Self-Remediation via Okta
Engage end-users during auth to self-remediate issues
Security & Compliance Checks
Monitor your entire Linux, Mac, and Windows fleet
Device Inventory
Your fleet represented in thousands of data points
Implement Zero Trust Access
Prevent unsecure devices from accessing your apps
Achieve 100% Device Compliance
Measure, achieve, and maintain your compliance goals
Gain Fleet Visibility
Become "all knowing" across Linux, Mac, and Windows
Help / Docs Product Changelog App Security Company
From the blog

Blog

Contents

Changelog

API - New Global Failures Endpoints

May 13th, 2021

In March, we introduced a new global failures view to Kolide. This view makes it much easier for administrators to locate failures without clicking into a specific Check.

Since releasing this feature, we’ve heard a lot of great feedback from our customers that would love to list failures without needing to know anything about a check beforehand. Well, we’ve heard you, and we are proud to announce that we’ve just shipped an update to our API that enables just this use-case. So let’s run through the changes.

New Failures Endpoints

View the documentation about this endpoint.

The new failures endpoints make it simple to list and access specific failures without knowing anything about the check or device they belong to. Here are some things you can do today.

List All Failures

https://k2.kolide.com/api/v0/failures

This endpoint lists all failures for all enabled checks, regardless of their resolved/open/ignored state. Once you have an API token, you can call it using the following curl example:

curl -H "Authorization: Bearer $PRODAPIKEY" 'https://k2.kolide.com/api/v0/failures'

List Failures By Status

Failures can be ignored, resolved, or open. Accordingly, you can scope the list of failures using those keywords as shown below:

curl -H "Authorization: Bearer $PRODAPIKEY" 'https://k2.kolide.com/api/v0/failures/open'

curl -H "Authorization: Bearer $PRODAPIKEY" 'https://k2.kolide.com/api/v0/failures/resolved' 

curl -H "Authorization: Bearer $PRODAPIKEY" 'https://k2.kolide.com/api/v0/failures/ignored'

All of these endpoints respond with a structure that matches the https://k2.kolide.com/api/v0/devices/<deviceID>/failures and https://k2.kolide.com/api/v0/checks/<checkID>/failures endpoints.

Show A Specific Failure

Before, admins could only retrieve details for a single failure through the device or check API endpoints. Now, if you know the failure’s ID, you can use just the following endpoint:

curl -H "Authorization: Bearer $PRODAPIKEY" 'https://k2.kolide.com/api/v0/failures/$FAILUREID'

New Failure Attribute - escalation_status

In addition, we’ve added a new attribute to the failure entity to indicate the escalation status of the failure. The escalation_status attribute can have one of the following values:

  • Not Escalated
  • User contact attempts exhausted
  • User requested help
  • No owner assigned

You can get more information, including full response schemas, on our API documentation site.

As always, we welcome comments and feedback from our API users. If you have a use case, please reach out to us via support@kolide.co or Intercom, and we’d love to chat about it.

Share this story:

More articles you
might enjoy:

Changelog
New API Actions: Assign Device / Issue Live Query
Kolide
Changelog
Kolide Side Dishes
Kolide
Changelog
Improvements Enrolling Personal Devices in Kolide
Kolide
Watch a Demo
Zero Trust Access
Designed for Okta
Watch a Demo