NinjaOne RMM
LAST UPDATED: 09/17/2024
Overview
NinjaOne RMM is a remote monitoring and management software. It provides the tools to monitor IT infrastructure from anywhere. NinjaRMM provides this capability from a single-pane-of-glass and allows organizations to create custom alerts based on system performance.
D3 SOAR is providing REST operations to function with NinjaOne RMM.
NinjaOne RMM is available for use in:
Connection
To connect to NinjaOne RMM from D3 SOAR, please follow this part to collect the required information below:
Parameter | Description | Example |
Default | ||
Server URL | The server URL for the API connection on the domain level is the same as your NinjaOne UI portal URL. | https://ca.ninjarmm.com |
Grant Type | The OAuth2.0 grant type that D3 vSOC uses for authentication and acting on behalf of a user. If you select the Authorization_code option, make sure to also input both an Authorization Code and a Refresh Token (see Authorization Code Flow - Public API for details). If you select the Client_Credentials option, you do not need to provide those fields (see Client Credentials Flow for details). | Client_credentials |
Grant Type = Client_credentials | ||
API Version | The API version used for establishing the connection. | v2 |
Client ID | The client ID used for authenticating the API connection. | CLIENT_ID |
Client Secret | The secret code used for authenticating the API connection. | ****** |
Scope | A space-separated list of application scopes to access. Available options include "monitoring", "management", and "control." By default, the scope is monitoring. When modifying the scope of the connection, a new connection should be created instead of altering an existing connection. | monitoring management |
Grant Type = Authorization_code | ||
API Version | The API version used for establishing the connection. | v2 |
Client ID | The client ID used for authenticating the API connection. | ***** |
Client Secret | The client secret to authenticate the API connection. | ***** |
Scope | A space-separated list of application scopes to access. Available options include "monitoring", "management", and "control." By default, the scope is monitoring. When modifying the scope of the connection, a new connection should be created instead of altering an existing connection. | Monitoring Management |
Authorization Code | The authorization code used specifically for the Authorization_code grant type. Click on the Get Authorization button on the New Connection form to automatically generate the authorization code. | 0.AXgA*****QgAA |
Callback URL | The Callback URL necessary for the Authorization_code grant type. Add this URL to your NinjaOne application's Redirect URIs. Please refer to Register Regular Web Applications | NinjaOne RMM for details. | https://v2019.d3securityonline.net/V127Cyber/VSOC/Auth2Callback.aspx |
Refresh Token | The refresh token for the Authorization_code grant type. Click on the Get Refresh Token button on the New Connection form to automatically generate a refresh token. | 851f*****xlRk= |
Permission Requirements
Each endpoint in the NinjaOne RMM API requires a certain permission scope. The following are required scopes for the commands in this integration:
Command | Required Scopes | |
Control Device Windows Service | Management + Control | |
Create Agent | Management | |
Delete Devices | Management | |
Execute Command | The Execute Command can send requests to various endpoints, each with unique scope requirements. Refer to the reader note below to determine the appropriate scope(s). | |
Fetch Event | Monitoring | |
Get Device Health Reports | Monitoring | |
List Automation Scripts | Monitoring | |
List Device Custom Fields | Monitoring | Note: The custom fields being used must be assigned with the API: Read Only or Read/Write Permissions. Please refer to Configuring Custom Fields | NinjaOne for setup details. |
List Device OS Patch Installation Reports | Monitoring | |
List Devices | Monitoring | |
List Device Scripting Options | Monitoring | |
List Devices With Pending Failed Rejected OS Patches | Monitoring | |
List Devices With Pending Failed Rejected SW Patches | Monitoring | |
List Device Software Patch Installation Reports | Monitoring | |
List Device Windows Services | Monitoring | |
Run Script Or Built-in Action | Management + Control | |
Update Device Custom Field Values | Management | Note: The custom fields being used must be assigned with the API: Read/Write Permissions. Please refer to Configuring Custom Fields | NinjaOne for setup details. |
Test Connection | Monitoring |
READER NOTE
Scope: A specific set of permissions required to execute specific commands. Scopes are associated with the credentials generated for accessing the NinjaOne RMM API.
Monitoring: grants read-only access to monitoring data and organization structure.
Management: allows modification of device and organization information; including creating new organizations, adding new devices, running scripts, etc.
Control: enables remote access via API.
Refer to https://app.ninjarmm.com/apidocs-beta/authorization/create-applications/machine-to-machine-apps for more information.
Configuring NinjaOne RMM to Work with D3 SOAR
Login to NinjaOne RMM at https://app.ninjarmm.com/auth/#/login.
Add a Client App.
Navigate to the Administration menu item on the left sidebar.
Click on the Apps accordion.
Click on the API section.
Click on the Client App IDs tab.
Click on the Add button on the upper right hand side.
Select the API Services (machine-to-machine) dropdown option.
Fill in the Application Configuration form.
Enter an application Name.
Copy the Callback URL from D3 SOAR and paste it into the Redirect URIs field (refer to step 3h > Grant Type: Authorization_code > step 8 in the Configuring D3 SOAR to Work with NinjaOne RMM section to retrieve the Callback URL).
Select your desired Scopes. Check the Permission Requirements section for the required scope for each command.
Choose your Allowed Grant Types.
Grant Type=Authorization_code: Select all 3 options (Authorization Code, Client Credentials and Refresh Token).
Grant Type=Client_credentials: Select the Client Credentials option.
ALERT
As of July 11 2024, if you choose to establish a connection to NinjaOne RMM using the Authorization_code grant type, ensure that the Client Credentials checkbox is also selected. Not selecting the Client Credentials checkbox may result in the Client Secret not being generated.
Click the Save button located at the top right corner. Afterward, you will be redirected to view the client secret credential.
Copy and store your client secret. You will not be able to see it again.
Find your API Client App back in the Administration > Apps > API > Client App IDs page, then copy and store your client ID.
Configuring D3 SOAR to Work with NinjaOne RMM
Log in to D3 SOAR.
Find the NinjaOne RMM integration.
Navigate to Configuration on the top header menu.
Click on the Integration icon on the left sidebar.
Type NinjaOne RMM in the search box to find the integration, then click it to select it.
Click + Connection, on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to NinjaOne RMM.
Connection Name: The desired name for the connection.
Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.
Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
Description (Optional): Add your desired description for the connection.
Tenant (Optional): When configuring the connection from a master tenant site, you have the option to choose the specific tenant sites you want to share the connection with. Once you enable this setting, you can filter and select the desired tenant sites from the dropdowns to share the connection.
Configure User Permissions: Defines which users have access to the connection.
Active: Check the tick box to ensure the connection is available for use.
System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
Grant Type: Client_Credentials
Input the Server URL. The default value is https://app.ninjarmm.com.
Choose the Grant Type. The default value is Client_credentials.
Input the API Version. The default value is v2.
Input the Client ID. Copy the Client ID from the NinjaOne RMM platform. Please refer to step 7 of Configuring NinjaOne RMM to Work with D3 SOAR.
Input the Client Secret.Copy the Client Secret from the NinjaOne RMM platform. Please refer to step 6 of Configuring NinjaOne RMM to Work with D3 SOAR.
(Optional) Input the Scope. The default value is monitoring.
Grant Type: Authorization_code
Input the Server URL. The default value is https://app.ninjarmm.com.
Choose the Grant Type. Select the Authorization_code dropdown option.
Input the API Version. The default value is v2.
Input the Client ID. Copy the Client ID from the NinjaOne RMM platform. Please refer to step 7 of Configuring NinjaOne RMM to Work with D3 SOAR.
Input the Client Secret. Copy the Client Secret from the NinjaOne RMM platform. Please refer to step 6 of Configuring NinjaOne RMM to Work with D3 SOAR.
(Optional) Input the Scope. The default value is monitoring.
Click on the Get Authorization button to be directed to another page. On the new page, click the Authorize button, copy the provided Authorization Code, and paste it in the D3 vSOC Authorization Code field.
Copy this Callback URL and paste it into the Redirect URIs field on the NinjaOne RMM platform. Refer to step 4b of the Configuring NinjaOne RMM to Work with D3 SOAR section.
Click on the Get Refresh Token button to generate the refresh token.
Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active.
To set up a connection health check, check the Connection Health Check tick box. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.
Test the connection.
Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green check mark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.
Click OK to close the alert window.
Click + Add to create and add the configured connection.
Commands
NinjaOne RMM includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.
Integration API Note
For more information about the NinjaOne RMM API, please refer to the NinjaOne RMM API reference.
READER NOTE
Certain permissions are required for each command. Please refer to the Permission Requirements and Configuring NinjaOne RMM to Work with D3 SOAR for details.
Note for Time-related parameters
The input format of time-related parameters may vary based on your account settings. As a result, the sample data provided in our commands is different from what you see. To set your preferred time format, follow these steps:
Navigate to Configuration > Application Settings. Select Date/Time Format.
Choose your desired date and time format.
After that, you will be able to view your preferred time format when configuring the DateTime input parameters for commands.
Control Device Windows Service
Starts/Stops/Restarts a Windows service for the specified device(s).
READER NOTE
Device IDs and Service Name are required parameters to run this command.
Run the List Devices command to obtain Device IDs. Device IDs can be found in the raw data at the path $.results[*].id.
Run the List Device Windows Services command to obtain Service Name. Service Names can be found in the raw data at the path $.results[*].name.
Input
Input Parameter | Required/Optional | Description | Example |
Device IDs | Required | The ID(s) of the device(s) to control a Windows service. Device IDs can be obtained using the List Devices command. |
CODE
|
Service Name | Required | The Windows service name to take a control action. Windows service names can be obtained using the List Device Windows Services command. | Netman |
Action | Required | The action to take on the Windows service, with the options: Start | Pause | Stop | Restart. | Stop |
Output
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Error Sample Data Control Device Windows Service failed. Status Code: 401. Message: Access key does not have required scope. |
Create Agent
Generates and returns the URL for the installer with the specified settings.
READER NOTE
Organization ID and Location IDs are required parameters to run this command.
Run the List Devices command to obtain the Organization ID. Organization IDs can be found in the raw data at the path $.results[*].organizationId.
Run the List Devices command to obtain Location IDs. Location IDs can be found in the raw data at the path $.results[*].locationId.
Input
Input Parameter | Required/Optional | Description | Example |
Organization ID | Required | The ID of the organization from which to generate the installer. Organization IDs can be obtained using the List Devices command. | ***** |
Location IDs | Required | The ID(s) of the location(s) from which to generate the installer(s). Location IDs can be obtained using the List Devices command. If multiple locations are provided, each location will generate one installer with the Organization ID. |
CODE
|
Installer Type | Required | The agent installer type with which to generate the installer, with the options: Windows .msi | Mac .dmg | Mac .pkg | Linux .deb | Linux .rpm. | Windows .msi |
Content | Optional | The additional content used to generate the installer. By default, the value is {}. |
CODE
|
Output
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Create Agent failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Access key does not have required scope. |
Error Sample Data Create Agent failed. Status Code: 401. Message: Access key does not have required scope. |
Delete Devices
Deletes specified device(s).
READER NOTE
Device IDs is a required parameter to run this command.
Run the List Devices command to obtain Device IDs. Device IDs can be found in the raw data at the path $.results[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Device IDs | Required | The ID(s) of the device(s) to delete. Device IDs can be obtained using the List Devices command. |
CODE
|
Output
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Delete Devices failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Access key does not have required scope. |
Error Sample Data Delete Devices failed. Status Code: 401. Message: Access key does not have required scope. |
Execute Command
Returns the according response based on the input parameters.
Input
Input Parameter | Required/Optional | Description | Example |
Endpoint Of API | Required | The API endpoint of the command to be used. Please refer to NinjaOne Public API 2.0 for available API endpoints. | /devices/search |
HTTP Request Method | Optional | The HTTP request method for the endpoint, with the options: GET | POST | PUT | PATCH | DELETE. By default, the value is GET. | GET |
HTTP Query Parameters | Optional | The HTTP query parameters for the endpoint. |
CODE
|
HTTP Request Body | Optional | The HTTP request body for the endpoint. This parameter is required when the HTTP request method is POST, PATCH or PUT. By default, the value is {}. |
CODE
|
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Error Sample Data Execute Command failed. Status Code: 401. Message: Access key does not have required scope. |
Fetch Event
Ingests active alerts into the D3 vSOC platform as events based on specified search criteria.
Input
Input Parameter | Required/Optional | Description | Example |
Start Time | Optional | Active alert updates after this time (in UTC) will be ingested. By default, the Start Time is set to 30 days prior to the End Time. | 2024-06-27 00:00 |
End Time | Optional | Active alert updates before this time (in UTC) will be ingested. By default, the End Time is set to the current time. | 2024-07-13 00:00 |
Source Type | Optional | Filters alerts based on their origin. | AGENT_OFFLINE |
Device Filter | Optional | Filters alerts by device. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax. | class=WINDOWS_SERVER AND offline |
Output
READER NOTE
The Unique Event Key field mapping is used to prevent duplicate event ingestions. D3 SOAR will check whether the value of a selected JSON path matches any Unique Event Key of previously ingested events. If a match is found, the event will be dismissed. If no match is found, an event will be created. However, if no Unique Event Key is mapped, the hash value from the event pending ingestion will be used to check for any matches with existing events. If no match is found, the event will be created.
Unlike most other D3 SOAR integrations, the NinjaOne RMM integration’s Fetch Event command’s Default Event Source mapping does not include a Unique Event Key to fetch the same active alerts with multiple updates.
Fetch Event Field Mapping
Fetch Event commands require event field mapping. Field mapping plays a key role for data normalization within the event pipeline. Field mapping converts the original data fields from the different providers to standardized D3 fields as defined by the D3 Model. Please refer to Event and Incident Intake Field Mapping for details.
To customize field mapping, click + Add Field and add the custom field of your choice. You can also remove built-in field mappings by clicking x. Please note that two underscore characters will automatically prefix the defined Field Name as the System Name for a custom field mapping. Additionally, if an input Field Name contains any spaces, they will automatically be replaced with underscores for the corresponding System Name.
As a system integration, the NinjaOne RMM integration has some pre-configured field mappings for default field mapping.
Default Event Source
The Default Event Source is the default set of field mappings that are applied when this fetch event command is executed. For out-of-the-box integrations, you will find a set of field mapping provided by the system. Default event source provides field mappings for common fields from fetched active alerts. The default event source has a "Main Event JSON Path" (i.e. $.Results) that is used to extract a batch of events from the response raw data. Click Edit Event Source to view the "Main Event JSON Path".Main Event JSON Path: $.Results
The Main Event JSON Path determines the root path where the system starts parsing raw response data into D3 event data. The JSON path begins with $, representing the root element. The path is formed by appending a sequence of child elements to $, each separated by a dot (.). Square brackets with nested quotation marks ([‘...’]) should be used to separate child elements in JSON arrays.
For example, the root node of a JSON Path is Results. The child node denoting the Device ID field would be deviceId. Putting it together, the JSON Path expression to extract the Device ID is $.Results.deviceId.
The pre-configured field mappings are detailed below:
Field Name | Source Field |
Device Approval Status | .device.approvalStatus |
Device Created Time | .device.created |
Device ID | .deviceId |
Device Is Offline | .device.offline |
Device Last Contact Time | .device.lastContact |
Device Last Update Time | .device.lastUpdate |
Device Maintenance Status | .device.maintenance.status |
Device Netbios Name | .device.netbiosName |
Device Role Name | .device.references.role.name |
Device Tags | .device.tags |
Last Updated Time | .updateTime |
Location Name | .device.references.location.name |
Organization Name | .device.references.organization.name |
Parent Device ID | .device.parentDeviceId |
Policy Name | .device.references.policy.name |
PSA Ticket ID | .psaTicketId |
Role Policy Name | .device.references.rolePolicy.name |
Title | .subject |
User ID | .userId |
DNS query name | .device.dnsName |
Document ID | .uid |
Device category | .device.nodeClass |
Device | .device.displayName |
Event Type | .sourceName |
Hostname | .device.systemName |
Start Time | .createTime |
Description | .message |
Alert Raw Log | .data |
Source type | .sourceType |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Fetch Event failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Access key does not have required scope. |
Error Sample Data Fetch Event failed. Status Code: 401. Message: Access key does not have required scope. |
Get Device Health Reports
Returns a list of device health summary records.
Input
Input Parameter | Required/Optional | Description | Example |
Device Filter | Optional | Filters returned device health reports. For example, to retrieve all offline Windows Servers, input "class=WINDOWS_SERVER AND offline". By default, the health summary record for all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax. | class=WINDOWS_SERVER AND offline |
Health Status | Optional | Filters device health summary records by device health status. By default, the health summary record of devices across all health statuses will be returned. | Unknown |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Device Health Reports failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Access key does not have required scope. |
Error Sample Data Get Device Health Reports failed. Status Code: 401. Message: Access key does not have required scope. |
List Automation Scripts
Returns a list of all available automation scripts.
Input
N/A
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Automation Scripts failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Access key does not have required scope. |
Error Sample Data List Automation Scripts failed. Status Code: 401. Message: Access key does not have required scope. |
List Device Custom Fields
Returns a list of custom field values for the specified device(s). Ensure that the custom fields are assigned API Read Only or Read/Write permissions. Please refer to Configuring Custom Fields | NinjaOne RMM for details on setting up API Read Only or Read/Write Permissions.
READER NOTE
Device IDs is a required parameter to run this command.
Run the List Devices command to obtain Device IDs. Device IDs can be found in the raw data at the path $.results[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Device IDs | Required | The ID(s) of the device(s) from which to retrieve custom field values. Device IDs can be obtained using the List Devices command. |
CODE
|
Output
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Device Custom Fields failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Access key does not have required scope. |
Error Sample Data List Device Custom Fields failed. Status Code: 401. Message: Access key does not have required scope. |
List Device OS Patch Installation Reports
Returns successful and failed patch installation history records.
Input
Input Parameter | Required/Optional | Description | Example |
Device Filter | Optional | Filters the returned OS patches. For example, to retrieve all offline Windows Servers, input "class=WINDOWS_SERVER AND offline." By default, the OS patch installation report for all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax. | id in (<DeviceID1>, <DeviceID2>) |
Patch Status | Optional | Filters OS patches based on patch status. By default, both failed and installed patches will be returned. | Failed |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Error Sample Data List Device OS Patch Installation Reports failed. Status Code: 401. Message: Access key does not have required scope. |
List Devices
Returns a list of devices with basic node information.
Input
Input Parameter | Required/Optional | Description | Example |
Device Filter | Optional | Filters returned devices. For example, to retrieve all offline Windows Servers, input "class=WINDOWS_SERVER AND offline." By default, all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax. | class=WINDOWS_SERVER AND offline |
Limit | Optional | The number of devices to be returned. By default, all devices will be returned. | 100 |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Error Sample Data List Devices failed. Status Code: 401. Message: Access key does not have required scope. |
List Device Scripting Options
Returns the scripting options (built-in actions or custom scripts) for the device.
READER NOTE
Device IDs is a required parameter to run this command.
Run the List Devices command to obtain Device IDs. Device IDs can be found in the raw data at the path $.results[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Device ID | Required | The ID of the device from which to retrieve scripting options. Device IDs can be obtained using the List Devices command. | ***** |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Device Scripting Options failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Access key does not have required scope. |
Error Sample Data List Device Scripting Options failed. Status Code: 401. Message: Access key does not have required scope. |
List Devices With Pending Failed Rejected OS Patches
Returns a list of OS patches for which there were no installation attempts.
Input
Input Parameter | Required/Optional | Description | Example |
Device Filter | Optional | Filters returned OS patches. For example, to retrieve all offline Windows Servers, input "class=WINDOWS_SERVER AND offline." By default, all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax. | class=WINDOWS_SERVER AND offline |
Patch Severity | Optional | Filters the returned OS patches by patch severity. By default, OS patches across all patch severity levels will be returned. | IMPORTANT |
Patch Status | Optional | Filters the returned OS patches by patch status. By default, OS patches across all patch statuses will be returned. | APPROVED |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Devices With Pending Failed Rejected OS Patches failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Access key does not have required scope. |
Error Sample Data List Devices With Pending Failed Rejected OS Patches failed. Status Code: 401. Message: Access key does not have required scope. |
List Devices With Pending Failed Rejected SW Patches
Returns a list of 3rd party software patches for which there were no installation attempts.
Input
Input Parameter | Required/Optional | Description | Example |
Device Filter | Optional | Filters the returned software patches. For example, to retrieve all offline Windows Servers, input "class=WINDOWS_SERVER AND offline." By default, all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax. | class=WINDOWS_SERVER AND offline |
Patch Impact | Optional | Filters the software patches by patch impact. By default, software patches across all patch impacts will be returned. | High |
Patch Status | Optional | Filters the software patches by patch status. By default, software patches across all patch statuses will be returned. | PENDING |
Software Identifier | Optional | Filters the software patches by software product identifier. By default, software patches with any software product identifier will be returned. | c899*****a4fa |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Devices With Pending Failed Rejected SW Patches failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Access key does not have required scope. |
Error Sample Data List Devices With Pending Failed Rejected SW Patches failed. Status Code: 401. Message: Access key does not have required scope. |
List Device Software Patch Installation Reports
Returns successful and failed 3rd party software patch installation history records.
Input
Input Parameter | Required/Optional | Description | Example |
Device Filter | Optional | Filters the returned software patches. For example, to retrieve all offline Windows Servers, input "class=WINDOWS_SERVER AND offline." By default, all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax. | id in (<DeviceID1>, <DeviceID2>) |
Patch Impact | Optional | Filters the software patches by patch impact. By default, software patches across all patch impacts will be returned. | High |
Patch Status | Optional | Filters the software patches by patch status. By default, software patches across all patch statuses will be returned. | FAILED |
Software Identifier | Optional | Filters the software patches based on the software product identifier. By default, software patches with any software product identifier will be returned. | c899*****a4fa |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Device Software Patch Installation Reports failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Access key does not have required scope. |
Error Sample Data List Device Software Patch Installation Reports failed. Status Code: 401. Message: Access key does not have required scope. |
List Device Windows Services
Returns a list of Windows services and their statuses for specified device(s). The maximum number of returned Windows services is 10000.
Input
Input Parameter | Required/Optional | Description | Example |
Device Filter | Optional | Filters the returned Windows services. For example, to retrieve all offline Windows Servers, input "class=WINDOWS_SERVER AND offline." By default, the Windows services of all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax. | id in (<DeviceID1>, <DeviceID2>) |
Service Name | Optional | Filters Windows services by service name. By default, Windows services with any service name will be returned. | String |
Service State | Optional | Filters Windows services by service state. By default, Windows services in any state will be returned. | Running |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Device Windows Services failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Access key does not have required scope. |
Error Sample Data List Device Windows Services failed. Status Code: 401. Message: Access key does not have required scope. |
Run Script Or Built-in Action
Runs a script or a built-in action on a specific device. This command only supports the Authorization_code grant type.
READER NOTE
Device ID is a required parameter to run this command.
Run the List Devices command to obtain Device ID. Device IDs can be found in the raw data at the path $.results[*].id.
Script ID and Built-in Action ID are optional parameters to run this command.
Run the List Device Scripting Options command to obtain Script ID. Script IDs can be found in the raw data at the path $.scripts[*].id.
Run the List Device Scripting Options command to obtain Built-in Action ID. Built-in Action IDs can be found in the raw data at the path $.scripts[*].uid.
Input
Input Parameter | Required/Optional | Description | Example |
Device ID | Required | The ID of the device for which to run a script or built-in action. Device IDs can be obtained using the List Devices command. | ***** |
Type | Required | The choice to run a Script or a Built-in Action. | Script |
Script ID | Optional | The ID of the script to run when the Type is Script. Script IDs can be obtained using the List Device Scripting Options command. | ***** |
Built-in Action ID | Optional | The ID of the built-in action to run when the Type is Built-in Action. Built-in Action IDs can be obtained using the List Device Scripting Options command. | 07cc*****e2b5 |
Parameters | Optional | The parameters of a Script or Built-in Action. | String |
Run As | Optional | The credential role or ID used to run the Script or Built-in Action. | String |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Run Script Or Built-in Action failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Access key does not have required scope. |
Error Sample Data Run Script Or Built-in Action failed. Status Code: 401. Message: Access key does not have required scope. |
Update Device Custom Field Values
Updates custom field values of the specified device(s). Ensure that the custom fields are assigned API Read/Write permissions. Please refer to Configuring Custom Fields | NinjaOne for details on setting up API: Read/Write permissions.
READER NOTE
Device IDs and Custom Field Object are required parameters to run this command.
Run the List Devices command to obtain Device IDs. Device IDs can be found in the raw data at the path $.results[*].id.
Run the List Device Custom Fields command to obtain the properties of the Custom Field Object.
D3 suggests running the List Devices command to obtain your desired Device IDs. Then, use those ID(s) to run the List Device Custom Fields command to obtain the corresponding Custom Field Object. The Custom Field Objects can be found in the raw data at the path $.Results[*].CustomFields.
Input
Input Parameter | Required/Optional | Description | Example |
Device IDs | Required | The ID(s) of the device(s) from which to retrieve custom field values. Device IDs can be obtained using the List Devices command. |
CODE
|
Custom Field Object | Required | The custom field object used to update custom field values. The Custom Field Object of the device can be obtained using the List Device Custom Fields command. |
CODE
|
Output
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Update Device Field Values failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Access key does not have required scope. |
Error Sample Data Update Device Field Values failed. Status Code: 401. Message: Access key does not have required scope. |
Test Connection
Performs a health check on an integration connection. A periodic health check can be scheduled by selecting Connection Health Check when editing an integration connection.
Input
N/A
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Test Connection failed. Failed to check the connector. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Access key does not have required scope. |
Error Sample Data Test Connection failed. Failed to check the connector. Status Code: 401. Message: Access key does not have required scope. |