Products & Services
Tuotteet ja palvelut
Produkte und Dienstleistungen
Produits et services
Produkter och tjänster
This thread is a changelog for the WithSecure Elements API.
📝 Click here to see the most recent change log and bookmark the discussion to be notified of any updates.
Endpoint Protection API
· New Security Events listing
Security Events provides extensive data that WithSecure engines detected. In addition to infections it reports security events generated by application control, Dataguard, tamper protection, browsing protection...The two new endpoints below provide listing by company or partner but also filtering (e.g. by device, by engine)
· Infections listing are deprecated
Security Events contains infections and much more so the old infections endpoint are deprecated and should be replaced by replaced by Security Events at first opportunity
The following infections Endpoint will stop working by 29.10.2022
Please update the following url at first opportunity.
The existing whitelist will still apply.
The deprecated url will not be supported after 06.11.2022
This new API call allows to get all the details of a subscription by querying with the key as described in https://connect.withsecure.com/api-reference/provisioning#get-/ws/rest/provisioning/v1/subscriptions/-subscription_key-
This API endpoint now return partnerUuid in the response. You may refer to API Reference in https://connect.withsecure.com/api-reference/provisioning#post-/ws/rest/provisioning/v1/seps
This new API endpoint is specifically meant for polling for changes in Security Events. By providing boundaries using server_timestamp query parameters clients have full control over the data set they are interested in. Moreover the data is sorted in the ascending order by the timestamp parameter allowing for easy replay of historical data also simplifying the polling for new events use cases.
This new API call allows to get the subscription details list under the specific licensee by querying with the unique identifier as described in https://connect.withsecure.com/api-reference/provisioning#get-/ws/rest/provisioning/v1/subscriptions-companyUuid--companyUuid--include_expired--include_expired-
This new API call allows to get the subscription details list under the specific licensee by querying with the buyer's internal reference number as described in https://connect.withsecure.com/api-reference/provisioning#get-/ws/rest/provisioning/v1/subscriptions-buyer_assigned_account_id--buyer_assigned_account_id--include_expired--include_expired-
This new API call allows to get the subscription details list under the specific reseller by querying with the unique identifier as described in https://connect.withsecure.com/api-reference/provisioning#get-/ws/rest/provisioning/v1/subscriptions-partnerUuid--partnerUuid--include_expired--include_expired-
This new API call allows to get the subscription details list under the specific partner by querying with the unique identifier as described in https://connect.withsecure.com/api-reference/provisioning#get-/ws/rest/provisioning/v1/subscriptions-buyer_account_id--buyer_account_id--include_expired--include_expired-
FCEA: WithSecure™ Elements EDR for Computers
FCEN: WithSecure™ Elements EDR for Servers
FCKC: WithSecure™ Elements Vulnerability Management
This new API call allows to remove the subscription of licensee by using the key as described in https://connect.withsecure.com/api-reference/provisioning#delete-/ws/rest/provisioning/v1/subscriptions/-subscription_key--force--force-
Elements API is a new API framework that will cover all Elements offer. For its launch it provides:
Changes in existing endpoints:
This first release of Devices endpoint provides information related to the devices (IP address, serial number, UPN...) to allow correlation with other data sources in a SIEM/SOAR, as well as information related to the level of protection.
We are looking for customer feedback before adding even more data. Please provide your ideas through “My feedback” when you are logged in Elements Security Center, or directly through https://ideas.withsecure.com/ideas (same credentials that you are using to access Elements Security Center), under category "Elements API".
Endpoint Protection API: Devices endpoints are deprecated
The old devices endpoints are deprecated and should be replaced by replaced by the new Elements devices endpoints that provide more information.
The following devices endpoint will stop working by 30.05.2023:
Security events endpoints are deprecated
The old security events endpoints are deprecated and should be replaced by the new Elements security events endpoints. https://connect.withsecure.com/api-reference/elements#get-/security-events/v1/security-events
The following security events endpoints will stop working by 30.06.2023:
Infections endpoints have been removed from documentation and will stop working at any time.
Companies endpoints are deprecated
Companies endpoints are deprecated. Clients should use instead Organizations endpoint from Elements API.
Support for Companies endpoint will end by 31.07.2023
The following endpoint is now showing FCEC (WithSecure™ Elements EDR and EPP for Computers) in the response:
Changes in API Clients UI:
New features are released in Elements API:
Triggering remote operations is only allowed for clients with Read/Write permissions.Getting Started guide contains information how to add credentials with required grant.
Authorized client can manage EPP invitations:
Legacy EPP API for managing invitations is deprecated.
Endpoint Protection API: Provisioning invitations endpoints end of life on 3rd of November 2023
The old invitations endpoints are deprecated and should be replaced by the new Elements devices endpoints: https://connect.withsecure.com/api-reference/elements#tag--invitations
The following Endpoint Protection API invitation endpoints will stop working on the 03.11.2023:
Reminder: In order to provide a better and unified set of APIs for WithSecure Elements, we are progressively deprecating the Endpoint Protection API and replacing it by Elements API. The following endpoints will reach their end of life soon as indicated earlier in this change log
This new API call allows to change an existing Service Partner(SEP) name by using the unique identifier as described in https://connect.withsecure.com/api-reference/provisioning#post-/seps/-partner_uuid-
New properties has been added to to device list endpoint:
New endpoints are published:
- Update device state - client can block or inactivate devices
- Remove devices - client can delete device
List devices endpoint was updated and now devices can be filtered by state. Also, state field is always returned in the response.
New endpoint is published:
- List incidents - client can view list of the incidents in the organization
New endpoint for managing status of EDR incidents is available. Client can update status of incident or close it with specified resolution.
This new API call allows to move a company to Service Partner (SEP) or Buyer Party, but the changes only allowed within the same Buyer Party of the company as described in https://connect.withsecure.com/api-reference/provisioning#post-/company/-companyUuid-
*The endpoint is only available to selected buyer