Getting Started with the Collector GraphQL APIs
Important
Before proceeding, complete the API Authentication steps in order to obtain a working client_id and client_secret.
Regions
The URL to access XDR APIs may differ according to the region your environment is deployed in:
- US1—
https://api.ctpx.secureworks.com - US2—
https://api.delta.taegis.secureworks.com - US3—
https://api.foxtrot.taegis.secureworks.com - EU—
https://api.echo.taegis.secureworks.com
The examples in this XDR API documentation use https://api.ctpx.secureworks.com throughout. If you are in a different region substitute appropriately.
You can use the Secureworks® Taegis™ XDR collector APIs to query for your data collectors and get general information about their deployments, endpoints, and their configuration and health. These APIs also allow you to create, update, and delete collectors and their associated attributes. All available collector API endpoints can be found in the Collector GraphQL API and Datasource GraphQL API reference.
Things to Consider ⫘
- You should have prior knowledge of Taegis™ XDR Collector functionality. For more information on XDR Collector see On-Premises Data Collector.
- From the API perspective, a collector corresponds to a single-node cluster. Currently, the terms cluster and collector are used here interchangeably.
- Each collector has a role tag associated with it defaulting to collector. These role tags denote which set of helm charts are installed on your collectors. You can always add custom deployments and endpoints regardless of your collector’s current role but non-standard roles are currently discouraged outside of testing and specialized setups.
Create a Collector ⫘
mutation createCluster($clusterInput: ClusterInput! = { name: "sample-collector" description: "a collector created from a script!" network: { dhcp: true, hostname: "sample-collector-host" } })
{
createCluster(clusterInput: $clusterInput)
{
createdAt updatedAt id role name type clusterType description network { dhcp hostname hosts address mask gateway dns ntp proxy } deployments { createdAt updatedAt id role name description chart version config status { name createdAt updatedAt id status } endpoints { createdAt updatedAt id description address port validity { from until } credentials } } status { name createdAt updatedAt id status } health healthState registration { id region } maintenanceDay maintenanceStartHour maintenanceDuration clusterNodes { createdAt updatedAt id name description network { dhcp hostname hosts address mask gateway dns ntp proxy } health registration { id region } host } isHa haCidrBlock
}
}
Query Collectors ⫘
query getAllClusters($role: String! = "collectors")
{
getAllClusters(role: $role)
{
createdAt updatedAt id role name type clusterType description network { dhcp hostname hosts address mask gateway dns ntp proxy } deployments { createdAt updatedAt id role name description chart version config status { name createdAt updatedAt id status } endpoints { createdAt updatedAt id description address port validity { from until } credentials } } status { name createdAt updatedAt id status } health healthState registration { id region } maintenanceDay maintenanceStartHour maintenanceDuration clusterNodes { createdAt updatedAt id name description network { dhcp hostname hosts address mask gateway dns ntp proxy } health registration { id region } host } isHa haCidrBlock
}
}
Note
Some users may need to remove credentials from the endpoints section.
Next Steps ⫘
For more information, see the Collector GraphQL API and Datasource GraphQL API documentation.