Retrieving raw scanned file data
Available from 9.2.2. You use the GET
operation on the /api/sam/raw_file_facts
element to retrieve information about
all files discovered on the computers in your infrastructure. The API returns details of
existing files as well as historical data about files that were removed. By default, raw data is
preserved for 7 days. To change this period, go to Management > Advanced Server
Settings and change the value of the
raw_data_api_history_keep_days
parameter.
Note
To obtain information about detected software use api/sam/v2/software_instances API.
Prerequisites
- To improve performance, retrieve raw scanned file data in chunks of 10 000 records.
- Retrieve the total number of available
records.
https://hostname:port/api/sam/raw_file_facts?token=token&countSwitch=2
- Retrieve the first 10 000 records by using the limit
parameter.
https://hostname:port/api/sam/raw_file_facts?token=token&countSwitch=1&limit=10000&offset=0
- Retrieve the next 10 000 records. You omit the already retrieved records by using the
offset
parameter.
https://hostname:port/api/sam/raw_file_facts?token=token&countSwitch=1&limit=10000&offset=10000
- Retrieve the total number of available
records.
Permissions
You must have the View Raw Data permission to perform this task.
Resource URL
https://hostname:port/api/sam/raw_file_facts?token=token
Resource information
Operation details | Description |
---|---|
HTTP method | GET |
Request headers |
Negotiates the language of the response. If the header is not specified, the content is returned in the server language. |
Request format |
|
Response headers |
Specifies the content type of the response. |
Specifies the language of the response content. If this header is not specified, the content is returned in the server language. |
|
Response payload | File Fact element |
Response format |
|
Response codes |
|
Schema description
GET api/sam/schemas/raw_file_fact.json?token=token
Available columns
Column | Description | Displayed by default | Type |
---|---|---|---|
computer_id | Identifier of the computer on which the file was discovered. | ✓ | String |
path | Path where the file was discovered. | ✓ | String |
name | Name of the discovered file. | ✓ | String |
size | Size of the discovered file. | ✓ | Integer |
version | Version of the discovered file if available. | ✓ | String |
md5 | MD5 checksum of the file. | ✓ | String |
sha256 | SHA256 checksum of the file. | ✓ | String |
valid_from | Date of the first import that contained information about the file. | ✓ | String |
valid_to | Date of the first import that did not include information about the file. The value
9999-12-31T23:59:59Z indicates that the file is still being discovered. |
✓ | String |
Applicable associations
Query parameters
Parameter | Description | Required | Value |
---|---|---|---|
columns[] | Specify which columns to retrieve. If you do not specify this parameter, only
default columns are retrieved. Example: Retrieve the name and size of a
file:
|
String | |
order | Specify how to sort the returned data. The default direction for sorting
columns is ascending. If you want to specify a descending sort, append desc to the
column name. Example: Order by
name
|
String | |
limit | Specify the number of rows to retrieve. If you omit this parameter, 100 000
rows are retrieved. The number is defined by the raw_data_api_default_limit parameter on the
Advanced Server Settings panel. Example: Retrieve 100
records
|
Numeric | |
offset | Specify the number of rows to skip for retrieving results. You can use it
together with the limit parameter to paginate results. Example: Retrieve 50
records starting after record
150:
|
Numeric | |
token | A unique user authentication identifier. You can retrieve it by using REST API for retrieving authentication token. You can also log in to BigFix Inventory, hover over the User icon , and click Profile. Then, click Show token. | ✓ | Alphanumeric |
criteria | Retrieve records which match specific conditions. The parameter should have the following
structure, written in one line:
For more information about operators, see Common connectors and operators. Example: Retrieve
scanned file data from computer systems with ID greater than
10:
For columns that use the date and time values, such as Last Seen, you can retrieve data also for a period instead of a specific date. To do so, use last or next as <operator>, and then specify the time value in the following convention: PxD/PxW/PxM/PxY, where x is a number in the 1-999 range, and D, W, M, or Y is a designator that represents days, weeks, months, or years respectively. Example: Retrieve computers that were
first reported in BigFix Inventory within last 7
days
|
Example conversation - default columns
- Request
GET api/sam/raw_file_facts ?token=7adc3efb175e2bc0f4484bdd2efca54a8fa04623 Host: localhost:9081 Accept: application/json Accept-Language: en-US
- Response body
{ "computer_id": 5, "path": "C:\BES\BESAirgapTool", "name": "BESAirgapTool.exe", "size": 92174, "version": null, "valid_from": "2015-07-31T07:03:21Z" "valid_to": "9999-12-31T23:59:59Z" } { "computer_id": 5, "path": "C:/Program Files/ibm/SQLLIB/BIN", "name":"db2set.exe", "size": 81768, "version": "10.1", "valid_from": "2015-07-31T07:03:21Z", "valid_to": "9999-12-31T23:59:59Z" }