Endpoint Protection

  • Private Community
 View Only

  • 1.  Rest API limit to 1000 computers

    Posted Jun 07, 2020 08:16 PM
    HI all,

    We are currently trying to get list all our computers connected to SEP through the Resp API at URL https://api.sep.securitycloud.symantec.com/

    We're invoking through command (I just replaced the device group ID ;-)
    $GCCGroupPath = "v1/device-groups/<DeviceGroupId>/devices"
    $GCCDeviceGroupURI = $URL + $GCCGroupPath
    $headers = @{
        'Accept' = 'application/json'
        'Authorization' = 'Bearer ' + $AccessToken
        'Content-Type' = 'application/json'
        'limit' = "500"
        'offset' = '2'
    }
    $RestMessage = Invoke-RestMethod -Method 'GET' -Uri $GCCDeviceGroupURI -Headers $headers

    The command returns the right total of computers, but the list of devices is limited to 1000 devices

    total     devices
    -----     -------
    12119     {@{id=--KGCEYOTbKFA5jQzEpImQ; name=C1014933}, @{id=--pWbIqnRS-SJAVA1hbjwg; nam...

    As anyone faced this and found a trick to work around it ?
    Thanks

    MIchael




  • 2.  RE: Rest API limit to 1000 computers

    Posted Jun 08, 2020 04:58 PM
    Unfortunately I can't answer your question but I thought I'd let you know that you're not alone with this. I've run into this and have not yet found a way to list more that 1000 devices using an API call. I've tried setting headers named pageNumber, pageSize, limit, page and pager and even tried including a body with different configurations but it wont accept a body, probably because it's a GET request. There's also nothing in the response I can see to use like a NextLink. So far nothing I've found seems to get around this limitation but surely there must be a way or the API is pretty much useless. We have over 5600 devices in our main PC device group so I can't perform any actions on the ones above 1000.

    I'm fairly new to using this Symantec API and originally tried to use this document, https://apidocs.symantec.com/home/SEPC#_device, to get the ID of a device directly without having to list all the devices in a group. Unfortunately nothing in this doc seems to work so I'm assuming it's an old doc that's no longer valid and they've just left it up to annoy their clients. I did post a question to find out if this doc was valid or not but so far haven't had a single response.

    If you do find the solution to this issue, please post it hear because I'd really like to know the solution.

    John
    Original Message


  • 3.  RE: Rest API limit to 1000 computers

    Posted Jun 12, 2020 04:41 AM

    I have an on-prem SEP Server installation (not cloud-based) and this is how I work around the API limits on number of computers retrieved:

    $allComputers = @()

for($i=1; $i -le 2; $i++)
{
    Write-Host "   Step $($i) of 2 - retrieving up to 10000 records" -NoNewline
    $allComputers += (Invoke-RestMethod -uri "$($sepServer)computers pageIndex=$($i)&pageSize=10000" -Headers $loginResult[1] -ContentType $ContType -Method GET).content
     Write-Host "...Complete"
}
Write-Host "Completed retrieving data"


    I have less than 20,000 computers, and this loop retrieves 10,000 of them at a time (the maximum the API would let me get each run).  Older versions of the SEP API would also confuse Invoke-RestMethod cmdlet in that the data would contain duplicate JSON field names per object.  The later versions of the SEP API seem to have resolved that problem.  For older versions of the SEP API, I would use Invoke-WebRequest instead and then have PowerShell search/replace the duplicate field names to recreate a "PowerShell compatible" JSON object.


    Original Message


  • 4.  RE: Rest API limit to 1000 computers

    Posted Jun 15, 2020 04:54 PM
    Unfortunately I tried passing both pageIndex and pageSize as a query, both together and separately like this pageIndex=2&Pagesize=2000, but it made no difference to the response I received back. I also tried passing them with a space in-between the URL and the query which seems to be how you're doing it but that made no difference. I've tried passing every option I've ever used in a REST API to get the next page or a set number of results but nothing seems to change what's returned.

    I've submitted 2 tickets for the cloud API not working and support have close both saying they don't support it and that I'd have to pay for consulting services. Why on earth would I pay for consulting services to use a feature that we're already paying for that doesn't work. Unless they're able to do some development work to fix it, what are they going to do? Even if they can do development work, I don't feel like we should be paying Broadcom to fix a product we're already paying for.

    I've come to the conclusion that the the cloud API just doesn't work and that it's falsely advertised as being a feature. There seems to be plenty of people successfully using the API with the Manager but no one successfully using the cloud API. One of our requirements when we decided to switch to Symantec was a REST API and now we know they don't have one we'll be switching to another vendor as soon as our contact allows.
    Original Message


  • 5.  RE: Rest API limit to 1000 computers

    Posted Jun 15, 2020 05:17 PM
    Hi,
    The thing with the CLoud solution is that it is sending only 1 result...
    1 single line with 2 arguments... the count of devices, and then the name of the first 1000 devices. So unless they develop something that allows a better result, it will be hard to get something relevant

    Since Broadcom has acquired Symantec, all is just a mess. Sales rep are changing, portals are changing and we can't call the support. The proposed solution looked pretty interesting, but we are missing so many promised features that it becomes pretty difficult for us to handle the volume of computers.

    I will try to contact our sales teamto see what we can do here.
    Original Message


  • 6.  RE: Rest API limit to 1000 computers

    Posted Jun 15, 2020 05:36 PM
    Edited by ClayShooter Jun 15, 2020 05:37 PM

    Michael - I looked more closely at your example output above in your original message, and based on your last message "single line with 2 arguments" comment.  It looks like the result you get back in the $RestMessage variable might include an array of 12000 computer objects.  Maybe you already know this and I'm barking up the wrong tree, but if after you run the API call in PowerShell you enter the following:

    $RestMessage.total  --this should give you just the number you see in your result of count of computers

    $RestMessage.devices  --this should spill out on the screen the 12K computer objects

    $RestMessage.devices[0] --this should give you the first of the 12K computer objects with all the SEP database details of that object

    I hope that helps.


    Original Message


  • 7.  RE: Rest API limit to 1000 computers

    Posted Jun 15, 2020 05:38 PM
    Thanks Michael. I would appreciate any help you can provide. The calls in this doc https://apidocs.symantec.com/home/sep_15 seem to work except with the 1000 device limit ,which makes it unusable. As far as I can tell, the calls in this doc https://apidocs.symantec.com/home/SEPC don't work at all with the exception of the one to get events. All the others give an access denied message despite having a valid token and sending the correct headers.

    I've tired to raise my last ticket to management but I'm not sure what will come of that. I know things are going through some changes with Broadcom's acquisition but as a new user that purchased the product just before the change, it's been a very frustrating process trying to switch over and we're definitely feeling like we made a mistake in doing so.
    Original Message