "Copyright 2018 Zimperium"
}

Retrieve a Report with an iTunes Identifier

This operation retrieves an application report given an iTunes identifier.

Command
Use the following command to retrieve an application report given an input hash code:

curl -X GET --header 'Accept: application/json' --header 'api_key:

<YourAPIKey>' "https://uat-qi.zimperium.com/api/v1/malware/pubic/
reports/itunes/<itunesID>"

where:
● -<YourAPIkey> is the Api key required to access the zConsole.
● -<itunesID> is the iTunes identifier for an application

Sample Command
curl -X GET --header 'Accept: application/json' --header 'api_key:
5555555555555' "https://uat-qi.zimperium.com/api/v1/malware/public
/reports/itunes/333334"

zConsole API Guide, Release 4.28, July 2020 50

URL
https://zConsole_host/api/v1/malware/public/reports/itunes/itunesId

where:
● zConsole_host is the name of the host where zConsole is installed.
● itunesId is the iTunes identifier for an application.

The full URL for an itunes (app store) application is in the format of the following:

https://itunes.apple.com/us/app/application/idnumberForId

where:
▪ application is the name of the application.
▪ numberForId is the iTunes identifier for the application.

Note: To get the URL for an itunes application go to the application store and
under the application, access the link, such as “Copy Link”. For example, this is
a link for an application:

https://itunes.apple.com/us/app/facetime/id414307850

Sample Response
This operation’s response is a report similar to the report given a hash code input. The report response is
provided in the previous section “Retrieve a Report with a Hash Code”.

Upload Application File for Analysis

This operation posts an application to the zConsole so that it can be analyzed. It takes in an iOS or APK
(Android) application file as input. Applications uploaded with this API can be queried with an API
operation (currently, they do not show up in the application list within the zConsole UI).

Command
Use the following command to post an application to the zConsole so that it can be analyzed. It takes in
an iOS or APK (Android) application file as input:

curl -X POST --header 'Content-Type: multipart/form-data' --header

'Accept: application/json' --header 'api_key: <YourAPIKey>'
{"type":"formData"} -F 'file1=@/File/path/<AppFileName>'

where:
● -<YourAPIkey> is the Api key required to access the zConsole.
● -<AppFileName> is the name of the file.

zConsole API Guide, Release 4.28, July 2020 51

Sample Command
curl -X POST --header 'Content-Type: multipart/form-data' --header
'Accept: application/json' --header 'api_key: 5555555555 '
{"type":"formData"} -F 'file1=@/Users/test/Downloads/Appname.ext'

URL
https://zConsole_host/api/v1/malware/public/upload/app

where:
● zConsole_host is the name of the host where zConsole is installed.

Parameter List:
● file1 is the first file to upload.
● file2 is the second file to upload.
● file3 is the third file to upload.
● file4 is the fourth file to upload.
● file5 is the fifth file to upload.

Sample Response
{
"0": {
"metadata": "{\"version\": \"1.0\", \"app_name\":
\"com.geohot.towelroot\", \"features\": [{\"hash\":
\"e134e785d0e3e043fc0cfcfe69903d8e\", \"size\": 113099, \"type\": 0,
\"crc16\": 2814}, {\"hash\": \"4aaf8b687ee21f00ebdbfeb9efa0b316\",
\"size\": 6232, \"type\": 1, \"crc16\": 3240}, {\"hash\":
\"0a06c909ec56cf1d64ba55dca4d02ff4\", \"size\": 128, \"type\": 1,
\"crc16\": 19590}], \"metadata\": {\"package\":
\"com.geohot.towelroot\", \"subject\": {\"commonName\": \"George
Hotz\"}, \"filename\": \"/storage/emulated/0/Download/tr.apk\",
\"services\": [], \"receivers\": [], \"signature\":
\"0a06c909ec56cf1d64ba55dca4d02ff4\", \"activities\":
[\"com.geohot.towelroot.TowelRoot\"], \"permissions\":
[\"android.permission.INTERNET\",
\"android.permission.KILL_BACKGROUND_PROCESSES\"]}, \"device_id\":
\"5a4d58cfc0f5d13d965ab7df\", \"query_type\": 0, \"environment\":
\"Demo\", \"query_source\": 1, \"system_token\": \"rajdemo\",
\"detected_locally\": true, \"z3a_report_limit\": 100}",
"md5_hash": "e134e785d0e3e043fc0cfcfe69903d8e",
"z_hash": "e134e785d0e3e043fc0cfcfe69903d8e",
"classification": "MALICIOUS",
"modified_date": 1529944673500,
"version": "1.0",
"object_id": "78DAC52A-7F21-4E5F-8EE5-DAF22FB7ABDC",
"platform": "ANDROID",
"signatures": [],
"http-status-code": 200,
"sampleExtension": {

zConsole API Guide, Release 4.28, July 2020 52

"detectedBy": "SERVER",
"filePointer": null,
"created_date": 1482238510719,
"modified_date": 1482238510719,
"object_id": "78DAC52A-7F21-4E5F-8EE5-DAF22FB7ABDC"
},
"name": "towelroot",
"namespace": "com.geohot.towelroot",
"created_date": 1469634705592,
"family": null
}
}

Upload an Application File for Analysis with URL

This operation posts an application to the zConsole so that it can be analyzed. It takes in an iTunes
application URL as input for the application to upload. Applications uploaded with this API can be queried
with an API operation (currently, they do not show up in the application list within the zConsole UI).

Sample Command
curl -X POST --header 'Content-Type: multipart/form-data' --header
'Accept: application/json' --header 'api_key:<YourAPIKey>'
-F 'file1=@/Users/test/Downloads/<Appfilename>' https://uat-
qi.zimperium.com/api/v1/Malware/public/upload/app

URL
https://zConsole_host/api/v1/malware/public/upload/itunes

where:
● zConsole_host is the name of the host where zConsole is installed.

Parameter List:
● url is the full URL for the itunes (app store) application. This URL is in the format of the
following:

https://itunes.apple.com/us/app/application/idnumberForId

where:
● application is the name of the application.
● numberForId is the identifier for the application.

Note: To get the URL for an itunes application go to the application store and
under the application, access the link, such as “Copy Link”. For example, this is
a link for an application:

https://itunes.apple.com/us/app/facetime/id414307850

zConsole API Guide, Release 4.28, July 2020 53

Sample Response
{
"name": "FaceTime",
"family": null,
"namespace": "com.apple.FaceTime",
"version": "1.0.5",
"platform": "IOS",
"classification": "LEGIT",
"metadata": "{\n \"mi3Hash\" : \"\",\n \"md5Hash\" :
\"414307850\",\n \"name\" : \"FaceTime\",\n \"bundleId\" :
\"com.apple.FaceTime\",\n \"applicationSize\" : \"17603544\",\n
\"id\" : \"\",\n \"version\" : \"1.0.5\",\n \"hash\" :
\"cf63c189740080415472274ca5487dd8b3c82d58f21722cc21e06bf98e54d4c1\"
,\n \"platform\" : \"iOS\"\n}",
"signatures": [],
"sampleExtension": null,
"object_id": "9DF29F64-4A4F-4077-98CD-B2311E7B1070",
"md5_hash": "414307850",
"z_hash":
"cf63c189740080415472274ca5487dd8b3c82d58f21722cc21e06bf98e54d4c1",
"created_date": 1531157095573,
"modified_date": 1531157095573
}

Create a Tenant
This operation creates a new tenant.

Method
POST

URL
https://zConsole_host/api/v1/appdirect/public/tenant

where:
● zConsole_host is the name of the host where zConsole is installed.

Sample Body
‘tenantRequest’ Parameter Body
{
"name": "string",
"segment": "ENTERPRISE",
"tenantId": "string",
"language": "string",
"address": "string",
"city": "string",

zConsole API Guide, Release 4.28, July 2020 54

"state": "string",
"zipCode": "string",
"country": "string",
"contactName": "string",
"contactEmail": "string",
"contactPhone": "string",
"supportsPrivacy": true,
"planId": "string"
}

These fields are required:

● name
● language
● planId

The plan identifier has these values:

● 1 = Basic
● 2 = Advanced

The segment field has these values and this field is optional:
● ENTERPRISE = Large Business
● SMB = Small to Medium Business

Sample Response

Update a Tenant
This operation updates an existing tenant.

Method
PUT

URL
https://zConsole_host/api/v1/appdirect/public/tenant

where:
● zConsole_host is the name of the host where zConsole is installed.

Sample Body
‘tenantRequest’ Parameter Body
{
"name": "string",
"segment": "ENTERPRISE",
"tenantId": "string",
"language": "string",

zConsole API Guide, Release 4.28, July 2020 55

"address": "string",
"city": "string",
"state": "string",
"zipCode": "string",
"country": "string",
"contactName": "string",
"contactEmail": "string",
"contactPhone": "string",
"supportsPrivacy": true,
"planId": "string"
}

The segment field has these values and this field is optional:
● ENTERPRISE = Large Business
● SMB = Small to Medium Business

Sample Response
{
"objectId": "8D9E175B-CB54-493D-ACD6-CE2A5076762D",
"name": "Automation Rest Test",
"tenantId": "automation-rest-test",
"language": "english",
"contactEmail": "[email protected]",
"address": "990 Main Way",
"city": "Addison",
"state": "TX",
"zipCode": "76001",
"country": "us",
"createdDate": "2019-03-05 17:54:01 +0000",
"activatedDate": "2019-03-05 17:54:01 +0000",
"modifiedDate": "2019-03-05 17:54:01 +0000",
"acceptor": {
"module": "acceptor",
"hostname": "demo-acceptor.zimperium.com",
"description": "acceptor",
"token": "demo",
"status": 1,
"useAsDefault": true
},
"processor": {
"module": "processor",
"hostname": "demo-acceptor.zimperium.com",
"description": "processor",
"token": "demo",
"status": 1,
"useAsDefault": true
},
"frontend": {
"module": "frontend",
"hostname": "demo-device-api.zimperium.com",
"description": "frontend",

zConsole API Guide, Release 4.28, July 2020 56

"token": "demo",
"status": 3,
"useAsDefault": true
},
"licensingPlan": {
"objectId": "2",
"name": "Advanced",
"active": true
},
"supportsPrivacy": true,
"supportsGeolocation": true,
"supportsTestingVersions": false,
"supportsDeviceLogo": false,
"enableZipline": false,
"enableMi3Reports": false,
"regStep": 1,
"status": 1,
"archiveQueue": "global_archive",
"supportedOperatingSystems": [
{
"objectId": "1",
"name": "iOS"
},
{
"objectId": "2",
"name": "Android"
},
{
"objectId": "3",
"name": "Windows_Phone"
}
],
"apiKey": "MCzJ1b2iaje5oKcIHlocg7yTGOXLn",
"segment": "ENTERPRISE",
"globalUser": false,
"applyStateBySample": true
}

Delete a Tenant
This operation deletes an existing tenant given the tenant identifier as an input parameter.

Method
DELETE

URL
https://zConsole_host/api/v1/appdirect/public/tenant/id

where:
● zConsole_host is the name of the host where zConsole is installed.

zConsole API Guide, Release 4.28, July 2020 57

● id is the identifier for the tenant.

Sample Response
This delete operation does not return a response.

Retrieve a Tenant
This operation retrieves an existing tenant given the tenant identifier as an input parameter.

Method
GET

URL
https://zConsole_host/api/v1/appdirect/public/tenant/id

where:
● zConsole_host is the name of the host where zConsole is installed.
● id is the identifier for the tenant.

zConsole API Guide, Release 4.28, July 2020 58

"status": 1,
"useAsDefault": true
},
"frontend": {
"module": "frontend",
"hostname": "demo-device-api.zimperium.com",
"description": "frontend",
"token": "demo",
"status": 3,
"useAsDefault": true
},
"licensingPlan": {
"objectId": "2",
"name": "Advanced",
"active": true
},
"supportsPrivacy": true,
"supportsGeolocation": true,
"supportsTestingVersions": false,
"supportsDeviceLogo": false,
"enableZipline": false,
"enableMi3Reports": false,
"regStep": 1,
"status": 1,
"archiveQueue": "global_archive",
"supportedOperatingSystems": [
{
"objectId": "1",
"name": "iOS"
},
{
"objectId": "2",
"name": "Android"
},
{
"objectId": "3",
"name": "Windows_Phone"
}
],
"apiKey": "MCzJ1b2iaje5oKcIHlocg7yTGOXLn",
"segment": "ENTERPRISE",
"globalUser": false,
"applyStateBySample": true
}

Update a User by an Email

This operation updates an existing user by using their email address.

Method
PUT

zConsole API Guide, Release 4.28, July 2020 59

URL
https://zConsole_host/api/v1/appdirect/public/user

where:
● zConsole_host is the name of the host where zConsole is installed.

Sample Body
‘userRequest’ Parameter Body

{
"email": "string",
"firstName": "string",
"middleName": "string",
"lastName": "string"
}
Sample Response
{
"objectId": "0FBC474F-B52A-479D-B256-E5F8886240E9",
"customerId": "8D9E175B-CB54-493D-ACD6-CE2A5076762D",
"firstName": "zAuto",
"middleName": "Tool",
"lastName": "QA",
"alias": "d0d61a1d-91a4-4727-b917-695550defc0e",
"email": "[email protected]",
"status": 1,
"agreedToTerms": true,
"role": 4,
"signupSteps": 1,
"pwdRecoveryRequest": false,
"lastLogin": "2019-03-05 17:54:07 +0000",
"createdDate": "2019-03-05 17:54:07 +0000",
"dateJoined": "2019-03-05 17:54:07 +0000",
"modifiedDate": "2019-03-05 17:54:07 +0000",
"activationTokenUrl": "https://demo-device-
api.zimperium.com/activation?stoken\u003d6061IEjB\u0026redirect_uri\
u003dzips",
"activationTokenExpiry": "2019-03-12 17:54:07 +0000",
"superuser": false,
"staff": false,
"phoneNumberVerified": false,
"syncedFromMdm": false
}

Create a User for a Tenant

This operation creates a new user for an existing tenant.
Method
POST

zConsole API Guide, Release 4.28, July 2020 60

URL
https://zConsole_host/api/v1/appdirect/public/user/tenant/tenantId

where:
● zConsole_host is the name of the host where zConsole is installed.
● tenantId is the identifier for the tenant where the user is added.

Sample Body
‘userRequest’ Parameter Body
{
"email": "string",
"password": "string",
"firstName": "string",
"middleName": "string",
"lastName": "string",
"language": "string",
"type": "DEFAULT",
"sendWelcomeInvitation": true,
"phoneNumber": "string"
}

Sample Response

{
"objectId": "0FBC474F-B52A-479D-B256-E5F8886240E9",
"customerId": "8D9E175B-CB54-493D-ACD6-CE2A5076762D",
"firstName": "zAuto",
"middleName": "Tool",
"lastName": "QA",
"alias": "d0d61a1d-91a4-4727-b917-695550defc0e",
"email": "[email protected]",
"status": 1,
"agreedToTerms": true,
"role": 4,
"signupSteps": 1,
"pwdRecoveryRequest": false,
"lastLogin": "2019-03-05 17:54:07 +0000",
"createdDate": "2019-03-05 17:54:07 +0000",
"dateJoined": "2019-03-05 17:54:07 +0000",
"modifiedDate": "2019-03-05 17:54:07 +0000",
"activationTokenUrl": "https://demo-device-
api.zimperium.com/activation?stoken\u003d6061IEjB\u0026redirect_uri\
u003dzips",
"activationTokenExpiry": "2019-03-12 17:54:07 +0000",
"superuser": false,
"staff": false,
"phoneNumberVerified": false,
"syncedFromMdm": false
}

zConsole API Guide, Release 4.28, July 2020 61

Delete a User
This operation deletes an existing user given the user identifier as an input parameter.

Method
DELETE

URL
https://zConsole_host/api/v1/appdirect/public/user/id

where:
● zConsole_host is the name of the host where zConsole is installed.
● id is the identifier for the user.

Sample Response
This delete operation does not return a response.

Retrieve a User
This operation retrieves an existing user given the user identifier as an input parameter.

Method
GET

URL
https://zConsole_host/api/v1/appdirect/public/user/id

where:
● zConsole_host is the name of the host where zConsole is installed.
● id is the identifier for the user.

Sample Response
{
"objectId": "199BE8BD-301B-4FBB-8239-D44ED849958E",
"customerId": "8D9E175B-CB54-493D-ACD6-CE2A5076762D",
"firstName": "zAuto",
"middleName": "Tool",
"lastName": "QA",
"alias": "0a285922-1c9a-43d1-b86c-0d771ee1c2c6",
"email": "[email protected]",
"status": 1,
"agreedToTerms": true,
"role": 3,
"signupSteps": 1,
"pwdRecoveryRequest": false,
"lastLogin": "2019-03-05 17:54:08 +0000",

zConsole API Guide, Release 4.28, July 2020 62

"createdDate": "2019-03-05 17:54:08 +0000",
"dateJoined": "2019-03-05 17:54:08 +0000",
"modifiedDate": "2019-03-05 17:54:08 +0000",
"activationTokenUrl": "https://demo-device-
api.zimperium.com/activation?stoken\u003dmU6Y9qWh\u0026redirect_uri\
u003dzips",
"activationTokenExpiry": "2019-03-12 17:54:08 +0000",
"superuser": false,
"staff": false,
"phoneNumberVerified": false,
"syncedFromMdm": false
}

Update a User by User Id

This operation updates an existing user given the user identifier as an input parameter.

Method
PUT

URL
https://zConsole_host/api/v1/appdirect/public/user/id

where:
● zConsole_host is the name of the host where zConsole is installed.
● id is the identifier for the user.

Sample Body
‘userRequest’ Parameter Body
{
"email": "string",
"firstName": "string",
"middleName": "string",
"lastName": "string",
}
Sample Response
{
"objectId": "0FBC474F-B52A-479D-B256-E5F8886240E9",
"customerId": "8D9E175B-CB54-493D-ACD6-CE2A5076762D",
"firstName": "zAuto",
"middleName": "Tool",
"lastName": "QA",
"alias": "d0d61a1d-91a4-4727-b917-695550defc0e",
"email": "[email protected]",
"status": 1,
"agreedToTerms": true,
"role": 4,
"signupSteps": 1,

zConsole API Guide, Release 4.28, July 2020 63

"pwdRecoveryRequest": false,
"lastLogin": "2019-03-05 17:54:07 +0000",
"createdDate": "2019-03-05 17:54:07 +0000",
"dateJoined": "2019-03-05 17:54:07 +0000",
"modifiedDate": "2019-03-05 17:54:07 +0000",
"activationTokenUrl": "https://demo-device-
api.zimperium.com/activation?stoken\u003d6061IEjB\u0026redirect_uri\
u003dzips",
"activationTokenExpiry": "2019-03-12 17:54:07 +0000",
"superuser": false,
"staff": false,
"phoneNumberVerified": false,
"syncedFromMdm": false
}

Retrieve a User Activation URL

This operation retrieves a user activation URL given the user identifier as an input parameter.

Method
GET

URL
https://zConsole_host/api/v1/appdirect/public/user/id/refresh-activation-url

where:
● zConsole_host is the name of the host where zConsole is installed.
● id is the identifier for the user.

Sample Response
{
"objectId": "85039784-6CBB-4422-B46E-B89FC81351B7",
"customerId": "A064583C-CB9E-4816-87C2-6CC776073321",
"firstName": "zAuto",
"middleName": "Tool",
"lastName": "QA",
"alias": "d9da10b8-61fa-457b-89d5-5c6e5486dadb",
"email": "[email protected]",
"status": 1,
"agreedToTerms": true,
"role": 3,
"signupSteps": 1,
"pwdRecoveryRequest": false,
"lastLogin": "2019-03-12 16:37:48 +0000",
"createdDate": "2019-03-12 16:37:48 +0000",
"dateJoined": "2019-03-12 16:37:48 +0000",
"modifiedDate": "2019-03-12 16:37:48 +0000",

zConsole API Guide, Release 4.28, July 2020 64

"activationTokenUrl": "https://n-device-
api.zimperium.com/activation?stoken=PSTFrvdL&redirect_uri=zips",
"activationTokenExpiry": "2019-03-19 16:37:55 +0000",
"syncedFromMdm": false,
"phoneNumberVerified": false,
"superuser": false,
"staff": false
}

Create an Order
This operation creates a new order. This is available in zConsole Release 4.24.2 or later.

Method
POST

URL
https://zConsole_host/api/v1/appdirect/public/order

where:
● zConsole_host is the name of the host where zConsole is installed.

Sample Body
‘orderDetail’ Parameter Body
{
"orderStartDate": "2019-08-21",
"partnerName": "My Partner",
"planId": "1",
"subscriptionType": "NFR",
"termType": "FIXED",
"tenantId": "123",
"customerAccountNumber": "456",
"orderNumber": "111",
"secondaryOrderNumber": "222",
"licenses": 1,
"term": 1
}

The following fields are required:

● orderStartDate
● partnerName
● planId
● subscriptionType
● termType
● tenantId
● customerAccountNumber
● orderNumber
● term

zConsole API Guide, Release 4.28, July 2020 65

The fields ‘secondaryOrderNumber’ and ‘licenses’ are optional. The ‘licenses’ field is the number of
licenses requested.

The plan identifier has these values:

● 1 = Basic
● 2 = Advanced

The subscription type has these values:

● NFR = Not for Resale
● TRIAL = Trial basis
● PAID = Paid account

The term type field has these values:

● FIXED = This is a finite term such as 12 months.
● MONTHLY = This is a month to month term option.

Sample Response

200

zConsole API Guide, Release 4.28, July 2020 66

Appendix A – Sample Output
Sample Output Returning Detailed Event Information
The following is the sample output for the API call returning threat event information that is detailed.
{
"eventId": "0a13498d-2c39-48c9-80b1-97434cf315b2",
"eventStateCode": 2,
"eventState": "Fixed",
"typeDesc": "ZIPS_EVENT",
"eventVector": "2",
"severity": "CRITICAL",
"eventName": "THREAT_DETECTED",
"eventFullName": "host.app_tampering",
"customerId": "automation-rest",
"customerContactName": "zauto",
"deviceHash":
"52400f712bff4be5e1e1f1cfc9f5cc22794864af1fa65540ac25fe435564351d",
"deviceId": "d6526d0d-87bf-44ce-ac0d-199ac4025a73",
"zdid": "11a57d1e-b516-4321-9e40-173b38a0e764",
"latitude": 49.62370300292969,
"longitude": -104.8738021850586,
"bssid": "e8:fc:af:f6:a5:8d",
"ssid": "AUTOMATION",
"deviceTime": "2019-02-01 17:13:25 +0000",
"queuedTime": "2019-02-01 17:13:25 +0000",
"persistedTime": "2019-02-01 17:13:25 +0000",
"lastSeenTime": "2019-02-01 17:13:25 +0000",
"deviceModel": "iPhoneXS Max",
"osType": "iOS",
"osVersion": "12.0.0",
"country": "US",
"userEmail": "[email protected]",
"firstName": "zAuto",
"middleName": "Tool",
"lastName": "QA",
"locationDetail": {
"previousLongitude": 0,
"city": "Englewood",
"previousLatitude": 0,
"countryCode": "US",
"exact": false,
"countryName": "United States",
"region": "CO",
"sampledTimeAsDate": 1549041205623
},
"bundleId": "com.zimperium.vzips",
"zipsVersion": "4.8.0",
"appName": "zIPS",
"tag1": "",
"tag2": "",

zConsole API Guide, Release 4.28, July 2020 67

"incidentSummary": "Detected App Tampering while connected to
AUTOMATION. Responded with .",
"eventDetail": {
"severity": 3,
"process_list": [],
"os": 2,
"threat_uuid": "${threatUDID}",
"network_threat": {
"my_ip": "192.0.2.0",
"basestation": "",
"gw_ip": "192.0.2.0",
"routing_table": [],
"my_mac": "NO_MDM",
"gw_mac": "00:00:00:00:00:00",
"interface": "lo0",
"arp_tables": {},
"net_stat": [
{
"Recv-Q": "0",
"Proto": "TCP",
"State": "LISTEN",
"Foreign Address": "*:0",
"Send-Q": "0",
"Local Address": "*:50381"
},
{
"Recv-Q": "0",
"Proto": "TCP",
"State": "ESTABLISHED",
"Foreign Address": "127.0.0.1:50372",
"Send-Q": "0",
"Local Address": "127.0.0.1:50371"
},
{
"Recv-Q": "0",
"Proto": "TCP",
"State": "ESTABLISHED",
"Foreign Address": "127.0.0.1:50371",
"Send-Q": "0",
"Local Address": "127.0.0.1:50372"
},
{
"Recv-Q": "0",
"Proto": "TCP",
"State": "ESTABLISHED",
"Foreign Address": "74.125.202.102:443",
"Send-Q": "0",
"Local Address": "192.168.12.220:50338"
},
{
"Recv-Q": "0",
"Proto": "TCP",
"State": "LISTEN",
"Foreign Address": "*:0",

zConsole API Guide, Release 4.28, July 2020 68

"Send-Q": "0",
"Local Address": "127.0.0.1:27042"
},
{
"Recv-Q": "0",
"Proto": "TCP",
"State": "TIME_WAIT",
"Foreign Address": "127.0.0.1:62078",
"Send-Q": "0",
"Local Address": "127.0.0.1:50373"
},
{
"Recv-Q": "0",
"Proto": "TCP",
"State": "TIME_WAIT",
"Foreign Address": "17.173.66.213:443",
"Send-Q": "0",
"Local Address": "192.168.12.220:50380"
},
{
"Recv-Q": "0",
"Proto": "TCP",
"State": "TIME_WAIT",
"Foreign Address": "127.0.0.1:50375",
"Send-Q": "0",
"Local Address": "127.0.0.1:50374"
},
{
"Recv-Q": "0",
"Proto": "TCP",
"State": "TIME_WAIT",
"Foreign Address": "127.0.0.1:50376",
"Send-Q": "0",
"Local Address": "127.0.0.1:50377"
},
{
"Recv-Q": "0",
"Proto": "TCP",
"State": "TIME_WAIT",
"Foreign Address": "127.0.0.1:50378",
"Send-Q": "0",
"Local Address": "127.0.0.1:50379"
},
{
"Recv-Q": "0",
"Proto": "UDP",
"State": "CLOSE",
"Foreign Address": "*:0",
"Send-Q": "0",
"Local Address": "*:5060"
}
]
},

zConsole API Guide, Release 4.28, July 2020 69

"app_tampering_reasons": "MobileSubstrate code injection library
detected",
"directory_entries": [
{
"file_name": "/usr/lib/FDRSealingMap.plist",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"de706e0c44d65d3a9eca570030d9cb8e8ff253511e562052a52a352f680fc10f",
"file_size": 6987
},
{
"file_name": "/usr/lib/StandardDMCFiles/N71_Audio.dmc",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"32642dc3cab1498af0e7cf9fcb527fc75dc6b6e9128466e4a6668fa9deb789e5",
"file_size": 53968
},
{
"file_name": "/usr/lib/StandardDMCFiles/N71_Coex.dmc",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"dc6f284a4b32fa5f707419905f58ced5b7f3e332a6a24769757f39ff5ee93116",
"file_size": 70123
},
{
"file_name": "/usr/lib/StandardDMCFiles/N71_Default.dmc",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"8d0a8bbbf58aa9ed2fd41b9d44381efca67108cd6f6aad6e1a65ee8ca40041ad",
"file_size": 87614
},
{
"file_name": "/usr/lib/StandardDMCFiles/N71_Flower.dmc",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"2c2a7f7164974ffe5b199c657b6326569f3357684a745482da085d7b62006b02",
"file_size": 55706
},
{
"file_name": "/usr/lib/StandardDMCFiles/N71_FullPacket.dmc",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",

zConsole API Guide, Release 4.28, July 2020 70

"hash":
"c88e68e460c0757e4c272c1786c0de4d922a8b2c06893f63fc0f335bc1d9542f",
"file_size": 182984
},
{
"file_name": "/usr/lib/StandardDMCFiles/N71_GPS.dmc",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"e7ca1b98f960c0bb62902e00dca95526da8673c5719159d3f991336c0d421178",
"file_size": 24422
},
{
"file_name": "/usr/lib/StandardDMCFiles/N71_Powerlog.dmc",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"95de9a9486249cd0b405f2ea56dfea68b141283c4d25c293e196efc09302e945",
"file_size": 4689
},
{
"file_name": "/usr/lib/StandardDMCFiles/N71_SUPL.dmc",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"a6dd31721c680115d574d6bcf661af51aac494aa3a52ce8be8799da0f7bf9269",
"file_size": 13805
},
{
"file_name": "/usr/lib/StandardDMCFiles/N71_Sleep.dmc",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"3fa591d2c34716d2c1d04bef4ee97dd11707eb517c73c42a615aad6e3c2b1332",
"file_size": 94285
},
{
"file_name": "/usr/lib/StandardDMCFiles/N71_Tput.dmc",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"f38df802f7e7d8f4b4ab581e6c5a218ec99a1e1f3861a60f5c31b73110d3c456",
"file_size": 84610
},
{
"file_name": "/usr/lib/apt/methods/cdrom",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",

zConsole API Guide, Release 4.28, July 2020 71

"hash":
"795045af1f22f8542da1eb584ab2a8505860be9b3339de0d42f387a5bc9d385f",
"file_size": 70912
},
{
"file_name": "/usr/lib/apt/methods/copy",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"b2282992269d446f5c33f24c8078e1ea4adaa1a9412fd1bdf57bc9fe38f261c0",
"file_size": 52512
},
{
"file_name": "/usr/lib/apt/methods/file",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"f6af1644c35b0409cf468c710aa8fcd6dd42448d749c77d856c8cae8a1f332c5",
"file_size": 52416
},
{
"file_name": "/usr/lib/apt/methods/ftp",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"130aa7fe48f324a79b5a024ee4bb14eb616bcbc82244e3f0066ff58afe877d80",
"file_size": 90880
},
{
"file_name": "/usr/lib/apt/methods/gpgv",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"a9cedbaff79db4398429e8edbd366638b23d721f638b4c33e071fa43e640cc11",
"file_size": 87952
},
{
"file_name": "/usr/lib/apt/methods/gzip",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"8658a891f2476c3694a3cb9baf8b3e0290895e9d1bd61b13fc16054a0040aa08",
"file_size": 53280
},
{
"file_name": "/usr/lib/apt/methods/http",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",

zConsole API Guide, Release 4.28, July 2020 72

"hash":
"dac85d395f0138afc0493f0c4bf5dfcb42d0ca47e870126df8642117e4f4cef3",
"file_size": 110752
},
{
"file_name": "/usr/lib/apt/methods/rred",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"54894c715da6227a2382dd77f37f0f49dc91e63e0ffa9d640fcbed541d735324",
"file_size": 70944
},
{
"file_name": "/usr/lib/apt/methods/rsh",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"f30bba8535b8c7c976e5877848ba2d7e16803fe38036e9c41dc220e8f2c52f35",
"file_size": 71104
},
{
"file_name":
"/usr/lib/cycript0.9/com/saurik/substrate/MS.cy",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"a98ce4c02399c3690d06327afaf22961a13202d0719bf78b991a3d5e024d9008",
"file_size": 1968
},
{
"file_name": "/usr/lib/dpkg/methods/apt/desc.apt",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"4035a2ca99d6d473f6e9a0af7b39d395bfe47e48b3a9993488fc2fae139145f8",
"file_size": 567
},
{
"file_name": "/usr/lib/dpkg/methods/apt/install",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"833e0107a4c44940ebd3f4ba7e73a251e1d3b13857eca91ac1167161b9de2052",
"file_size": 2756
},
{
"file_name": "/usr/lib/dpkg/methods/apt/names",
"nlink": 1,
"is_symlink": false,

zConsole API Guide, Release 4.28, July 2020 73

"permission": "-rw-r--r--",
"hash":
"0a636de469385b41ea06f639a389c523946ec7f023fe2a12c0adf8300e2a82ad",
"file_size": 39
},
{
"file_name": "/usr/lib/dpkg/methods/apt/setup",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"c645a091943f61ff46847973d000cbf1817623a86e1ede412f97f437aa1eb56a",
"file_size": 7728
},
{
"file_name": "/usr/lib/dpkg/methods/apt/update",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"150467fece139e85d65f29bd974c0988dd1b14a6bbb2fe85161134d6c8da43cd",
"file_size": 1242
},
{
"file_name": "/usr/lib/dyld",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"e9dce7ee3c7d133ed121ee0dd205ffd412d6cc4013559e7912a93d78296c4647",
"file_size": 594288
},
{
"file_name": "/usr/lib/engines/lib4758cca.so",
"nlink": 1,
"is_symlink": false,
"permission": "-r-xr-xr-x",
"hash":
"7674b10c708cf961d39ce64d9f675444508630bfc1a2e627fc847253981cf16c",
"file_size": 206448
},
{
"file_name": "/usr/lib/engines/libaep.so",
"nlink": 1,
"is_symlink": false,
"permission": "-r-xr-xr-x",
"hash":
"6eafc0afd8be0c50a31f3ba2a0ce08488deda6835c2e423d1202e82ee3a09568",
"file_size": 189680
},
{
"file_name": "/usr/lib/engines/libatalla.so",
"nlink": 1,
"is_symlink": false,

zConsole API Guide, Release 4.28, July 2020 74

"permission": "-r-xr-xr-x",
"hash":
"28ddb59f43aec31d133fe072249f387ca2c8f8c07d63714d56495e950e32318b",
"file_size": 189376
},
{
"file_name": "/usr/lib/engines/libcapi.so",
"nlink": 1,
"is_symlink": false,
"permission": "-r-xr-xr-x",
"hash":
"52363ec4d483151144e724afd9d9020a8e627be22b7bb5736a934e88cf7e8989",
"file_size": 186096
},
{
"file_name": "/usr/lib/engines/libchil.so",
"nlink": 1,
"is_symlink": false,
"permission": "-r-xr-xr-x",
"hash":
"78d8b6094c4e6d8a9bf020deecf74ccb0390cf88789178056bcccb37e8752b2d",
"file_size": 208240
},
{
"file_name": "/usr/lib/engines/libcswift.so",
"nlink": 1,
"is_symlink": false,
"permission": "-r-xr-xr-x",
"hash":
"411bd8cc4bc1750ea944a2f5274a2d6e27d35c5e2f8e306dd51d8349c375861a",
"file_size": 206384
},
{
"file_name": "/usr/lib/engines/libgmp.so",
"nlink": 1,
"is_symlink": false,
"permission": "-r-xr-xr-x",
"hash":
"a4a1f015a83ac90983f42c32ab2b9b8433000ac7f23e3387e94cbf16ef5ee997",
"file_size": 186096
},
{
"file_name": "/usr/lib/engines/libnuron.so",
"nlink": 1,
"is_symlink": false,
"permission": "-r-xr-xr-x",
"hash":
"572b4312f35d262073b1f83cc4c5dd96a955eda30127c1d35b8b71ddd1a20179",
"file_size": 188768
},
{
"file_name": "/usr/lib/engines/libsureware.so",
"nlink": 1,
"is_symlink": false,

zConsole API Guide, Release 4.28, July 2020 75

"permission": "-r-xr-xr-x",
"hash":
"307ad7ed98e12b26cc0483dd4bb6703ea042b120c931f7b74d261099657b7ea7",
"file_size": 208384
},
{
"file_name": "/usr/lib/engines/libubsec.so",
"nlink": 1,
"is_symlink": false,
"permission": "-r-xr-xr-x",
"hash":
"f4b89c203522b1f1f8819bc3190d394a86e45492fa3d5a31dd5d1be491899731",
"file_size": 206656
},
{
"file_name": "/usr/lib/libapt-inst.dylib.1.1.0",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"4bde9575ff77cb8fc7cc6c457a44a9042450341ac9b016928ccdb0ae18361687",
"file_size": 97392
},
{
"file_name": "/usr/lib/libapt-pkg.dylib.4.6.0",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"cca3aa122d51ebcd5902fe20067c6e7d14dffa2d57805d31bb54ac58497dc31f",
"file_size": 1106640
},
{
"file_name": "/usr/lib/libcrypto.0.9.8.dylib",
"nlink": 1,
"is_symlink": false,
"permission": "-r-xr-xr-x",
"hash":
"bb7cff246d604171a4179cd2fc1a1d97f06ac2e534342b7039ad40aed8bb30de",
"file_size": 1618560
},
{
"file_name": "/usr/lib/libdpkg.a",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"e541bc02a026c8f90298753df07ad45cc9be9461a2aec19424bb85d2cc877c04",
"file_size": 232136
},
{
"file_name": "/usr/lib/libdpkg.la",
"nlink": 1,
"is_symlink": false,

zConsole API Guide, Release 4.28, July 2020 76

"permission": "-rwxr-xr-x",
"hash":
"75e09c7da022bba3862e8333562a47c630b31070b9b4432ce48e9075ce009bda",
"file_size": 874
},
{
"file_name": "/usr/lib/libform.5.dylib",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"fe7f2c7122934809ff7fdf22a0e4591256b7a7e070c9ff35ae8d3431644293ca",
"file_size": 93728
},
{
"file_name": "/usr/lib/libformw.5.dylib",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"2bb95ef4d88702559f6fc29159fe6780487b357e14b9eb0de49f42d0aaff3ef8",
"file_size": 77888
},
{
"file_name": "/usr/lib/libhistory.6.0.dylib",
"nlink": 1,
"is_symlink": false,
"permission": "-r-xr-xr-x",
"hash":
"12763c5eaa16edca96b4d576705eae2367189a4b0f3e094aab4693a8e050b070",
"file_size": 54752
},
{
"file_name": "/usr/lib/liblzmadec.0.0.0.dylib",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"5c834c8d30e859a24c8126607dafc39696287e154cb8f1ab7488eb4afae5fe80",
"file_size": 34848
},
{
"file_name": "/usr/lib/liblzmadec.la",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"521ec56d63702d4cb2bce913b1a666968d142854aaa35952bd9e7e5c907ebddd",
"file_size": 807
},
{
"file_name": "/usr/lib/libmenu.5.dylib",
"nlink": 1,
"is_symlink": false,

zConsole API Guide, Release 4.28, July 2020 77

"permission": "-rwxr-xr-x",
"hash":
"0a3e1047c85a056bed9cdb72b7075d381befc60eba2b7dc0f990969ed7aa5e3f",
"file_size": 54480
},
{
"file_name": "/usr/lib/libmenuw.5.dylib",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"31a404a74ab5aa2c02cdd0480ae137358556bb28640d1512a02c317c8b98784a",
"file_size": 54592
},
{
"file_name": "/usr/lib/libncurses.5.4.dylib",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"4470d9672f112658f183282172ada5741b326de324bc2bdc06309f0f8d37163e",
"file_size": 335968
},
{
"file_name": "/usr/lib/libncursesw.5.dylib",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"1280d39b11576c2528baf055b47d7174eb60810c2db5ec21b1ebb37d53b3ad24",
"file_size": 390032
},
{
"file_name": "/usr/lib/libpam.1.dylib",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"e028b082b3c66a050e34dc276cfff654ea6ddd4cd94b54cd2ea6c1c10d5e3d51",
"file_size": 241600
},
{
"file_name": "/usr/lib/libpanel.5.dylib",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"a786f2f561e40fa76a3803bbd44164bb2ec65832ceb89c01e8172cbbd3c6d40b",
"file_size": 34288
},
{
"file_name": "/usr/lib/libpanelw.5.dylib",
"nlink": 1,
"is_symlink": false,

zConsole API Guide, Release 4.28, July 2020 78

"permission": "-rwxr-xr-x",
"hash":
"cbae475659f22af334f12b8c369dc64896527dc8bd7e50159837c3014e408db2",
"file_size": 34288
},
{
"file_name": "/usr/lib/libpatcyh.dylib",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"01a4e547a3113cdf55c627c35203280fd83f3156c7c1a9eded80d8ef576746cb",
"file_size": 100816
},
{
"file_name": "/usr/lib/libprefs.dylib",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"85cd1883219430bb27521e6a0d8f477e8d6e55471ca647d9d97396b18a1f88b3",
"file_size": 119568
},
{
"file_name": "/usr/lib/libreadline.6.0.dylib",
"nlink": 1,
"is_symlink": false,
"permission": "-r-xr-xr-x",
"hash":
"d49f13bfd7c44f09a45aae16788a3b51e03479c5fc410ccf1fc915ef24b12c09",
"file_size": 198112
},
{
"file_name": "/usr/lib/libssl.0.9.8.dylib",
"nlink": 1,
"is_symlink": false,
"permission": "-r-xr-xr-x",
"hash":
"841ace82050e8e4569e19c14e1f7a10fe7e6ef956cf466954d0da0c282361b4a",
"file_size": 481696
},
{
"file_name": "/usr/lib/libstdc++.6.0.9.dylib",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"423b1f138239e121746090ddfcfec4c4d27f0a4d1874e97b99c15c722a6fe631",
"file_size": 801856
},
{
"file_name": "/usr/lib/p7zip/7z",
"nlink": 1,
"is_symlink": false,

zConsole API Guide, Release 4.28, July 2020 79

"permission": "-r-xr-xr-x",
"hash":
"71fc4b961298dd0c0f3d85f6237cfd613747c3e29cea9275be97036ba14999b5",
"file_size": 555520
},
{
"file_name": "/usr/lib/p7zip/7z.so",
"nlink": 1,
"is_symlink": false,
"permission": "-r-xr-xr-x",
"hash":
"30343a29284b4155124dd3779cb2df36911fc1d5bd7ec4d4a5e6cf3f222c7c60",
"file_size": 1577072
},
{
"file_name": "/usr/lib/p7zip/7zCon.sfx",
"nlink": 1,
"is_symlink": false,
"permission": "-r-xr-xr-x",
"hash":
"2598a6a9e8d58542fd73206cc94e2fcffc32ab2166b2dadccdd7421dfacb81af",
"file_size": 569328
},
{
"file_name": "/usr/lib/p7zip/7za",
"nlink": 1,
"is_symlink": false,
"permission": "-r-xr-xr-x",
"hash":
"afc67300fe8f51b38b722f010a2a00c9c2a32484c02353e5f7283423a812f626",
"file_size": 1531136
},
{
"file_name": "/usr/lib/p7zip/Codecs/Rar29.so",
"nlink": 1,
"is_symlink": false,
"permission": "-r-xr-xr-x",
"hash":
"0f135bafafcff17da16b4110ad8c679165ed878cd2ce340e635224d14ff668e9",
"file_size": 130864
},
{
"file_name": "/usr/lib/pam/pam_deny.so",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"8b66a33f01697c96e57350d98abebf7de860f4ec771933a955ea7ce12db80da8",
"file_size": 33504
},
{
"file_name": "/usr/lib/pam/pam_launchd.so",
"nlink": 1,
"is_symlink": false,

zConsole API Guide, Release 4.28, July 2020 80

"permission": "-rwxr-xr-x",
"hash":
"43af3c898434efde7f1252b27cc31dd524937288ad08345715dfc3e0375eaee9",
"file_size": 33840
},
{
"file_name": "/usr/lib/pam/pam_nologin.so",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"7cc740c7bfe7696f1c656ca1ab75ea07e985d035482a535453612ffd39389dca",
"file_size": 33664
},
{
"file_name": "/usr/lib/pam/pam_permit.so",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"5d0d6a544cc1fc6a0f1c30849c81633c0a5123fc44cfed2c96ec42a67b5b242c",
"file_size": 33584
},
{
"file_name": "/usr/lib/pam/pam_rootok.so",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"08af1018a6ac1924677ba5bf6baa33272780eae63f0a37a87e7f32ae1ff4a777",
"file_size": 33600
},
{
"file_name": "/usr/lib/pam/pam_securetty.so",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"eaa1192821eca11cbaf7ee75c97c6d42f756ce54efd5d4d8f68df76147ce0121",
"file_size": 33920
},
{
"file_name": "/usr/lib/pam/pam_unix.so",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"f10a834188a35860f3db5fcbb7c9e8f118f84ff8c604ffae4e5bdbece0360848",
"file_size": 36016
},
{
"file_name": "/usr/lib/pam/pam_uwtmp.so",
"nlink": 1,
"is_symlink": false,

zConsole API Guide, Release 4.28, July 2020 81

"permission": "-rwxr-xr-x",
"hash":
"99aa136b4c0725213b4843176fd68f8bddf78354e87b21d33d595bd1cdda1b98",
"file_size": 33872
},
{
"file_name": "/usr/lib/pam/pam_wheel.so",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"340b2a864784fef060553a5a6a9a73a1cb717bfa9cffacd0401aedc1fc029fd0",
"file_size": 34096
},
{
"file_name": "/usr/lib/pkgconfig/libcrypto.pc",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"83d0a798fe2b840ed1c09c06b3075eb50e9a7598ff256d22f85ccf4638c479eb",
"file_size": 237
},
{
"file_name": "/usr/lib/pkgconfig/libdpkg.pc",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"1387625423ae0757ea4c9e3525c05ee53809f14c36438f21ce28b5d97a2a214d",
"file_size": 250
},
{
"file_name": "/usr/lib/pkgconfig/libssl.pc",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"7a612e96d9c236944e10510337449f1eacf7f5d2a95e199aec979844e11ce7f9",
"file_size": 252
},
{
"file_name": "/usr/lib/pkgconfig/openssl.pc",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"0661175f46d127da8b3e3b05ba1cf4f59cceac037ba6d44b1690066d5938f2e9",
"file_size": 262
},
{
"file_name": "/usr/lib/ssl/misc/CA.pl",
"nlink": 1,
"is_symlink": false,

zConsole API Guide, Release 4.28, July 2020 82

"permission": "-rwxr-xr-x",
"hash":
"5f6ca05ac40fa2ad32818be7b073171affee2d4de870c6d499b4934ea4383a59",
"file_size": 5679
},
{
"file_name": "/usr/lib/ssl/misc/CA.sh",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"e3498565c807f32574f11b10a29afa7462fc556b09de77d9bd631ec24b6ebba8",
"file_size": 5175
},
{
"file_name": "/usr/lib/ssl/misc/c_hash",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"ad7354e44d8b30fcf151691dff0032d3d4c9aa622b264ccf5760d6495eeeaaa4",
"file_size": 119
},
{
"file_name": "/usr/lib/ssl/misc/c_info",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"82117236e134a04bf3d1cdaec8b8e3d2fef69e1badb4335e3fc948166ac77a8d",
"file_size": 152
},
{
"file_name": "/usr/lib/ssl/misc/c_issuer",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"edf51769d41ad6ace7e5d885aed7a22c5d5abafce8ee26e94bd2850492c1d727",
"file_size": 112
},
{
"file_name": "/usr/lib/ssl/misc/c_name",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"9f6b9e3ffc35358503bbdb87d11d7f7e051a22a001978b45419c06df008608de",
"file_size": 110
},
{
"file_name":
"/usr/lib/system/introspection/libdispatch.dylib",
"nlink": 1,

zConsole API Guide, Release 4.28, July 2020 83

"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"f0afcb0b8d77c65114ef9b92e6c6dc857315409dbaff7071983e28b9c30391f1",
"file_size": 781584
},
{
"file_name": "/usr/lib/xpc/support.bundle/Info.plist",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"5159ab355af03fe9586367588980234e48a2036b954a0ecf56be69f7782de97a",
"file_size": 738
},
{
"file_name":
"/usr/lib/xpc/support.bundle/_CodeSignature/CodeResources",
"nlink": 1,
"is_symlink": false,
"permission": "-rw-r--r--",
"hash":
"3c727b0f043e463c0227db49cef54c5567715986d08a46c98923c9bb73585e5a",
"file_size": 2467
},
{
"file_name": "/usr/lib/xpc/support.bundle/support",
"nlink": 1,
"is_symlink": false,
"permission": "-rwxr-xr-x",
"hash":
"9c1343025e7406ced0b37dde627f69011549facc9e25576770da685e412f7098",
"file_size": 104224
}
],
"type": 75,
"time_interval": 0,
"general": [
{
"val": "0",
"name": "Time Interval",
"type": "interval"
},
{
"val": "App Tampering",
"name": "Threat Type"
},
{
"val": "192.0.2.0",
"name": "Device IP"
},
{
"val": "AUTOMATION",
"name": "Network"

zConsole API Guide, Release 4.28, July 2020 84

},
{
"val": "e8:fc:af:f6:a5:8d",
"name": "Network BSSID"
},
{
"val": "",
"name": "Action Triggered"
},
{
"val": "192.0.2.0,192.0.2.0",
"name": "External IP"
},
{
"val": "00:00:00:00:00:00",
"name": "Gateway MAC"
},
{
"val": "127.0.0.1",
"name": "Gateway IP"
},
{
"val": "02 01 2019 17:13:23",
"name": "Device Time"
}
],
"BSSID": "e8:fc:af:f6:a5:8d",
"attack_time": {
"$date": 1549041203000
},
"routing_table": [
{
"refs": 7,
"use": 17698,
"netif": "lo0",
"flags": "UH ",
"destination": "127.0.0.1",
"gateway": "127.0.0.1"
}
],
"close_networks": [
{
"capabilities": "N/A",
"BSSID": "e8:fc:af:f6:a5:8d",
"level": 0,
"SSID": "AUTOMATION",
"frequency": 0
}
],
"SSID": "AUTOMATION"
}
}

zConsole API Guide, Release 4.28, July 2020 85

HMC Web Service API
No ratings yet
HMC Web Service API
1,450 pages
Zconsole Threat Reference Guide v4 - 33 - X
No ratings yet
Zconsole Threat Reference Guide v4 - 33 - X
28 pages
CloudAPI Consumer
No ratings yet
CloudAPI Consumer
570 pages
Guidewre PC CloudAPI Consumer
No ratings yet
Guidewre PC CloudAPI Consumer
530 pages
Firewall Threat Defense REST API
No ratings yet
Firewall Threat Defense REST API
10 pages
Sciencelogic Api 7-3-4
100% (1)
Sciencelogic Api 7-3-4
164 pages
CloudAPI Consumer
No ratings yet
CloudAPI Consumer
444 pages
CloudAPIGuide BusinessFlows
No ratings yet
CloudAPIGuide BusinessFlows
172 pages
CloudAPI Consumer
No ratings yet
CloudAPI Consumer
368 pages
5633.Z-Stack Developer's Guide
No ratings yet
5633.Z-Stack Developer's Guide
56 pages
FortiPortal v5.2.0 Rest Api Guide PDF
No ratings yet
FortiPortal v5.2.0 Rest Api Guide PDF
99 pages
API Security Fundamentals
No ratings yet
API Security Fundamentals
4 pages
Cloud API: What Is AWS?
No ratings yet
Cloud API: What Is AWS?
7 pages
CloudAPI Consumer
No ratings yet
CloudAPI Consumer
348 pages
Fos Rest API Change Log
No ratings yet
Fos Rest API Change Log
23 pages
GUIDE - Zscaler ZPA Integration Guide
No ratings yet
GUIDE - Zscaler ZPA Integration Guide
41 pages
Zywall Usg 100 - 5 PDF
No ratings yet
Zywall Usg 100 - 5 PDF
390 pages
Zabbix Documentation 6.2.en
No ratings yet
Zabbix Documentation 6.2.en
1,602 pages
ONMSi Fiber Analytics User Manual Rev000 202302
No ratings yet
ONMSi Fiber Analytics User Manual Rev000 202302
74 pages
Sciencelogic Api 11-2-0
No ratings yet
Sciencelogic Api 11-2-0
254 pages
Cisco APIC REST API User Guide
100% (1)
Cisco APIC REST API User Guide
66 pages
Zabbix Documentation 6.4.en PDF
No ratings yet
Zabbix Documentation 6.4.en PDF
1,823 pages
Zbi Developer Ug en
No ratings yet
Zbi Developer Ug en
98 pages
ZEDI Detailed User Guide
No ratings yet
ZEDI Detailed User Guide
23 pages
API Design and Management: Principles, Practices, Preferences
100% (2)
API Design and Management: Principles, Practices, Preferences
22 pages
Networkadvisor 1401 Rest API
No ratings yet
Networkadvisor 1401 Rest API
200 pages
Developing Outbound APIs Requesters Applications
No ratings yet
Developing Outbound APIs Requesters Applications
49 pages
User's Guide NetView Management
No ratings yet
User's Guide NetView Management
214 pages
Am300 210617 2328 8
No ratings yet
Am300 210617 2328 8
25 pages
API Management Activity Guide-Oct2023
No ratings yet
API Management Activity Guide-Oct2023
157 pages
User's Guide Incident
No ratings yet
User's Guide Incident
170 pages
TMF630 REST API Design Guidelines Part 5 v4.0.0
No ratings yet
TMF630 REST API Design Guidelines Part 5 v4.0.0
24 pages
UPI20
No ratings yet
UPI20
280 pages
ZKBio CVSecurity 3rd Party API User Manual
No ratings yet
ZKBio CVSecurity 3rd Party API User Manual
181 pages
Zimulator - Requirements and Installation Guide
No ratings yet
Zimulator - Requirements and Installation Guide
8 pages
Messagebroker Configuration Administration and Security
No ratings yet
Messagebroker Configuration Administration and Security
474 pages
BioTime 8.0 API User Manual 20190517 2 1
No ratings yet
BioTime 8.0 API User Manual 20190517 2 1
31 pages
ZKBioSecurity API Manual
No ratings yet
ZKBioSecurity API Manual
80 pages
WSO2 API Manager 2.6.0 Developer Lab Kit
No ratings yet
WSO2 API Manager 2.6.0 Developer Lab Kit
69 pages
Zscaler CrowdStrike Deployment Guide FINAL
No ratings yet
Zscaler CrowdStrike Deployment Guide FINAL
113 pages
Rest - Api
No ratings yet
Rest - Api
61 pages
ZKBio CVSecurity - 3rd Party API User Manual - 20221226 - v1.0
No ratings yet
ZKBio CVSecurity - 3rd Party API User Manual - 20221226 - v1.0
133 pages
What Is An Api - Application Programming Interface Explained - Aws
No ratings yet
What Is An Api - Application Programming Interface Explained - Aws
4 pages
API Security Fundamentals Guide
No ratings yet
API Security Fundamentals Guide
25 pages
Segment 001 de Zabbix - Documentati - 7.2.en
No ratings yet
Segment 001 de Zabbix - Documentati - 7.2.en
300 pages
TN - iVantageAPI - T0001403 - 31 - Oct - 2023 Rev3
No ratings yet
TN - iVantageAPI - T0001403 - 31 - Oct - 2023 Rev3
225 pages
Leamst
No ratings yet
Leamst
200 pages
BMC Atrium CMDB 2.1.00 Developer's Reference Guide
No ratings yet
BMC Atrium CMDB 2.1.00 Developer's Reference Guide
298 pages
API Pentesting Notes 1722248626
No ratings yet
API Pentesting Notes 1722248626
11 pages
Z-Stack API
No ratings yet
Z-Stack API
83 pages
EBOOK API Strategy Best Practices Platform Engineering Leaders
No ratings yet
EBOOK API Strategy Best Practices Platform Engineering Leaders
57 pages
ZKBio CVSecurity - 3rd Party API - User Manual - 20241210
No ratings yet
ZKBio CVSecurity - 3rd Party API - User Manual - 20241210
269 pages
API and MQTT Documentation SMAPPEE
No ratings yet
API and MQTT Documentation SMAPPEE
27 pages
Zabbix Documentation 7.0.en
No ratings yet
Zabbix Documentation 7.0.en
2,050 pages
PVT Termal Panel Genel Bilgi (Photovoltaic - Thermal - PVT - Solar - Panels)
No ratings yet
PVT Termal Panel Genel Bilgi (Photovoltaic - Thermal - PVT - Solar - Panels)
4 pages
Power Plant Steam Turbine Issues
100% (1)
Power Plant Steam Turbine Issues
10 pages
Millikan Oil Drop Experiment
No ratings yet
Millikan Oil Drop Experiment
6 pages
Plumbing Safety & Workshop Guide
No ratings yet
Plumbing Safety & Workshop Guide
46 pages
Comprehensive Guide to Report Writing
No ratings yet
Comprehensive Guide to Report Writing
127 pages
Cube-Voyager - Technical Brochure
No ratings yet
Cube-Voyager - Technical Brochure
3 pages
Alkhatib Et Al - 2022 - Assessing Explanation Quality by Venn Prediction
No ratings yet
Alkhatib Et Al - 2022 - Assessing Explanation Quality by Venn Prediction
13 pages
MSDS 6. 33kv, 33 KV, PT
No ratings yet
MSDS 6. 33kv, 33 KV, PT
2 pages
Bridge Pier Design Specifications
No ratings yet
Bridge Pier Design Specifications
25 pages
Method 8242 Heterotrophic Bacteria
No ratings yet
Method 8242 Heterotrophic Bacteria
6 pages
Pre-Concept Design Report PDF
No ratings yet
Pre-Concept Design Report PDF
434 pages
Thesis Assignment
No ratings yet
Thesis Assignment
4 pages
Deep Learning Exam Guide
No ratings yet
Deep Learning Exam Guide
3 pages
Digital Transmission
No ratings yet
Digital Transmission
48 pages
(聖經) Lvovsky2018 Book QuantumPhysics
100% (2)
(聖經) Lvovsky2018 Book QuantumPhysics
318 pages
Lab Report For Monossacharide
100% (1)
Lab Report For Monossacharide
15 pages
ABS FM List
No ratings yet
ABS FM List
2 pages
Fluence Photobiology Guide 2019
No ratings yet
Fluence Photobiology Guide 2019
7 pages
Importing Data Python Cheat Sheet PDF
No ratings yet
Importing Data Python Cheat Sheet PDF
1 page
DGE-560T B1 Driver Release Notes v2.20
No ratings yet
DGE-560T B1 Driver Release Notes v2.20
3 pages
Math 9 LM Draft 3.24.2014
No ratings yet
Math 9 LM Draft 3.24.2014
241 pages
Guideline For Customer Notifications PCN V5.0
No ratings yet
Guideline For Customer Notifications PCN V5.0
21 pages
Datasheet SFFBB11203XCN2D4
No ratings yet
Datasheet SFFBB11203XCN2D4
2 pages
Addis Ababa University Department of Law Fresh Man Course
No ratings yet
Addis Ababa University Department of Law Fresh Man Course
12 pages
Forecasting: Roles, Steps, Techniques
No ratings yet
Forecasting: Roles, Steps, Techniques
23 pages
PCI Precast Concrete Design Standards
No ratings yet
PCI Precast Concrete Design Standards
20 pages
SEIKO 6M13 Watch User Guide
100% (1)
SEIKO 6M13 Watch User Guide
20 pages
Doleh Sufian ch10 p23 Build A Model PDF Free
No ratings yet
Doleh Sufian ch10 p23 Build A Model PDF Free
6 pages
امتحان رامز 25-1
No ratings yet
امتحان رامز 25-1
17 pages
Ciit VC Date Sheet (1st Sessional April 2014)
No ratings yet
Ciit VC Date Sheet (1st Sessional April 2014)
11 pages