Cloud Administration Retrieve High-Risk User List API Version 2

Document created by RSA Information Design and Development Employee on Apr 28, 2020Last modified by RSA Information Design and Development Employee on Oct 20, 2020
Version 8Show Document
  • View in full screen mode

Use the Cloud Administration Retrieve High-Risk User List API to retrieve users who have been marked as high risk. Accounts for these users may have been compromised. A security information and event management (SIEM) solution, such as RSA NetWitness, may mark users with suspicious activity as high risk.

For Version 1 of this API, see Cloud Administration Retrieve High-Risk User List API Version 1.

Note:  This API is available only for Premium Edition.

Authentication

Clients calling this API must authenticate themselves by including a JSON Web Token in a request. For instructions on using this token, see Authentication for the Cloud Administration APIs .

Administrative Roles

This API must use an API key that is associated with the Super Administrator role. For more information, see Manage the Cloud Administration API Keys.

Software Developer Kit

You can download the API Software Developer Kit (SDK) from Cloud Administration REST API Download.

Request Requirements

Use the following information to retrieve a list of users who are marked as high risk.

                        
MethodRequest URLResponse Content TypeResponse BodyResponse Codes
GET /AdminInterface/restapi/v2/users/highriskapplication/jsonList of users that contains a high-risk flag set to true.200, 403, 500

Request Body Parameters

No query parameters are supported at this time.

Example Request Body

The following example displays a request.

GET /AdminInterface/restapi/v2/users/highrisk

No Body

Authorization: Bearer <JWT token>

Example Response Body

The following example displays a response body.

{

"users": [

{

"email": "user.one@mycompany.com",

"primaryUsername": "user.one",

"alternateUsername":""

},

{

"email": "user.two@mycompany.com",

"primaryUsername": "user.two",

"alternateUsername":""

},

{

"email": "user.three@mycompany.com",

"primaryUsername": "user.three",

"alternateUsername":""

},

]

}

Property Response Descriptions

The following table shows property response descriptions and data types.

                            
PropertyDescriptionData Type
emailUser's email address.String
primaryUsername

User's primary username. This is sAMAccountName for Active Directory and uid for LDAPv3 directory servers.

String
alternateUsername

User's alternate username. This attribute is returned only when the identity source is configured to synchronize this attribute.

String

Response Codes

The following table shows response codes for this API.

                       
CodeDescription
200Operation completed successfully.
403Not authorized to perform the request.
500

Internal error occurred.

 

 

 

You are here
Table of Contents > Cloud Administration Retrieve High-Risk User List API Version 2

Attachments

    Outcomes