GET /api/v2/devices/:id

This method allows you to get the detailed informations about a specific device

Supported Formats

Request : */*, Response : application/json

Errors

Code Description
401 This request is unauthorized. Either your key is invalid or wasn't specified.
403 This request is forbidden. Your account may have been blocked.
429 The amount of requests per minute has been exceeded. All accounts (even the unlimited ones) are rate limited to 250 requests per minute unless agreed otherwise with Inverse.
502 No API backend was able to process the request. The system may be overloaded, in maintenance or experiencing an issue. Retrying shortly after should work.

Params

Param name Description
key
required

Your API key (you can optionally use the Authorization header for improved security)

Validations:

  • Must be a String


Metadata:
Type: query parameter
Example: "?key=68989f507420b6187c7e4fa32245db311efed505"
id
optional

The device ID to get information from

Validations:

  • Must be a Integer


Metadata:
Type: URL

Headers

Header name Description
Authorization
optional
Authorization header containing your API key (Bearer standard). Example value for the header: `Bearer 68989f507420b6187c7e4fa32245db311efed505`

GET /api/v2/devices/:id/is_a/:other_device_id

This method allows you to find out if a device is related to another device (has it as a parent, a virtual parent or is derived from it). Common usage would be to see if a device “is a” Windows operating system or “is an” Android device.

Supported Formats

Request : */*, Response : application/json

Errors

Code Description
401 This request is unauthorized. Either your key is invalid or wasn't specified.
403 This request is forbidden. Your account may have been blocked.
429 The amount of requests per minute has been exceeded. All accounts (even the unlimited ones) are rate limited to 250 requests per minute unless agreed otherwise with Inverse.
502 No API backend was able to process the request. The system may be overloaded, in maintenance or experiencing an issue. Retrying shortly after should work.

Params

Param name Description
key
required

Your API key (you can optionally use the Authorization header for improved security)

Validations:

  • Must be a String


Metadata:
Type: query parameter
Example: "?key=68989f507420b6187c7e4fa32245db311efed505"
id
optional

The source device to check against the parents and derivations

Validations:

  • Must be a Integer


Metadata:
Type: URL
other_device_id
optional

The end device that the source one should be a child or derived from for this to be considered true.

Validations:

  • Must be a Integer


Metadata:
Type: URL

Headers

Header name Description
Authorization
optional
Authorization header containing your API key (Bearer standard). Example value for the header: `Bearer 68989f507420b6187c7e4fa32245db311efed505`

GET /api/v2/devices/:id/profiling_rules

WARNING: This API endpoint is only available through licensing - contact us for details.

Allows to obtain all the profiling rules that apply to a specific device. This contains both regular expressions (surrounded by slashes) as well as exact string matches (no surrounding slashes).

Supported Formats

Response : application/json

Errors

Code Description
401 This request is unauthorized. Either your key is invalid or wasn't specified.
403 This request is forbidden. Your account may have been blocked.
429 The amount of requests per minute has been exceeded. All accounts (even the unlimited ones) are rate limited to 250 requests per minute unless agreed otherwise with Inverse.
502 No API backend was able to process the request. The system may be overloaded, in maintenance or experiencing an issue. Retrying shortly after should work.

Params

Param name Description
key
required

Your API key (you can optionally use the Authorization header for improved security)

Validations:

  • Must be a String


Metadata:
Type: query parameter
Example: "?key=68989f507420b6187c7e4fa32245db311efed505"
mode
optional

Allows to specify a formatting mode to obtain the rules split by direct/inherited/derived.

Validations:

  • Must be a String


Metadata:
Type: query
Example: "/api/v2/devices/1/profiling_rules?mode=split"

Returns

Code: 200

Description:

In the default mode, it returns a JSON response with the following fields

Param name Description
destination_hosts
required

The destination hosts rules for the device

Validations:

  • Must be an array of String

dhcp_fingerprint
required

The DHCP fingerprint rules for the device

Validations:

  • Must be an array of String

dhcp_vendor
required

The DHCP vendor rules for the device

Validations:

  • Must be an array of String

hostname
required

The hostname rules for the device

Validations:

  • Must be an array of String

ja3_data
required

The JA3 data rules for the device

Validations:

  • Must be an array of String

ja3_fingerprints
required

The JA3 fingerprints rules for the device

Validations:

  • Must be an array of String

mdns_services
required

The mDNS services rules for the device

Validations:

  • Must be an array of String

oui
required

The OUI rules for the device

Validations:

  • Must be an array of String

tcp_syn_ack_signatures
required

The TCP SYN-ACK rules for the device

Validations:

  • Must be an array of String

tcp_syn_signatures
required

The TCP SYN rules for the device

Validations:

  • Must be an array of String

upnp_server_strings
required

The UPnP server strings rules for the device

Validations:

  • Must be an array of String

upnp_user_agents
required

The UPnP User-Agent rules for the device

Validations:

  • Must be an array of String

user_agents
required

The HTTP User-Agent rules for the device

Validations:

  • Must be an array of String

Code: 200 with split mode

Description:

In the split mode, it returns a JSON response with the rules organized by direct/inherited/derived

Param name Description
derived
required

The profiling rules for the device that are obtained via derivations

Validations:

  • Must be a Hash

derived[destination_hosts]
required

The destination hosts rules for the device

Validations:

  • Must be an array of String

derived[dhcp_fingerprint]
required

The DHCP fingerprint rules for the device

Validations:

  • Must be an array of String

derived[dhcp_vendor]
required

The DHCP vendor rules for the device

Validations:

  • Must be an array of String

derived[hostname]
required

The hostname rules for the device

Validations:

  • Must be an array of String

derived[ja3_data]
required

The JA3 data rules for the device

Validations:

  • Must be an array of String

derived[ja3_fingerprints]
required

The JA3 fingerprints rules for the device

Validations:

  • Must be an array of String

derived[mdns_services]
required

The mDNS services rules for the device

Validations:

  • Must be an array of String

derived[oui]
required

The OUI rules for the device

Validations:

  • Must be an array of String

derived[tcp_syn_ack_signatures]
required

The TCP SYN-ACK rules for the device

Validations:

  • Must be an array of String

derived[tcp_syn_signatures]
required

The TCP SYN rules for the device

Validations:

  • Must be an array of String

derived[upnp_server_strings]
required

The UPnP server strings rules for the device

Validations:

  • Must be an array of String

derived[upnp_user_agents]
required

The UPnP User-Agent rules for the device

Validations:

  • Must be an array of String

derived[user_agents]
required

The HTTP User-Agent rules for the device

Validations:

  • Must be an array of String

direct
required

The profiling rules for the device that are directly assigned to the device

Validations:

  • Must be a Hash

direct[destination_hosts]
required

The destination hosts rules for the device

Validations:

  • Must be an array of String

direct[dhcp_fingerprint]
required

The DHCP fingerprint rules for the device

Validations:

  • Must be an array of String

direct[dhcp_vendor]
required

The DHCP vendor rules for the device

Validations:

  • Must be an array of String

direct[hostname]
required

The hostname rules for the device

Validations:

  • Must be an array of String

direct[ja3_data]
required

The JA3 data rules for the device

Validations:

  • Must be an array of String

direct[ja3_fingerprints]
required

The JA3 fingerprints rules for the device

Validations:

  • Must be an array of String

direct[mdns_services]
required

The mDNS services rules for the device

Validations:

  • Must be an array of String

direct[oui]
required

The OUI rules for the device

Validations:

  • Must be an array of String

direct[tcp_syn_ack_signatures]
required

The TCP SYN-ACK rules for the device

Validations:

  • Must be an array of String

direct[tcp_syn_signatures]
required

The TCP SYN rules for the device

Validations:

  • Must be an array of String

direct[upnp_server_strings]
required

The UPnP server strings rules for the device

Validations:

  • Must be an array of String

direct[upnp_user_agents]
required

The UPnP User-Agent rules for the device

Validations:

  • Must be an array of String

direct[user_agents]
required

The HTTP User-Agent rules for the device

Validations:

  • Must be an array of String

parents
required

The profiling rules for the device that are inherited from the parents and virtual parents

Validations:

  • Must be a Hash

parents[destination_hosts]
required

The destination hosts rules for the device

Validations:

  • Must be an array of String

parents[dhcp_fingerprint]
required

The DHCP fingerprint rules for the device

Validations:

  • Must be an array of String

parents[dhcp_vendor]
required

The DHCP vendor rules for the device

Validations:

  • Must be an array of String

parents[hostname]
required

The hostname rules for the device

Validations:

  • Must be an array of String

parents[ja3_data]
required

The JA3 data rules for the device

Validations:

  • Must be an array of String

parents[ja3_fingerprints]
required

The JA3 fingerprints rules for the device

Validations:

  • Must be an array of String

parents[mdns_services]
required

The mDNS services rules for the device

Validations:

  • Must be an array of String

parents[oui]
required

The OUI rules for the device

Validations:

  • Must be an array of String

parents[tcp_syn_ack_signatures]
required

The TCP SYN-ACK rules for the device

Validations:

  • Must be an array of String

parents[tcp_syn_signatures]
required

The TCP SYN rules for the device

Validations:

  • Must be an array of String

parents[upnp_server_strings]
required

The UPnP server strings rules for the device

Validations:

  • Must be an array of String

parents[upnp_user_agents]
required

The UPnP User-Agent rules for the device

Validations:

  • Must be an array of String

parents[user_agents]
required

The HTTP User-Agent rules for the device

Validations:

  • Must be an array of String

Headers

Header name Description
Authorization
optional
Authorization header containing your API key (Bearer standard). Example value for the header: `Bearer 68989f507420b6187c7e4fa32245db311efed505`

GET /api/v2/devices/:id/outbound_communications

WARNING: This API endpoint is only available through licensing - contact us for details.

Allows you to obtain the hosts+ports a device should be communicating with. Used for anomalous detection purposes.

Supported Formats

Response : application/json

Errors

Code Description
401 This request is unauthorized. Either your key is invalid or wasn't specified.
403 This request is forbidden. Your account may have been blocked.
429 The amount of requests per minute has been exceeded. All accounts (even the unlimited ones) are rate limited to 250 requests per minute unless agreed otherwise with Inverse.
502 No API backend was able to process the request. The system may be overloaded, in maintenance or experiencing an issue. Retrying shortly after should work.

Examples

Example response body:
["app.webtma.net:80","geo-prod.do.dsp.mp.microsoft.com:*"]

The body above states that the device normally communicates with app.webtma.net on port 80 and with geo-prod.do.dsp.mp.microsoft.com on any port.

Params

Param name Description
key
required

Your API key (you can optionally use the Authorization header for improved security)

Validations:

  • Must be a String


Metadata:
Type: query parameter
Example: "?key=68989f507420b6187c7e4fa32245db311efed505"

Returns

Code: 200

Description:

Array of string values with the known outbound communications of the device

Param name Description

Headers

Header name Description
Authorization
optional
Authorization header containing your API key (Bearer standard). Example value for the header: `Bearer 68989f507420b6187c7e4fa32245db311efed505`

GET /api/v2/devices/base_info

This method allows to obtain a JSON dump of all the devices in the Fingerbank database.

Errors

Code Description
401 This request is unauthorized. Either your key is invalid or wasn't specified.
403 This request is forbidden. Your account may have been blocked.
429 The amount of requests per minute has been exceeded. All accounts (even the unlimited ones) are rate limited to 250 requests per minute unless agreed otherwise with Inverse.
502 No API backend was able to process the request. The system may be overloaded, in maintenance or experiencing an issue. Retrying shortly after should work.

Params

Param name Description
key
required

Your API key (you can optionally use the Authorization header for improved security)

Validations:

  • Must be a String


Metadata:
Type: query parameter
Example: "?key=68989f507420b6187c7e4fa32245db311efed505"
fields
optional

Comma delimited list of fields to have in the dump. Allowed fields are: id, name, parent_id, virtual_parent_id, details. Default value is ‘id,name’ when the parameter isn’t specified

Validations:

  • Must be a String


Metadata:
Type: query parameter
Example: "?fields=id,name,parent_id"

Headers

Header name Description
Authorization
optional
Authorization header containing your API key (Bearer standard). Example value for the header: `Bearer 68989f507420b6187c7e4fa32245db311efed505`