Skip to main content
Skip table of contents

NinjaOne RMM

LAST UPDATED: 09/17/2024

Overview

NinjaOne RMM is a remote monitoring and management software. It provides the tools to monitor IT infrastructure from anywhere. NinjaRMM provides this capability from a single-pane-of-glass and allows organizations to create custom alerts based on system performance.

D3 SOAR is providing REST operations to function with NinjaOne RMM.

NinjaOne RMM is available for use in:

D3 SOAR

V16.8+

Category

Other

Deployment Options

Option II, Option IV

Connection

To connect to NinjaOne RMM from D3 SOAR, please follow this part to collect the required information below:

Parameter

Description

Example

Default

Server URL

The server URL for the API connection on the domain level is the same as your NinjaOne UI portal URL.

https://ca.ninjarmm.com

Grant Type

The OAuth2.0 grant type that D3 vSOC uses for authentication and acting on behalf of a user. If you select the Authorization_code option, make sure to also input both an Authorization Code and a Refresh Token (see Authorization Code Flow - Public API for details). If you select the Client_Credentials option, you do not need to provide those fields (see Client Credentials Flow for details).

Client_credentials

Grant Type = Client_credentials

API Version

The API version used for establishing the connection.

v2

Client ID

The client ID used for authenticating the API connection.

CLIENT_ID

Client Secret

The secret code used for authenticating the API connection.

******

Scope

A space-separated list of application scopes to access. Available options include "monitoring", "management", and "control." By default, the scope is monitoring. When modifying the scope of the connection, a new connection should be created instead of altering an existing connection.

monitoring management

Grant Type = Authorization_code

API Version

The API version used for establishing the connection.

v2

Client ID

The client ID used for authenticating the API connection.

*****

Client Secret

The client secret to authenticate the API connection.

*****

Scope

A space-separated list of application scopes to access. Available options include "monitoring", "management", and "control." By default, the scope is monitoring. When modifying the scope of the connection, a new connection should be created instead of altering an existing connection.

Monitoring Management

Authorization Code

The authorization code used specifically for the Authorization_code grant type. Click on the Get Authorization button on the New Connection form to automatically generate the authorization code.

0.AXgA*****QgAA

Callback URL

The Callback URL necessary for the Authorization_code grant type. Add this URL to your NinjaOne application's Redirect URIs. Please refer to Register Regular Web Applications | NinjaOne RMM for details.

https://v2019.d3securityonline.net/V127Cyber/VSOC/Auth2Callback.aspx

Refresh Token

The refresh token for the Authorization_code grant type. Click on the Get Refresh Token button on the New Connection form to automatically generate a refresh token.

851f*****xlRk=

Permission Requirements

Each endpoint in the NinjaOne RMM API requires a certain permission scope. The following are required scopes for the commands in this integration:

Command

Required Scopes

Control Device Windows Service

Management + Control

Create Agent

Management

Delete Devices

Management

Execute Command

The Execute Command can send requests to various endpoints, each with unique scope requirements. Refer to the reader note below to determine the appropriate scope(s).

Fetch Event

Monitoring

Get Device Health Reports

Monitoring

List Automation Scripts

Monitoring

List Device Custom Fields

Monitoring

Note: The custom fields being used must be assigned with the API: Read Only or Read/Write Permissions. Please refer to Configuring Custom Fields | NinjaOne for setup details.

List Device OS Patch Installation Reports

Monitoring

List Devices

Monitoring

List Device Scripting Options

Monitoring

List Devices With Pending Failed Rejected OS Patches

Monitoring

List Devices With Pending Failed Rejected SW Patches

Monitoring

List Device Software Patch Installation Reports

Monitoring

List Device Windows Services

Monitoring

Run Script Or Built-in Action

Management + Control

Update Device Custom Field Values

Management

Note: The custom fields being used must be assigned with the API: Read/Write Permissions. Please refer to Configuring Custom Fields | NinjaOne for setup details.

Test Connection

Monitoring

READER NOTE

Scope: A specific set of permissions required to execute specific commands. Scopes are associated with the credentials generated for accessing the NinjaOne RMM API.

  • Monitoring: grants read-only access to monitoring data and organization structure.

  • Management: allows modification of device and organization information; including creating new organizations, adding new devices, running scripts, etc.

  • Control: enables remote access via API.

Refer to https://app.ninjarmm.com/apidocs-beta/authorization/create-applications/machine-to-machine-apps for more information.

Configuring NinjaOne RMM to Work with D3 SOAR

  1. Login to NinjaOne RMM at https://app.ninjarmm.com/auth/#/login.

  2. Add a Client App.

    1. Navigate to the Administration menu item on the left sidebar.

    2. Click on the Apps accordion.

    3. Click on the API section.

    4. Click on the Client App IDs tab.

    5. Click on the Add button on the upper right hand side.

  3. Select the API Services (machine-to-machine) dropdown option.

  4. Fill in the Application Configuration form.

    1. Enter an application Name.

    2. Copy the Callback URL from D3 SOAR and paste it into the Redirect URIs field (refer to step 3h > Grant Type: Authorization_code > step 8 in the Configuring D3 SOAR to Work with NinjaOne RMM section to retrieve the Callback URL).

    3. Select your desired Scopes. Check the Permission Requirements section for the required scope for each command.

    4. Choose your Allowed Grant Types.
      Grant Type=Authorization_code: Select all 3 options (Authorization Code, Client Credentials and Refresh Token).
      Grant Type=Client_credentials: Select the Client Credentials option.

ALERT

As of July 11 2024, if you choose to establish a connection to NinjaOne RMM using the Authorization_code grant type, ensure that the Client Credentials checkbox is also selected. Not selecting the Client Credentials checkbox may result in the Client Secret not being generated.

  1. Click the Save button located at the top right corner. Afterward, you will be redirected to view the client secret credential.

  2. Copy and store your client secret. You will not be able to see it again.

  3. Find your API Client App back in the Administration > Apps > API > Client App IDs page, then copy and store your client ID.

Configuring D3 SOAR to Work with NinjaOne RMM

  1. Log in to D3 SOAR.

  2. Find the NinjaOne RMM integration.

    1. Navigate to Configuration on the top header menu.

    2. Click on the Integration icon on the left sidebar.

    3. Type NinjaOne RMM in the search box to find the integration, then click it to select it.

    4. Click + Connection, on the right side of the Connections section. A new connection window will appear.

  3. Configure the following fields to create a connection to NinjaOne RMM.

    1. Connection Name: The desired name for the connection.

    2. Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.

    3. Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.

    4. Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.

    5. Description (Optional): Add your desired description for the connection.

    6. Tenant (Optional): When configuring the connection from a master tenant site, you have the option to choose the specific tenant sites you want to share the connection with. Once you enable this setting, you can filter and select the desired tenant sites from the dropdowns to share the connection.

    7. Configure User Permissions: Defines which users have access to the connection.

    8. Active: Check the tick box to ensure the connection is available for use.

    9. System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.

      1. Grant Type: Client_Credentials

        1. Input the Server URL. The default value is https://app.ninjarmm.com.

        2. Choose the Grant Type. The default value is Client_credentials.

        3. Input the API Version. The default value is v2.

        4. Input the Client ID. Copy the Client ID from the NinjaOne RMM platform. Please refer to step 7 of Configuring NinjaOne RMM to Work with D3 SOAR.

        5. Input the Client Secret.Copy the Client Secret from the NinjaOne RMM platform. Please refer to step 6 of Configuring NinjaOne RMM to Work with D3 SOAR.

        6. (Optional) Input the Scope. The default value is monitoring.

      2. Grant Type: Authorization_code

        1. Input the Server URL. The default value is https://app.ninjarmm.com.

        2. Choose the Grant Type. Select the Authorization_code dropdown option.

        3. Input the API Version. The default value is v2.

        4. Input the Client ID. Copy the Client ID from the NinjaOne RMM platform. Please refer to step 7 of Configuring NinjaOne RMM to Work with D3 SOAR.

        5. Input the Client Secret. Copy the Client Secret from the NinjaOne RMM platform. Please refer to step 6 of Configuring NinjaOne RMM to Work with D3 SOAR.

        6. (Optional) Input the Scope. The default value is monitoring.

        7. Click on the Get Authorization button to be directed to another page. On the new page, click the Authorize button, copy the provided Authorization Code, and paste it in the D3 vSOC Authorization Code field.

        8. Copy this Callback URL and paste it into the Redirect URIs field on the NinjaOne RMM platform. Refer to step 4b of the Configuring NinjaOne RMM to Work with D3 SOAR section.

        9. Click on the Get Refresh Token button to generate the refresh token.

    10. Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active.
      To set up a connection health check, check the Connection Health Check tick box. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.

    11. Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.

  4. Test the connection.

    1. Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green check mark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.

    2. Click OK to close the alert window.

    3. Click + Add to create and add the configured connection.

Commands

NinjaOne RMM includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.

Integration API Note

For more information about the NinjaOne RMM API, please refer to the NinjaOne RMM API reference.

READER NOTE

Certain permissions are required for each command. Please refer to the Permission Requirements and Configuring NinjaOne RMM to Work with D3 SOAR for details.

Note for Time-related parameters

The input format of time-related parameters may vary based on your account settings. As a result, the sample data provided in our commands is different from what you see. To set your preferred time format, follow these steps:

  1. Navigate to Configuration > Application Settings. Select Date/Time Format.

  2. Choose your desired date and time format.

    After that, you will be able to view your preferred time format when configuring the DateTime input parameters for commands.

Control Device Windows Service

Starts/Stops/Restarts a Windows service for the specified device(s).

READER NOTE

Device IDs and Service Name are required parameters to run this command.

  • Run the List Devices command to obtain Device IDs. Device IDs can be found in the raw data at the path $.results[*].id.

  • Run the List Device Windows Services command to obtain Service Name. Service Names can be found in the raw data at the path $.results[*].name.

Input

Input Parameter

Required/Optional

Description

Example

Device IDs

Required

The ID(s) of the device(s) to control a Windows service. Device IDs can be obtained using the List Devices command.

CODE
[ ***** ]

Service Name

Required

The Windows service name to take a control action. Windows service names can be obtained using the List Device Windows Services command.

Netman

Action

Required

The action to take on the Windows service, with the options: Start | Pause | Stop | Restart.

Stop

Output

Return Data

Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.

The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "Results": [
        {
            "DeviceID": "{deviceID}",
            "ServiceName": "{serviceName}",
            "Action": "{action}",
            "Message": "{action} {serviceName} Successfully"
        }
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

CODE
No Sample Data

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Error Sample Data

Control Device Windows Service failed.

Status Code: 401.

Message: Access key does not have required scope.

Create Agent

Generates and returns the URL for the installer with the specified settings.

READER NOTE

Organization ID and Location IDs are required parameters to run this command.

  • Run the List Devices command to obtain the Organization ID. Organization IDs can be found in the raw data at the path $.results[*].organizationId.

  • Run the List Devices command to obtain Location IDs. Location IDs can be found in the raw data at the path $.results[*].locationId.

Input

Input Parameter

Required/Optional

Description

Example

Organization ID

Required

The ID of the organization from which to generate the installer. Organization IDs can be obtained using the List Devices command.

*****

Location IDs

Required

The ID(s) of the location(s) from which to generate the installer(s). Location IDs can be obtained using the List Devices command. If multiple locations are provided, each location will generate one installer with the Organization ID.

CODE
[ ***** ]

Installer Type

Required

The agent installer type with which to generate the installer, with the options: Windows .msi | Mac .dmg | Mac .pkg | Linux .deb | Linux .rpm.

Windows .msi

Content

Optional

The additional content used to generate the installer. By default, the value is {}.

CODE
{
  "additionalProp1": {}
}

Output

Return Data

Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.

The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "Results": [
        {
            "organizationID": "*****",
            "locationID": "*****",
            "url": "https://eu.armm.com/agent/installer/*****"
        }
    ]
}
Key Field

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
  "URLs": ["https://eu.armm.com/agent/installer/*****"]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

Results

{'organizationID': '*****', 'locationID': '*****', 'url': 'https://eu.armm.com/agent/installer/*****'}

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Create Agent failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Access key does not have required scope.

Error Sample Data

Create Agent failed.

Status Code: 401.

Message: Access key does not have required scope.

Delete Devices

Deletes specified device(s).

READER NOTE

Device IDs is a required parameter to run this command.

  • Run the List Devices command to obtain Device IDs. Device IDs can be found in the raw data at the path $.results[*].id.

Input

Input Parameter

Required/Optional

Description

Example

Device IDs

Required

The ID(s) of the device(s) to delete. Device IDs can be obtained using the List Devices command.

CODE
[ ***** ]

Output

Return Data

Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.

The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "results": [
        {
            "DeviceID": "<deviceID>",
            "Message": "Device is deleted"
        }
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

results

{'DeviceID': '<deviceID>', 'Message': 'Device is deleted'}

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Delete Devices failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Access key does not have required scope.

Error Sample Data

Delete Devices failed.

Status Code: 401.

Message: Access key does not have required scope.

Execute Command

Returns the according response based on the input parameters.

Input

Input Parameter

Required/Optional

Description

Example

Endpoint Of API

Required

The API endpoint of the command to be used. Please refer to NinjaOne Public API 2.0 for available API endpoints.

/devices/search

HTTP Request Method

Optional

The HTTP request method for the endpoint, with the options: GET | POST | PUT | PATCH | DELETE. By default, the value is GET.

GET

HTTP Query Parameters

Optional

The HTTP query parameters for the endpoint.

CODE
{
"q": "192.168.1.1",
"limit": 100
} 

HTTP Request Body

Optional

The HTTP request body for the endpoint. This parameter is required when the HTTP request method is POST, PATCH or PUT. By default, the value is {}.

CODE
{
"name": "string",
"description": "string",
"userData": {
"additionalProp1": {}
},
"nodeApprovalMode": "AUTOMATIC",
"tags": [
"string"
],
"fields": {
"additionalProp1": {},
"additionalProp2": {},
"additionalProp3": {}
},
"locations": [
{
"name": "string",
"address": "string",
"description": "string",
"userData": {
"additionalProp1": {}
},
"tags": [
"string"
],
"fields": {
"additionalProp1": {},
"additionalProp2": {},
"additionalProp3": {}
}
}
],
"policies": [
{
"nodeRoleId": *****,
"policyId": *****
}
]
} 

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "query": "string",
    "devices": [
        {
            "id": *****,
            "parentDeviceId": *****,
            "organizationId": *****,
            "locationId": *****,
            "nodeClass": "WINDOWS_SERVER",
            "nodeRoleId": *****,
            "rolePolicyId": *****,
            "policyId": *****,
            "approvalStatus": "PENDING",
            "offline": true,
            "displayName": "string",
            "systemName": "string",
            "dnsName": "string",
            "netbiosName": "string",
            "created": 0,
            "lastContact": 0,
            "lastUpdate": 0,
            "userData": {
                "additionalProp1": {}
            },
            "tags": [
                "string"
            ],
            "fields": {
                "additionalProp1": {},
                "additionalProp2": {},
                "additionalProp3": {}
            },
            "maintenance": {
                "status": "PENDING",
                "start": 0,
                "end": 0
            },
            "references": {
                "organization": {
                    "name": "string",
                    "description": "string",
                    "userData": {
                        "additionalProp1": {}
                    },
                    "nodeApprovalMode": "AUTOMATIC",
                    "tags": [
                        "string"
                    ],
                    "fields": {
                        "additionalProp1": {},
                        "additionalProp2": {},
                        "additionalProp3": {}
                    },
                    "id": *****
                },
                "location": {
                    "name": "string",
                    "address": "string",
                    "description": "string",
                    "userData": {
                        "additionalProp1": {}
                    },
                    "tags": [
                        "string"
                    ],
                    "fields": {
                        "additionalProp1": {},
                        "additionalProp2": {},
                        "additionalProp3": {}
                    },
                    "id": *****
                },
                "rolePolicy": {
                    "id": *****,
                    "parentPolicyId": *****,
                    "name": "string",
                    "description": "string",
                    "nodeClass": "WINDOWS_SERVER",
                    "updated": 0,
                    "nodeClassDefault": true,
                    "tags": [
                        "string"
                    ],
                    "fields": {
                        "additionalProp1": {},
                        "additionalProp2": {},
                        "additionalProp3": {}
                    }
                },
                "policy": {
                    "id": *****,
                    "parentPolicyId": *****,
                    "name": "string",
                    "description": "string",
                    "nodeClass": "WINDOWS_SERVER",
                    "updated": 0,
                    "nodeClassDefault": true,
                    "tags": [
                        "string"
                    ],
                    "fields": {
                        "additionalProp1": {},
                        "additionalProp2": {},
                        "additionalProp3": {}
                    }
                },
                "role": {
                    "id": *****,
                    "name": "string",
                    "description": "string",
                    "nodeClass": "WINDOWS_SERVER",
                    "custom": true,
                    "chassisType": "UNKNOWN",
                    "created": 0,
                    "tags": [
                        "string"
                    ],
                    "fields": {
                        "additionalProp1": {},
                        "additionalProp2": {},
                        "additionalProp3": {}
                    }
                },
                "backupUsage": {
                    "revisionsCurrentSize": 0,
                    "revisionsPreviousSize": 0,
                    "revisionsDeletedSize": 0,
                    "localFileFolderSize": 0,
                    "localImageSize": 0,
                    "cloudFileFolderSize": 0,
                    "cloudImageSize": 0,
                    "localTotalSize": 0,
                    "cloudTotalSize": 0,
                    "revisionsTotalSize": 0
                }
            },
            "score": 0,
            "matchAttr": "string",
            "matchAttrValue": "string"
        }
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

query

string

devices

{'id': *****, 'parentDeviceId': *****, 'organizationId': *****, 'locationId': *****, 'nodeClass': 'WINDOWS_SERVER', 'nodeRoleId': *****, 'rolePolicyId': *****, 'policyId': *****, 'approvalStatus': 'PENDING', 'offline': True, 'displayName': 'string', 'systemName': 'string', 'dnsName': 'string', 'netbiosName': 'string', 'created': 0, 'lastContact': 0, 'lastUpdate': 0, 'userData': {'additionalProp1': {}}, 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}, 'maintenance': {'status': 'PENDING', 'start': 0, 'end': 0}, 'references': {'organization': {'name': 'string', 'description': 'string', 'userData': {'additionalProp1': {}}, 'nodeApprovalMode': 'AUTOMATIC', 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}, 'id': *****}, 'location': {'name': 'string', 'address': 'string', 'description': 'string', 'userData': {'additionalProp1': {}}, 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}, 'id': *****}, 'rolePolicy': {'id': *****, 'parentPolicyId': *****, 'name': 'string', 'description': 'string', 'nodeClass': 'WINDOWS_SERVER', 'updated': 0, 'nodeClassDefault': True, 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}}, 'policy': {'id': *****, 'parentPolicyId': *****, 'name': 'string', 'description': 'string', 'nodeClass': 'WINDOWS_SERVER', 'updated': 0, 'nodeClassDefault': True, 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}}, 'role': {'id': *****, 'name': 'string', 'description': 'string', 'nodeClass': 'WINDOWS_SERVER', 'custom': True, 'chassisType': 'UNKNOWN', 'created': 0, 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}}, 'backupUsage': {'revisionsCurrentSize': 0, 'revisionsPreviousSize': 0, 'revisionsDeletedSize': 0, 'localFileFolderSize': 0, 'localImageSize': 0, 'cloudFileFolderSize': 0, 'cloudImageSize': 0, 'localTotalSize': 0, 'cloudTotalSize': 0, 'revisionsTotalSize': 0}}, 'score': 0, 'matchAttr': 'string', 'matchAttrValue': 'string'}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Error Sample Data

Execute Command failed.

Status Code: 401.

Message: Access key does not have required scope.

Fetch Event

Ingests active alerts into the D3 vSOC platform as events based on specified search criteria.

Input

Input Parameter

Required/Optional

Description

Example

Start Time

Optional

Active alert updates after this time (in UTC) will be ingested. By default, the Start Time is set to 30 days prior to the End Time.

2024-06-27 00:00

End Time

Optional

Active alert updates before this time (in UTC) will be ingested. By default, the End Time is set to the current time.

2024-07-13 00:00

Source Type

Optional

Filters alerts based on their origin.

AGENT_OFFLINE

Device Filter

Optional

Filters alerts by device. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax.

class=WINDOWS_SERVER AND offline

Output

Return Data

Indicates one of the possible command execution states: Successful, Successful but without events, or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "Results": [
        {
            "uid": "*****",
            "deviceId": *****,
            "message": "string",
            "createTime": 0,
            "updateTime": 0,
            "sourceType": "AGENT_OFFLINE",
            "sourceConfigUid": "*****",
            "sourceName": "string",
            "subject": "string",
            "userId": *****,
            "psaTicketId": {},
            "ticketTemplateId": *****,
            "data": {
                "additionalProp1": {}
            },
            "device": {
                "id": *****,
                "parentDeviceId": *****,
                "organizationId": *****,
                "locationId": *****,
                "nodeClass": "WINDOWS_SERVER",
                "nodeRoleId": *****,
                "rolePolicyId": *****,
                "policyId": *****,
                "approvalStatus": "PENDING",
                "offline": true,
                "displayName": "string",
                "systemName": "string",
                "dnsName": "string",
                "netbiosName": "string",
                "created": 0,
                "lastContact": 0,
                "lastUpdate": 0,
                "userData": {
                    "additionalProp1": {}
                },
                "tags": [
                    "string"
                ],
                "fields": {
                    "additionalProp1": {},
                    "additionalProp2": {},
                    "additionalProp3": {}
                },
                "maintenance": {
                    "status": "PENDING",
                    "start": 0,
                    "end": 0
                },
                "references": {
                    "organization": {
                        "name": "string",
                        "description": "string",
                        "userData": {
                            "additionalProp1": {}
                        },
                        "nodeApprovalMode": "AUTOMATIC",
                        "tags": [
                            "string"
                        ],
                        "fields": {
                            "additionalProp1": {},
                            "additionalProp2": {},
                            "additionalProp3": {}
                        },
                        "id": *****
                    },
                    "location": {
                        "name": "string",
                        "address": "string",
                        "description": "string",
                        "userData": {
                            "additionalProp1": {}
                        },
                        "tags": [
                            "string"
                        ],
                        "fields": {
                            "additionalProp1": {},
                            "additionalProp2": {},
                            "additionalProp3": {}
                        },
                        "id": *****
                    },
                    "rolePolicy": {
                        "id": *****,
                        "parentPolicyId": *****,
                        "name": "string",
                        "description": "string",
                        "nodeClass": "WINDOWS_SERVER",
                        "updated": 0,
                        "nodeClassDefault": true,
                        "tags": [
                            "string"
                        ],
                        "fields": {
                            "additionalProp1": {},
                            "additionalProp2": {},
                            "additionalProp3": {}
                        }
                    },
                    "policy": {
                        "id": *****,
                        "parentPolicyId": *****,
                        "name": "string",
                        "description": "string",
                        "nodeClass": "WINDOWS_SERVER",
                        "updated": 0,
                        "nodeClassDefault": true,
                        "tags": [
                            "string"
                        ],
                        "fields": {
                            "additionalProp1": {},
                            "additionalProp2": {},
                            "additionalProp3": {}
                        }
                    },
                    "role": {
                        "id": *****,
                        "name": "string",
                        "description": "string",
                        "nodeClass": "WINDOWS_SERVER",
                        "custom": true,
                        "chassisType": "UNKNOWN",
                        "created": 0,
                        "tags": [
                            "string"
                        ],
                        "fields": {
                            "additionalProp1": {},
                            "additionalProp2": {},
                            "additionalProp3": {}
                        }
                    },
                    "backupUsage": {
                        "revisionsCurrentSize": 0,
                        "revisionsPreviousSize": 0,
                        "revisionsDeletedSize": 0,
                        "localFileFolderSize": 0,
                        "localImageSize": 0,
                        "cloudFileFolderSize": 0,
                        "cloudImageSize": 0,
                        "revisionsTotalSize": 0,
                        "cloudTotalSize": 0,
                        "localTotalSize": 0
                    }
                }
            }
        }
    ]
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, and IP addresses will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "AlertUIDs": ["*****"]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

Results

{'uid': '*****', 'deviceId': *****, 'message': 'string', 'createTime': 0, 'updateTime': 0, 'sourceType': 'AGENT_OFFLINE', 'sourceConfigUid': '*****', 'sourceName': 'string', 'subject': 'string', 'userId': *****, 'psaTicketId': {}, 'ticketTemplateId': *****, 'data': {'additionalProp1': {}}, 'device': {'id': *****, 'parentDeviceId': *****, 'organizationId': *****, 'locationId': *****, 'nodeClass': 'WINDOWS_SERVER', 'nodeRoleId': *****, 'rolePolicyId': *****, 'policyId': *****, 'approvalStatus': 'PENDING', 'offline': True, 'displayName': 'string', 'systemName': 'string', 'dnsName': 'string', 'netbiosName': 'string', 'created': 0, 'lastContact': 0, 'lastUpdate': 0, 'userData': {'additionalProp1': {}}, 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}, 'maintenance': {'status': 'PENDING', 'start': 0, 'end': 0}, 'references': {'organization': {'name': 'string', 'description': 'string', 'userData': {'additionalProp1': {}}, 'nodeApprovalMode': 'AUTOMATIC', 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}, 'id': *****}, 'location': {'name': 'string', 'address': 'string', 'description': 'string', 'userData': {'additionalProp1': {}}, 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}, 'id': *****}, 'rolePolicy': {'id': *****, 'parentPolicyId': *****, 'name': 'string', 'description': 'string', 'nodeClass': 'WINDOWS_SERVER', 'updated': 0, 'nodeClassDefault': True, 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}}, 'policy': {'id': *****, 'parentPolicyId': *****, 'name': 'string', 'description': 'string', 'nodeClass': 'WINDOWS_SERVER', 'updated': 0, 'nodeClassDefault': True, 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}}, 'role': {'id': *****, 'name': 'string', 'description': 'string', 'nodeClass': 'WINDOWS_SERVER', 'custom': True, 'chassisType': 'UNKNOWN', 'created': 0, 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}}, 'backupUsage': {'revisionsCurrentSize': 0, 'revisionsPreviousSize': 0, 'revisionsDeletedSize': 0, 'localFileFolderSize': 0, 'localImageSize': 0, 'cloudFileFolderSize': 0, 'cloudImageSize': 0, 'revisionsTotalSize': 0, 'cloudTotalSize': 0, 'localTotalSize': 0}}}}

READER NOTE

The Unique Event Key field mapping is used to prevent duplicate event ingestions. D3 SOAR will check whether the value of a selected JSON path matches any Unique Event Key of previously ingested events. If a match is found, the event will be dismissed. If no match is found, an event will be created. However, if no Unique Event Key is mapped, the hash value from the event pending ingestion will be used to check for any matches with existing events. If no match is found, the event will be created.

Unlike most other D3 SOAR integrations, the NinjaOne RMM integration’s Fetch Event command’s Default Event Source mapping does not include a Unique Event Key to fetch the same active alerts with multiple updates.

Fetch Event Field Mapping

Fetch Event commands require event field mapping. Field mapping plays a key role for data normalization within the event pipeline. Field mapping converts the original data fields from the different providers to standardized D3 fields as defined by the D3 Model. Please refer to Event and Incident Intake Field Mapping for details.

To customize field mapping, click + Add Field and add the custom field of your choice. You can also remove built-in field mappings by clicking x. Please note that two underscore characters will automatically prefix the defined Field Name as the System Name for a custom field mapping. Additionally, if an input Field Name contains any spaces, they will automatically be replaced with underscores for the corresponding System Name.

As a system integration, the NinjaOne RMM integration has some pre-configured field mappings for default field mapping.

  • Default Event Source
    The Default Event Source is the default set of field mappings that are applied when this fetch event command is executed. For out-of-the-box integrations, you will find a set of field mapping provided by the system. Default event source provides field mappings for common fields from fetched active alerts. The default event source has a "Main Event JSON Path" (i.e. $.Results) that is used to extract a batch of events from the response raw data. Click Edit Event Source to view the "Main Event JSON Path".

    • Main Event JSON Path: $.Results
      The Main Event JSON Path determines the root path where the system starts parsing raw response data into D3 event data. The JSON path begins with $, representing the root element. The path is formed by appending a sequence of child elements to $, each separated by a dot (.). Square brackets with nested quotation marks ([‘...’]) should be used to separate child elements in JSON arrays.
      For example, the root node of a JSON Path is Results. The child node denoting the Device ID field would be deviceId. Putting it together, the JSON Path expression to extract the Device ID is $.Results.deviceId.

The pre-configured field mappings are detailed below:

Field Name

Source Field

Device Approval Status

.device.approvalStatus

Device Created Time

.device.created

Device ID

.deviceId

Device Is Offline

.device.offline

Device Last Contact Time

.device.lastContact

Device Last Update Time

.device.lastUpdate

Device Maintenance Status

.device.maintenance.status

Device Netbios Name

.device.netbiosName

Device Role Name

.device.references.role.name

Device Tags

.device.tags

Last Updated Time

.updateTime

Location Name

.device.references.location.name

Organization Name

.device.references.organization.name

Parent Device ID

.device.parentDeviceId

Policy Name

.device.references.policy.name

PSA Ticket ID

.psaTicketId

Role Policy Name

.device.references.rolePolicy.name

Title

.subject

User ID

.userId

DNS query name

.device.dnsName

Document ID

.uid

Device category

.device.nodeClass

Device

.device.displayName

Event Type

.sourceName

Hostname

.device.systemName

Start Time

.createTime

Description

.message

Alert Raw Log

.data

Source type

.sourceType

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Fetch Event failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Access key does not have required scope.

Error Sample Data

Fetch Event failed.

Status Code: 401.

Message: Access key does not have required scope.

Get Device Health Reports

Returns a list of device health summary records.

Input

Input Parameter

Required/Optional

Description

Example

Device Filter

Optional

Filters returned device health reports. For example, to retrieve all offline Windows Servers, input "class=WINDOWS_SERVER AND offline". By default, the health summary record for all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax.

class=WINDOWS_SERVER AND offline

Health Status

Optional

Filters device health summary records by device health status. By default, the health summary record of devices across all health statuses will be returned.

Unknown

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "cursor": {
        "name": "string",
        "offset": 0,
        "count": 0,
        "expires": 0
    },
    "results": [
        {
            "activeThreatsCount": 0,
            "quarantinedThreatsCount": 0,
            "blockedThreatsCount": 0,
            "failedOSPatchesCount": 0,
            "pendingOSPatchesCount": 0,
            "alertCount": 0,
            "activeJobCount": 0,
            "failedSoftwarePatchesCount": 0,
            "pendingSoftwarePatchesCount": 0,
            "pendingRebootReason": "string",
            "avInstallStatus": "REQUESTED",
            "productsInstallationStatuses": {
                "property1": "REQUESTED",
                "property2": "REQUESTED"
            },
            "offline": true,
            "parentDeviceId": *****,
            "parentOffline": true,
            "healthStatus": "UNKNOWN",
            "installationIssuesCount": 0,
            "deviceId": *****
        }
    ]
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
  "DeviceIDs": [*****],
  "HealthStatuses": ["UNKNOWN"],
  "Offline": [true]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

cursor

{'name': 'string', 'offset': 0, 'count': 0, 'expires': 0}

results

{'activeThreatsCount': 0, 'quarantinedThreatsCount': 0, 'blockedThreatsCount': 0, 'failedOSPatchesCount': 0, 'pendingOSPatchesCount': 0, 'alertCount': 0, 'activeJobCount': 0, 'failedSoftwarePatchesCount': 0, 'pendingSoftwarePatchesCount': 0, 'pendingRebootReason': 'string', 'avInstallStatus': 'REQUESTED', 'productsInstallationStatuses': {'property1': 'REQUESTED', 'property2': 'REQUESTED'}, 'offline': True, 'parentDeviceId': *****, 'parentOffline': True, 'healthStatus': 'UNKNOWN', 'installationIssuesCount': 0, 'deviceId': *****}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get Device Health Reports failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Access key does not have required scope.

Error Sample Data

Get Device Health Reports failed.

Status Code: 401.

Message: Access key does not have required scope.

List Automation Scripts

Returns a list of all available automation scripts.

Input

N/A

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "Results": [
        {
            "id": *****,
            "name": "string",
            "description": "string",
            "active": true,
            "language": "string",
            "architecture": [
                "string"
            ],
            "operatingSystems": [
                "string"
            ],
            "scriptParameters": [
                "string"
            ],
            "scriptVariables": [
                {
                    "id": "*****",
                    "name": "string",
                    "description": "string",
                    "type": "CHECKBOX",
                    "source": "LITERAL",
                    "defaultValue": "string",
                    "required": true,
                    "valueList": [
                        "string"
                    ]
                }
            ]
        }
    ]
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
  "ScriptIDs": [*****],
  "ScriptNames": ["string"],
  "Descriptions": ["string"],
  "Active": [true]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

Results

{'id': *****, 'name': 'string', 'description': 'string', 'active': True, 'language': 'string', 'architecture': ['string'], 'operatingSystems': ['string'], 'scriptParameters': ['string'], 'scriptVariables': [{'id': '*****', 'name': 'string', 'description': 'string', 'type': 'CHECKBOX', 'source': 'LITERAL', 'defaultValue': 'string', 'required': True, 'valueList': ['string']}]}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Automation Scripts failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Access key does not have required scope.

Error Sample Data

List Automation Scripts failed.

Status Code: 401.

Message: Access key does not have required scope.

List Device Custom Fields

Returns a list of custom field values for the specified device(s). Ensure that the custom fields are assigned API Read Only or Read/Write permissions. Please refer to Configuring Custom Fields | NinjaOne RMM for details on setting up API Read Only or Read/Write Permissions.

READER NOTE

Device IDs is a required parameter to run this command.

  • Run the List Devices command to obtain Device IDs. Device IDs can be found in the raw data at the path $.results[*].id.

Input

Input Parameter

Required/Optional

Description

Example

Device IDs

Required

The ID(s) of the device(s) from which to retrieve custom field values. Device IDs can be obtained using the List Devices command.

CODE
[ ***** ]

Output

Return Data

Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.

The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "Results": [
        {
            "DeviceID": *****,
            "CustomFields": {
                "property1": {},
                "property2": {}
            }
        }
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

Results

{'DeviceID': *****, 'CustomFields': {'property1': {}, 'property2': {}}}

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Device Custom Fields failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Access key does not have required scope.

Error Sample Data

List Device Custom Fields failed.

Status Code: 401.

Message: Access key does not have required scope.

List Device OS Patch Installation Reports

Returns successful and failed patch installation history records.

Input

Input Parameter

Required/Optional

Description

Example

Device Filter

Optional

Filters the returned OS patches. For example, to retrieve all offline Windows Servers, input "class=WINDOWS_SERVER AND offline." By default, the OS patch installation report for all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax.

id in (<DeviceID1>, <DeviceID2>)

Patch Status

Optional

Filters OS patches based on patch status. By default, both failed and installed patches will be returned.

Failed

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "cursor": {
        "name": "string",
        "offset": 0,
        "count": 0,
        "expires": 0
    },
    "results": [
        {
            "id": "*****",
            "name": "string",
            "severity": "string",
            "status": "string",
            "type": "string",
            "installedAt": *****,
            "deviceId": *****,
            "timestamp": 0,
            "kbNumber": "string"
        }
    ]
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
  "DeviceIDs": [*****],
  "PatchIDs": ["*****"],
  "PatchNames": ["string"],
  "PatchSeverities": ["string"],
  "PatchStatuses": ["string"]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

cursor

{'name': 'string', 'offset': 0, 'count': 0, 'expires': 0}

results

{'id': '*****', 'name': 'string', 'severity': 'string', 'status': 'string', 'type': 'string', 'installedAt': *****, 'deviceId': *****, 'timestamp': 0, 'kbNumber': 'string'}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Error Sample Data

List Device OS Patch Installation Reports failed.

Status Code: 401.

Message: Access key does not have required scope.

List Devices

Returns a list of devices with basic node information.

Input

Input Parameter

Required/Optional

Description

Example

Device Filter

Optional

Filters returned devices. For example, to retrieve all offline Windows Servers, input "class=WINDOWS_SERVER AND offline." By default, all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax.

class=WINDOWS_SERVER AND offline

Limit

Optional

The number of devices to be returned. By default, all devices will be returned.

100

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "Results": [
        {
            "id": *****,
            "parentDeviceId": *****,
            "organizationId": *****,
            "locationId": *****,
            "nodeClass": "WINDOWS_SERVER",
            "nodeRoleId": *****,
            "rolePolicyId": *****,
            "policyId": *****,
            "approvalStatus": "PENDING",
            "offline": true,
            "displayName": "string",
            "systemName": "laptop-*****",
            "dnsName": "string",
            "netbiosName": "string",
            "created": 0,
            "lastContact": 0,
            "lastUpdate": 0,
            "userData": {
                "additionalProp1": {}
            },
            "tags": [
                "string"
            ],
            "fields": {
                "additionalProp1": {},
                "additionalProp2": {},
                "additionalProp3": {}
            },
            "maintenance": {
                "status": "PENDING",
                "start": 0,
                "end": 0
            },
            "references": {
                "organization": {
                    "name": "string",
                    "description": "string",
                    "userData": {
                        "additionalProp1": {}
                    },
                    "nodeApprovalMode": "AUTOMATIC",
                    "tags": [
                        "string"
                    ],
                    "fields": {
                        "additionalProp1": {},
                        "additionalProp2": {},
                        "additionalProp3": {}
                    },
                    "id": *****
                },
                "location": {
                    "name": "string",
                    "address": "string",
                    "description": "string",
                    "userData": {
                        "additionalProp1": {}
                    },
                    "tags": [
                        "string"
                    ],
                    "fields": {
                        "additionalProp1": {},
                        "additionalProp2": {},
                        "additionalProp3": {}
                    },
                    "id": *****
                },
                "rolePolicy": {
                    "id": *****,
                    "parentPolicyId": *****,
                    "name": "string",
                    "description": "string",
                    "nodeClass": "WINDOWS_SERVER",
                    "updated": 0,
                    "nodeClassDefault": true,
                    "tags": [
                        "string"
                    ],
                    "fields": {
                        "additionalProp1": {},
                        "additionalProp2": {},
                        "additionalProp3": {}
                    }
                },
                "policy": {
                    "id": *****,
                    "parentPolicyId": *****,
                    "name": "string",
                    "description": "string",
                    "nodeClass": "WINDOWS_SERVER",
                    "updated": 0,
                    "nodeClassDefault": true,
                    "tags": [
                        "string"
                    ],
                    "fields": {
                        "additionalProp1": {},
                        "additionalProp2": {},
                        "additionalProp3": {}
                    }
                },
                "role": {
                    "id": *****,
                    "name": "string",
                    "description": "string",
                    "nodeClass": "WINDOWS_SERVER",
                    "custom": true,
                    "chassisType": "UNKNOWN",
                    "created": 0,
                    "tags": [
                        "string"
                    ],
                    "fields": {
                        "additionalProp1": {},
                        "additionalProp2": {},
                        "additionalProp3": {}
                    }
                },
                "backupUsage": {
                    "revisionsCurrentSize": 0,
                    "revisionsPreviousSize": 0,
                    "revisionsDeletedSize": 0,
                    "localFileFolderSize": 0,
                    "localImageSize": 0,
                    "cloudFileFolderSize": 0,
                    "cloudImageSize": 0,
                    "localTotalSize": 0,
                    "cloudTotalSize": 0,
                    "revisionsTotalSize": 0
                }
            }
        }
    ]
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
  "DeviceIDs": [*****],
  "DeviceSystemNames": ["laptop-*****"]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

results

{'id': *****, 'parentDeviceId': *****, 'organizationId': *****, 'locationId': *****, 'nodeClass': 'WINDOWS_SERVER', 'nodeRoleId': *****, 'rolePolicyId': *****, 'policyId': *****, 'approvalStatus': 'PENDING', 'offline': True, 'displayName': 'string', 'systemName': 'laptop-*****', 'dnsName': 'string', 'netbiosName': 'string', 'created': 0, 'lastContact': 0, 'lastUpdate': 0, 'userData': {'additionalProp1': {}}, 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}, 'maintenance': {'status': 'PENDING', 'start': 0, 'end': 0}, 'references': {'organization': {'name': 'string', 'description': 'string', 'userData': {'additionalProp1': {}}, 'nodeApprovalMode': 'AUTOMATIC', 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}, 'id': *****}, 'location': {'name': 'string', 'address': 'string', 'description': 'string', 'userData': {'additionalProp1': {}}, 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}, 'id': *****}, 'rolePolicy': {'id': *****, 'parentPolicyId': *****, 'name': 'string', 'description': 'string', 'nodeClass': 'WINDOWS_SERVER', 'updated': 0, 'nodeClassDefault': True, 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}}, 'policy': {'id': *****, 'parentPolicyId': *****, 'name': 'string', 'description': 'string', 'nodeClass': 'WINDOWS_SERVER', 'updated': 0, 'nodeClassDefault': True, 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}}, 'role': {'id': *****, 'name': 'string', 'description': 'string', 'nodeClass': 'WINDOWS_SERVER', 'custom': True, 'chassisType': 'UNKNOWN', 'created': 0, 'tags': ['string'], 'fields': {'additionalProp1': {}, 'additionalProp2': {}, 'additionalProp3': {}}}, 'backupUsage': {'revisionsCurrentSize': 0, 'revisionsPreviousSize': 0, 'revisionsDeletedSize': 0, 'localFileFolderSize': 0, 'localImageSize': 0, 'cloudFileFolderSize': 0, 'cloudImageSize': 0, 'localTotalSize': 0, 'cloudTotalSize': 0, 'revisionsTotalSize': 0}}}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Error Sample Data

List Devices failed.

Status Code: 401.

Message: Access key does not have required scope.

List Device Scripting Options

Returns the scripting options (built-in actions or custom scripts) for the device.

READER NOTE

Device IDs is a required parameter to run this command.

  • Run the List Devices command to obtain Device IDs. Device IDs can be found in the raw data at the path $.results[*].id.

Input

Input Parameter

Required/Optional

Description

Example

Device ID

Required

The ID of the device from which to retrieve scripting options. Device IDs can be obtained using the List Devices command.

*****

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "categories": [
        {
            "id": *****,
            "name": "string",
            "internal": true
        }
    ],
    "scripts": [
        {
            "type": "ACTION",
            "id": *****,
            "uid": "*****",
            "name": "string",
            "language": "string",
            "description": "string",
            "architecture": [
                "string"
            ],
            "categoryId": *****
        }
    ],
    "credentials": {
        "roles": [
            "string"
        ],
        "credentials": [
            {
                "id": *****,
                "name": "string",
                "type": "*****"
            }
        ]
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
  "Types": ["ACTION"],
  "ScriptIDs": ["*****"],
  "BuildInActionIDs": ["*****"],
  "Names": ["string"]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

categories

{'id': *****, 'name': 'string', 'internal': True}

scripts

{'type': 'ACTION', 'id': *****, 'uid': '*****', 'name': 'string', 'language': 'string', 'description': 'string', 'architecture': ['string'], 'categoryId': *****}

credentials

{'roles': ['string'], 'credentials': [{'id': *****, 'name': 'string', 'type': '*****'}]}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Device Scripting Options failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Access key does not have required scope.

Error Sample Data

List Device Scripting Options failed.

Status Code: 401.

Message: Access key does not have required scope.

List Devices With Pending Failed Rejected OS Patches

Returns a list of OS patches for which there were no installation attempts.

Input

Input Parameter

Required/Optional

Description

Example

Device Filter

Optional

Filters returned OS patches. For example, to retrieve all offline Windows Servers, input "class=WINDOWS_SERVER AND offline." By default, all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax.

class=WINDOWS_SERVER AND offline

Patch Severity

Optional

Filters the returned OS patches by patch severity. By default, OS patches across all patch severity levels will be returned.

IMPORTANT

Patch Status

Optional

Filters the returned OS patches by patch status. By default, OS patches across all patch statuses will be returned.

APPROVED

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "cursor": {
        "name": "string",
        "offset": 0,
        "count": 0,
        "expires": 0
    },
    "results": [
        {
            "id": "*****",
            "name": "string",
            "severity": "string",
            "status": "string",
            "type": "string",
            "installedAt": *****,
            "deviceId": *****,
            "timestamp": 0,
            "kbNumber": "string"
        }
    ]
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
  "DeviceIDs": [*****],
  "PatchIDs": ["*****"],
  "PatchNames": ["string"],
  "PatchSeverities": ["string"],
  "PatchStatuses": ["string"]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

cursor

{'name': 'string', 'offset': 0, 'count': 0, 'expires': 0}

results

{'id': '*****', 'name': 'string', 'severity': 'string', 'status': 'string', 'type': 'string', 'installedAt': *****, 'deviceId': *****, 'timestamp': 0, 'kbNumber': 'string'}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Devices With Pending Failed Rejected OS Patches failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Access key does not have required scope.

Error Sample Data

List Devices With Pending Failed Rejected OS Patches failed.

Status Code: 401.

Message: Access key does not have required scope.

List Devices With Pending Failed Rejected SW Patches

Returns a list of 3rd party software patches for which there were no installation attempts.

Input

Input Parameter

Required/Optional

Description

Example

Device Filter

Optional

Filters the returned software patches. For example, to retrieve all offline Windows Servers, input "class=WINDOWS_SERVER AND offline." By default, all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax.

class=WINDOWS_SERVER AND offline

Patch Impact

Optional

Filters the software patches by patch impact. By default, software patches across all patch impacts will be returned.

High

Patch Status

Optional

Filters the software patches by patch status. By default, software patches across all patch statuses will be returned.

PENDING

Software Identifier

Optional

Filters the software patches by software product identifier. By default, software patches with any software product identifier will be returned.

c899*****a4fa

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "cursor": {
        "name": "string",
        "offset": 0,
        "count": 0,
        "expires": 0
    },
    "results": [
        {
            "id": "*****",
            "productIdentifier": "c899*****a4fa",
            "title": "string",
            "impact": "string",
            "status": "string",
            "type": "string",
            "installedAt": 0,
            "deviceId": *****,
            "timestamp": 0
        }
    ]
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
  "DeviceIDs": [*****],
  "PatchIDs": ["*****"],
  "PatchNames": ["string"],
  "PatchImpacts": ["string"],
  "PatchStatuses": ["string"],
  "ProductIdentifiers": ["c899*****a4fa"]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

cursor

{'name': 'string', 'offset': 0, 'count': 0, 'expires': 0}

results

{'id': '*****', 'productIdentifier': 'c899*****a4fa ', 'title': 'string', 'impact': 'string', 'status': 'string', 'type': 'string', 'installedAt': 0, 'deviceId': *****, 'timestamp': 0}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Devices With Pending Failed Rejected SW Patches failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Access key does not have required scope.

Error Sample Data

List Devices With Pending Failed Rejected SW Patches failed.

Status Code: 401.

Message: Access key does not have required scope.

List Device Software Patch Installation Reports

Returns successful and failed 3rd party software patch installation history records.

Input

Input Parameter

Required/Optional

Description

Example

Device Filter

Optional

Filters the returned software patches. For example, to retrieve all offline Windows Servers, input "class=WINDOWS_SERVER AND offline." By default, all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax.

id in (<DeviceID1>, <DeviceID2>)

Patch Impact

Optional

Filters the software patches by patch impact. By default, software patches across all patch impacts will be returned.

High

Patch Status

Optional

Filters the software patches by patch status. By default, software patches across all patch statuses will be returned.

FAILED

Software Identifier

Optional

Filters the software patches based on the software product identifier. By default, software patches with any software product identifier will be returned.

c899*****a4fa

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "cursor": {
        "name": "string",
        "offset": 0,
        "count": 0,
        "expires": 0
    },
    "results": [
        {
            "id": "*****",
            "productIdentifier": "c899*****a4fa",
            "title": "string",
            "impact": "string",
            "status": "string",
            "type": "string",
            "installedAt": *****,
            "deviceId": *****,
            "timestamp": 0
        }
    ]
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
  "DeviceIDs": [*****],
  "PatchIDs": ["*****"],
  "PatchNames": ["string"],
  "PatchImpacts": ["string"],
  "PatchStatuses": ["string"],
  "ProductIdentifiers": ["c899*****a4fa"]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

cursor

{'name': 'string', 'offset': 0, 'count': 0, 'expires': 0}

results

{'id': '*****', 'productIdentifier': 'c899*****a4fa ', 'title': 'string', 'impact': 'string', 'status': 'string', 'type': 'string', 'installedAt': *****, 'deviceId': *****, 'timestamp': 0}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Device Software Patch Installation Reports failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Access key does not have required scope.

Error Sample Data

List Device Software Patch Installation Reports failed.

Status Code: 401.

Message: Access key does not have required scope.

List Device Windows Services

Returns a list of Windows services and their statuses for specified device(s). The maximum number of returned Windows services is 10000.

Input

Input Parameter

Required/Optional

Description

Example

Device Filter

Optional

Filters the returned Windows services. For example, to retrieve all offline Windows Servers, input "class=WINDOWS_SERVER AND offline." By default, the Windows services of all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax.

id in (<DeviceID1>, <DeviceID2>)

Service Name

Optional

Filters Windows services by service name. By default, Windows services with any service name will be returned.

String

Service State

Optional

Filters Windows services by service state. By default, Windows services in any state will be returned.

Running

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "cursor": {
        "name": "string",
        "offset": 0,
        "count": 0,
        "expires": 0
    },
    "results": [
        {
            "name": "string",
            "displayName": "*****",
            "description": "string",
            "startType": "AUTO_START",
            "userName": "*****",
            "state": "RUNNING",
            "deviceId": *****,
            "timestamp": 0
        }
    ]
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
  "DeviceIDs": [*****],
  "ServiceNames": ["String"],
  "ServiceDisplayNames": ["string"],
  "ServiceStates": ["RUNNING"],
  "StartTypes": ["AUTO_START"],
  "ServiceDescriptions": ["String"]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

cursor

{'name': 'string', 'offset': 0, 'count': 0, 'expires': 0}

results

{'name': 'string', 'displayName': '*****', 'description': 'string', 'startType': 'AUTO_START', 'userName': '*****', 'state': 'RUNNING', 'deviceId': *****, 'timestamp': 0}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Device Windows Services failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Access key does not have required scope.

Error Sample Data

List Device Windows Services failed.

Status Code: 401.

Message: Access key does not have required scope.

Run Script Or Built-in Action

Runs a script or a built-in action on a specific device. This command only supports the Authorization_code grant type.

READER NOTE

Device ID is a required parameter to run this command.

  • Run the List Devices command to obtain Device ID. Device IDs can be found in the raw data at the path $.results[*].id.

Script ID and Built-in Action ID are optional parameters to run this command.

  • Run the List Device Scripting Options command to obtain Script ID. Script IDs can be found in the raw data at the path $.scripts[*].id.

  • Run the List Device Scripting Options command to obtain Built-in Action ID. Built-in Action IDs can be found in the raw data at the path $.scripts[*].uid.

Input

Input Parameter

Required/Optional

Description

Example

Device ID

Required

The ID of the device for which to run a script or built-in action. Device IDs can be obtained using the List Devices command.

*****

Type

Required

The choice to run a Script or a Built-in Action.

Script

Script ID

Optional

The ID of the script to run when the Type is Script. Script IDs can be obtained using the List Device Scripting Options command.

*****

Built-in Action ID

Optional

The ID of the built-in action to run when the Type is Built-in Action. Built-in Action IDs can be obtained using the List Device Scripting Options command.

07cc*****e2b5

Parameters

Optional

The parameters of a Script or Built-in Action.

String

Run As

Optional

The credential role or ID used to run the Script or Built-in Action.

String

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "Result": {
        "DeviceID": "<deviceID>",
        "Type": "ACTION",
        "id": *****,
        "uid": "*****",
        "parameters": "string",
        "runAs": "string"
    }
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

Result

{'DeviceID': '<deviceID>', 'Type': 'ACTION', 'id': *****, 'uid': '*****', 'parameters': 'string', 'runAs': 'string'}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Run Script Or Built-in Action failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Access key does not have required scope.

Error Sample Data

Run Script Or Built-in Action failed.

Status Code: 401.

Message: Access key does not have required scope.

Update Device Custom Field Values

Updates custom field values of the specified device(s). Ensure that the custom fields are assigned API Read/Write permissions. Please refer to Configuring Custom Fields | NinjaOne for details on setting up API: Read/Write permissions.

READER NOTE

Device IDs and Custom Field Object are required parameters to run this command.

  • Run the List Devices command to obtain Device IDs. Device IDs can be found in the raw data at the path $.results[*].id.

  • Run the List Device Custom Fields command to obtain the properties of the Custom Field Object.

    • D3 suggests running the List Devices command to obtain your desired Device IDs. Then, use those ID(s) to run the List Device Custom Fields command to obtain the corresponding Custom Field Object. The Custom Field Objects can be found in the raw data at the path $.Results[*].CustomFields.

Input

Input Parameter

Required/Optional

Description

Example

Device IDs

Required

The ID(s) of the device(s) from which to retrieve custom field values. Device IDs can be obtained using the List Devices command.

CODE
[ ***** ] 

Custom Field Object

Required

The custom field object used to update custom field values. The Custom Field Object of the device can be obtained using the List Device Custom Fields command.

CODE
{
"property1": {},
"property2": {}
} 

Output

Return Data

Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.

The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "Results": [
        {
            "DeviceID": *****,
            "CustomFields": {
                "property1": {},
                "property2": {}
            }
        }
    ]
}
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

Results

{'DeviceID': *****, 'CustomFields': {'property1': {}, 'property2': {}}}

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Update Device Field Values failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Access key does not have required scope.

Error Sample Data

Update Device Field Values failed.

Status Code: 401.

Message: Access key does not have required scope.

Test Connection

Performs a health check on an integration connection. A periodic health check can be scheduled by selecting Connection Health Check when editing an integration connection.

Input

N/A

Output

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

SAMPLE DATA

CODE
Successful

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Test Connection failed. Failed to check the connector.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Access key does not have required scope.

Error Sample Data

Test Connection failed. Failed to check the connector.

Status Code: 401.

Message: Access key does not have required scope.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.