Neon Cyber Developer API (1.0.3)

Download OpenAPI specification:

E-mail: support@neoncyber.com License: Neon Cyber Inc. Terms of Service

This is the Neon Cyber Developer API for registered users of the Neon Cyber Platform.

This API requires an API token. For help generating one reach out to our team at support@neoncyber.io.

Introduction

The Developer API was designed to allow developers to quickly access data from their Neon Cyber deployment including data about each user and browser (AKA Clients), browser events such as platform information and Neon detections like malware or threat intelligence that triggered on browsing behavior.

Clients vs Users

It is important to understand our terminology when working with the API. A Client is likely an employee in your organization that is associated to a Deployment group, has a policy set, and registers their browsers with the Neon Cyber platform. Clients always have a corporate email as a reference to their management. This is distinctly different than a User of the platform. A User in our context is a dashboard user, such as a member of your Security Operations team. A User can log into the frontend, manage deployments, policies, detections, etc. While a User is mostly likely also registered as a Client we make a distinction.

Users can:

Log into the dashboard at https://app.neoncyber.io
Create deployments
Create a developer key and use this API

Clients can:

Register their browser with the Neon Cyber Platform
Use the Neon Cyber Web Agent to generate events, detections, and receive Policies

Clients can't:

Log into the dashboard
Manage any configuration or settings
Call this API

Clients vs Registrations

Now that you have a better understand of what a Client is, let's cover Registrations. If a Client is an employee with an email address, a Registration is their one-or-many browsers protected by the platform. In most cases Clients will have one Registration which is equivalent to a single browser, perhaps on their work laptop. In other cases Clients may have additional browsers that can also register. A Registration is the association of these browsers connecting to the Neon Cyber platform, creating a record, and getting authentication and policy settings.

Clients have:

One record with an email address

Registrations can have:

Many records associated with the Client id
One record associated with the Client id

Deployments

We have covered Clients and Registrations, let's talk about Deployments. A Deployment is a group of Clients that you want to manage as a logical group. It's easy to think of these groups like you would in any IT directory. You may have a deployment group for Engineering, or HR. When your account is created it also creates an Organization wide Deployment group that is immutable and has a default policy. This allows you to then register and onboard clients without additional configuration. However, you may want to create more Deployment groups based on your needs, as mentioned above. A Deployment has Settings and a Policy associated with it that gives you fine grained control over how that group will be configured when Clients register.

Deployments have:

Settings that dictate what type of events you would like to collect
A Policy that dictates what type of detections and security settings to enforce

Clients have:

An assigned Deployment for associated settings
Only one Deployment, but Clients can be assigned to different Deployments as needed

Events, Detections, and Alerts

The Neon Cyber Platform has a multi-layered approach to investigating data throughout its lifecycle. We do this because we want our Users to have options when protecting their organization.

Events

At their post basic Events are raw telemetry collected straight from the Clients browser. This data is uninterpreted by Neon Cyber and gives you access to what we can can see. We consider this an unopinionated data set, where no processing has been applied. A good example of this is the Platform event. This event gives you the Client browsers platform data without the additional associations we make in the frontend.

Detections

Detections are processed Events that go through our first level of security analytics to enrich and detect security relevant context. A Detection is always worth investigating but may be considered low/medium/high severity by your Organization. A good example of a Detection is when a Client downloads a file while in Incognito mode. The severity is up to you, but we think its important and so our Detections are considered opinionated events. Detections can be configured and supressed or elevated to Alerts, which we will discuss next.

Detections also include a Detection Pattern-of-life accessible through the API. When investigating a detection you can use the detection ID to get a complete snapshot of the browsing activity that triggered the detection. By default the PoL includes 20 entries and will always include the first 5, showing how the tab was opened and initial browsing activity, as well as the last 5 up to and including the page that triggered the detection. We continuously trim the middle 10 based on storage and memory for long running tabs.

API Authorization

All requests to the API must include an additional "Authorization" header with you API key. This key can be generated from your Account page on the Neon Cyber dashboard. A detailed example of the requirement is included in each request using curl but is the same for any request method.

Future SDKs

As we continue to build we will create language specific SDKs to improve the Developer Experience. Our first SDK will be Python and we will update our users when it is available.

Apps

Apps are the SaaS apps in our catalog that are tied to user behaviors and includes a summary of the company, authentication, compliance, and more.

Get all apps in the catalog

Gets all app data from our SaaS catalog

query Parameters

limit	integer <int32> Example: limit=100 max records to return
start	integer <int32> Example: start=1 Start records at position
end	integer <int32> Example: end=10 End records at position
sort	string Example: sort=asc Sort results by updated time ascending (asc) or default descending (desc)
name	string Example: name=Adobe Name of the company to search for

Responses

Response Schema: application/json

error

object or null (NullObject)

Example: null

Array of objects (App)

Array

id required	string <uuid> Example: "b1ed4e9c-f1ac-4ed3-a6cd-657d67abf338" Unique id of the App
inserted_at required	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the creation in Date time
updated_at required	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last update in Date time
name	string Example: "Adobe" Company name
description	string Example: "Adobe is a software company that provides its users with digital marketing and media solutions." Company description
summary	string Example: "Adobe Creative Cloud offers a suite of applications and services for creative professionals, including tools for graphic design, video editing, web development, and photography." Company summary
products	string Example: "Adobe Creative Cloud, Adobe Photoshop, Adobe Express" Company products
categories	string Example: "Artificial Intelligence (AI),Consulting,Enterprise Software,Graphic Design,Image Recognition,Photo Editing" Company operating categories
business_model	string Example: "SaaS" Company business model
saas	boolean Example: "true" Does the company operate primarily as a SaaS company
locations	string Example: "San Jose,California,United States" Company office location
headquarters	string Example: "San Jose, California" Company headquarters location
employees	string Example: "10001+" Number of employees
short_name	string Example: "adobe-systems" Short unique name
website_url	string <url> Example: "https://www.adobe.com" Company homepage website URL
signin_url	string <url> Example: "https://accounts.adobe.com/" Product login URL
privacy_url	string <url> Example: "https://www.adobe.com/privacy/policy.html" Company privacy statement URL
trust_url	string <url> Example: "https://www.adobe.com/trust.html" Company data trust and compliance URL
signup_url	string <url> Example: "https://adobe.com/account/sign-up.html" Product new account sign-up URL
signup	boolean Example: "true" Does the company offer online sign-ups
sso	boolean Example: "true" Do the companies products support Single-sign-on
mfa	boolean Example: "true" Do the companies products support Multi-factor Authentication
google_auth	boolean Example: "true" Do the companies products allow users to authenticate with Google accounts
github_auth	boolean Example: "true" Do the companies products allow user to authenticated with GitHub accounts
google_auth_url	string <url> Example: "https://app.example.com/google/auth" Google authentication URL if applicable
github_auth_url	string <url> Example: "https://app.example.com/github/auth" GitHub authentication URL if applicable
privacy_summary	string Example: "Adobe takes data privacy seriously, emphasizing transparency and user control over personal data. Users can request to stop processing their information and are informed about their rights. Adobe collects personal information for service provision and uses cookies for tracking. They disclose data to third parties for processing, legal compliance, and marketing, while ensuring appropriate protections during international transfers." A summary of the privacy policy and how your data is protected
collection_summary	string Example: "Adobe collects a variety of personal information, including identifiers (name, email, address), commercial information (payment details), demographic data (age, occupation), and electronic activity (IP address, browser info). They also gather inferred information from third-party sources and user interactions with their services." A summary of the data collection policy
sharing_summary	string Example: "Adobe shares personal information with third parties, including affiliates, advertising partners, and service providers, for various purposes such as marketing, fraud prevention, and service provision. They may also disclose data for legal reasons and to comply with government requests. Users are informed about these practices and can opt out of certain data sharing." A summary of how your data is shared
shares_data	boolean Example: "true" Does the company share data with Third Parties
sells_data	boolean Example: "false" Does the company sell your data to Third Parties
open_source	boolean Example: "false" Does the company identify their products as open source
soc2_compliance	boolean Example: "true" Are the companies products and services SOC2 (type 2) compliant
hippa_compliance	boolean Example: "false" Are the companies products and services HIPPA compliant
pci_compliance	boolean Example: "false" Are the companies products and services PCI compliant
gdpr_compliance	boolean Example: "true" Are the companies products and services GDPR compliant
iso27001_cert	boolean Example: "false" Are the companies products and services ISO-27001 certified
iso27017_cert	boolean Example: "false" Are the companies products and services ISO-27017 certified
iso27018_cert	boolean Example: "false" Are the companies products and services ISO-27018 certified

Request samples

Curl

curl -X GET https://api.neoncyber.io/v1/apps \
      -H 'Authorization: <token>'

Response samples

Content type

application/json

{"error": null,
"data": [{"id": "b1ed4e9c-f1ac-4ed3-a6cd-657d67abf338",
"name": "Adobe",
"description": "Adobe is a software company that provides its users with digital marketing and media solutions.",
"summary": "Adobe Creative Cloud offers a suite of applications and services for creative professionals, including tools for graphic design, video editing, web development, and photography.",
"products": "Adobe Creative Cloud, Adobe Photoshop, Adobe Express",
"categories": "Artificial Intelligence (AI),Consulting,Enterprise Software,Graphic Design,Image Recognition,Photo Editing",
"business_model": "SaaS",
"saas": true,
"locations": "San Jose,California,United States",
"headquarters": "San Jose, California",
"employees": "10001+",
"short_name": "adobe-systems",
"website_url": "https://www.adobe.com",
"signin_url": "https://accounts.adobe.com/",
"privacy_url": "https://www.adobe.com/privacy/policy.html",
"trust_url": "https://www.adobe.com/trust.html",
"signup_url": "https://adobe.com/account/sign-up.html",
"signup": true,
"sso": true,
"mfa": true,
"google_auth": true,
"github_auth": true,
"google_auth_url": "https://app.example.com/google/auth",
"github_auth_url": "https://app.example.com/github/auth",
"privacy_summary": "Adobe takes data privacy seriously, emphasizing transparency and user control over personal data. Users can request to stop processing their information and are informed about their rights. Adobe collects personal information for service provision and uses cookies for tracking. They disclose data to third parties for processing, legal compliance, and marketing, while ensuring appropriate protections during international transfers.",
"collection_summary": "Adobe collects a variety of personal information, including identifiers (name, email, address), commercial information (payment details), demographic data (age, occupation), and electronic activity (IP address, browser info). They also gather inferred information from third-party sources and user interactions with their services.",
"sharing_summary": "Adobe shares personal information with third parties, including affiliates, advertising partners, and service providers, for various purposes such as marketing, fraud prevention, and service provision. They may also disclose data for legal reasons and to comply with government requests. Users are informed about these practices and can opt out of certain data sharing.",
"shares_data": true,
"sells_data": false,
"open_source": false,
"soc2_compliance": true,
"hippa_compliance": false,
"pci_compliance": false,
"gdpr_compliance": true,
"iso27001_cert": false,
"iso27017_cert": false,
"iso27018_cert": false,
"inserted_at": "2024-10-04T20:33:45.39199+00:00",
"updated_at": "2024-10-04T20:33:45.39199+00:00"
}
]
}

Get app by id

Gets an app using the id, useful when fetching from other requests.

path Parameters

appId

required

string <uuid>

Id of the app record

Responses

Response Schema: application/json

error

object or null (NullObject)

Example: null

object (App)

id required	string <uuid> Example: "b1ed4e9c-f1ac-4ed3-a6cd-657d67abf338" Unique id of the App
inserted_at required	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the creation in Date time
updated_at required	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last update in Date time
name	string Example: "Adobe" Company name
description	string Example: "Adobe is a software company that provides its users with digital marketing and media solutions." Company description
summary	string Example: "Adobe Creative Cloud offers a suite of applications and services for creative professionals, including tools for graphic design, video editing, web development, and photography." Company summary
products	string Example: "Adobe Creative Cloud, Adobe Photoshop, Adobe Express" Company products
categories	string Example: "Artificial Intelligence (AI),Consulting,Enterprise Software,Graphic Design,Image Recognition,Photo Editing" Company operating categories
business_model	string Example: "SaaS" Company business model
saas	boolean Example: "true" Does the company operate primarily as a SaaS company
locations	string Example: "San Jose,California,United States" Company office location
headquarters	string Example: "San Jose, California" Company headquarters location
employees	string Example: "10001+" Number of employees
short_name	string Example: "adobe-systems" Short unique name
website_url	string <url> Example: "https://www.adobe.com" Company homepage website URL
signin_url	string <url> Example: "https://accounts.adobe.com/" Product login URL
privacy_url	string <url> Example: "https://www.adobe.com/privacy/policy.html" Company privacy statement URL
trust_url	string <url> Example: "https://www.adobe.com/trust.html" Company data trust and compliance URL
signup_url	string <url> Example: "https://adobe.com/account/sign-up.html" Product new account sign-up URL
signup	boolean Example: "true" Does the company offer online sign-ups
sso	boolean Example: "true" Do the companies products support Single-sign-on
mfa	boolean Example: "true" Do the companies products support Multi-factor Authentication
google_auth	boolean Example: "true" Do the companies products allow users to authenticate with Google accounts
github_auth	boolean Example: "true" Do the companies products allow user to authenticated with GitHub accounts
google_auth_url	string <url> Example: "https://app.example.com/google/auth" Google authentication URL if applicable
github_auth_url	string <url> Example: "https://app.example.com/github/auth" GitHub authentication URL if applicable
privacy_summary	string Example: "Adobe takes data privacy seriously, emphasizing transparency and user control over personal data. Users can request to stop processing their information and are informed about their rights. Adobe collects personal information for service provision and uses cookies for tracking. They disclose data to third parties for processing, legal compliance, and marketing, while ensuring appropriate protections during international transfers." A summary of the privacy policy and how your data is protected
collection_summary	string Example: "Adobe collects a variety of personal information, including identifiers (name, email, address), commercial information (payment details), demographic data (age, occupation), and electronic activity (IP address, browser info). They also gather inferred information from third-party sources and user interactions with their services." A summary of the data collection policy
sharing_summary	string Example: "Adobe shares personal information with third parties, including affiliates, advertising partners, and service providers, for various purposes such as marketing, fraud prevention, and service provision. They may also disclose data for legal reasons and to comply with government requests. Users are informed about these practices and can opt out of certain data sharing." A summary of how your data is shared
shares_data	boolean Example: "true" Does the company share data with Third Parties
sells_data	boolean Example: "false" Does the company sell your data to Third Parties
open_source	boolean Example: "false" Does the company identify their products as open source
soc2_compliance	boolean Example: "true" Are the companies products and services SOC2 (type 2) compliant
hippa_compliance	boolean Example: "false" Are the companies products and services HIPPA compliant
pci_compliance	boolean Example: "false" Are the companies products and services PCI compliant
gdpr_compliance	boolean Example: "true" Are the companies products and services GDPR compliant
iso27001_cert	boolean Example: "false" Are the companies products and services ISO-27001 certified
iso27017_cert	boolean Example: "false" Are the companies products and services ISO-27017 certified
iso27018_cert	boolean Example: "false" Are the companies products and services ISO-27018 certified

Request samples

Curl

curl -X GET https://api.neoncyber.io/v1/apps/<appId> \
      -H 'Authorization: <token>'

Response samples

Content type

application/json

{"error": null,
"data": {"id": "b1ed4e9c-f1ac-4ed3-a6cd-657d67abf338",
"name": "Adobe",
"description": "Adobe is a software company that provides its users with digital marketing and media solutions.",
"summary": "Adobe Creative Cloud offers a suite of applications and services for creative professionals, including tools for graphic design, video editing, web development, and photography.",
"products": "Adobe Creative Cloud, Adobe Photoshop, Adobe Express",
"categories": "Artificial Intelligence (AI),Consulting,Enterprise Software,Graphic Design,Image Recognition,Photo Editing",
"business_model": "SaaS",
"saas": true,
"locations": "San Jose,California,United States",
"headquarters": "San Jose, California",
"employees": "10001+",
"short_name": "adobe-systems",
"website_url": "https://www.adobe.com",
"signin_url": "https://accounts.adobe.com/",
"privacy_url": "https://www.adobe.com/privacy/policy.html",
"trust_url": "https://www.adobe.com/trust.html",
"signup_url": "https://adobe.com/account/sign-up.html",
"signup": true,
"sso": true,
"mfa": true,
"google_auth": true,
"github_auth": true,
"google_auth_url": "https://app.example.com/google/auth",
"github_auth_url": "https://app.example.com/github/auth",
"privacy_summary": "Adobe takes data privacy seriously, emphasizing transparency and user control over personal data. Users can request to stop processing their information and are informed about their rights. Adobe collects personal information for service provision and uses cookies for tracking. They disclose data to third parties for processing, legal compliance, and marketing, while ensuring appropriate protections during international transfers.",
"collection_summary": "Adobe collects a variety of personal information, including identifiers (name, email, address), commercial information (payment details), demographic data (age, occupation), and electronic activity (IP address, browser info). They also gather inferred information from third-party sources and user interactions with their services.",
"sharing_summary": "Adobe shares personal information with third parties, including affiliates, advertising partners, and service providers, for various purposes such as marketing, fraud prevention, and service provision. They may also disclose data for legal reasons and to comply with government requests. Users are informed about these practices and can opt out of certain data sharing.",
"shares_data": true,
"sells_data": false,
"open_source": false,
"soc2_compliance": true,
"hippa_compliance": false,
"pci_compliance": false,
"gdpr_compliance": true,
"iso27001_cert": false,
"iso27017_cert": false,
"iso27018_cert": false,
"inserted_at": "2024-10-04T20:33:45.39199+00:00",
"updated_at": "2024-10-04T20:33:45.39199+00:00"
}
}

Clients

Clients (AKA Employees w/Email) associated with a Deployment group.

Get all clients

Gets all client records

query Parameters

limit	integer <int32> Example: limit=100 max records to return
start	integer <int32> Example: start=1 Start records at position
end	integer <int32> Example: end=10 End records at position
sort	string Example: sort=asc Sort results by updated time ascending (asc) or default descending (desc)
status	Array of any Items Enum: "deregistered" "pending" "registered" "unassigned" Specify array of specific client status values to include

Responses

Response Schema: application/json

error

object or null (NullObject)

Example: null

Array of objects (Client)

Array

id required	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of this client
deployment_id required	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the deployment associated with this client
inserted_at required	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the creation in Date time
updated_at required	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last update in Date time
registered_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the first registration in Date time
registered_updated_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last registration in Date time
deregistered_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the deregistration of this client in Date time
email	string <email> Example: "user@example.com" Employee email associated with the client
status	string Enum: "deregistered" "pending" "registered" "unassigned" Current status of this client as it pertains to registrations and deployment

Request samples

Curl

curl -X GET https://api.neoncyber.io/v1/clients \
      -H 'Authorization: <token>'

Response samples

Content type

application/json

{"error": null,
"data": [{"id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"deployment_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"inserted_at": "2024-10-04T20:33:45.39199+00:00",
"updated_at": "2024-10-04T20:33:45.39199+00:00",
"registered_at": "2024-10-04T20:33:45.39199+00:00",
"registered_updated_at": "2024-10-04T20:33:45.39199+00:00",
"deregistered_at": "2024-10-04T20:33:45.39199+00:00",
"email": "user@example.com",
"status": "deregistered"
}
]
}

Get client by id

Gets a client using the id, useful when fetching from other requests.

path Parameters

clientId

required

string <uuid>

Id of the client record

Responses

Response Schema: application/json

error

object or null (NullObject)

Example: null

object (Client)

id required	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of this client
deployment_id required	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the deployment associated with this client
inserted_at required	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the creation in Date time
updated_at required	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last update in Date time
registered_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the first registration in Date time
registered_updated_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last registration in Date time
deregistered_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the deregistration of this client in Date time
email	string <email> Example: "user@example.com" Employee email associated with the client
status	string Enum: "deregistered" "pending" "registered" "unassigned" Current status of this client as it pertains to registrations and deployment

Request samples

Curl

curl -X GET https://api.neoncyber.io/v1/clients/<clientId> \
      -H 'Authorization: <token>'

Response samples

Content type

application/json

{"error": null,
"data": {"id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"deployment_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"inserted_at": "2024-10-04T20:33:45.39199+00:00",
"updated_at": "2024-10-04T20:33:45.39199+00:00",
"registered_at": "2024-10-04T20:33:45.39199+00:00",
"registered_updated_at": "2024-10-04T20:33:45.39199+00:00",
"deregistered_at": "2024-10-04T20:33:45.39199+00:00",
"email": "user@example.com",
"status": "deregistered"
}
}

Deployments

Logical groups for managing Client onboarding, policies, and browsers.

Get all deployments

Gets all deployment records

query Parameters

limit	integer <int32> Example: limit=100 max records to return
start	integer <int32> Example: start=1 Start records at position
end	integer <int32> Example: end=10 End records at position
sort	string Example: sort=asc Sort results by updated time ascending (asc) or default descending (desc)
status	Array of any Items Enum: "disabled" "enabled" "pending" Specify array of specific deployment status values to include

Responses

Response Schema: application/json

error

object or null (NullObject)

Example: null

Array of objects (Deployment)

Array

id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of this deployment
user_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the platform user who created this deployment
inserted_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the creation
updated_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last update
registered_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the first registration
registered_updated_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last registration
deregistered_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the deregistration of this client
email	string <email> Example: "user@example.com" Employee email associated with the client
status	string Enum: "deregistered" "pending" "registered" "unassigned" Current status of this client as it pertains to registrations and deployment

Request samples

Curl

curl -X GET https://api.neoncyber.io/v1/deployments \
      -H 'Authorization: <token>'

Response samples

Content type

application/json

{"error": null,
"data": [{"id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"user_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"inserted_at": "2024-10-04T20:33:45.39199+00:00",
"updated_at": "2024-10-04T20:33:45.39199+00:00",
"registered_at": "2024-10-04T20:33:45.39199+00:00",
"registered_updated_at": "2024-10-04T20:33:45.39199+00:00",
"deregistered_at": "2024-10-04T20:33:45.39199+00:00",
"email": "user@example.com",
"status": "deregistered"
}
]
}

Get deployment by id

Gets a deployment using the id, useful when fetching from other requests.

path Parameters

deploymentId

required

string <uuid>

Id of the deployment record

Responses

Response Schema: application/json

error

object or null (NullObject)

Example: null

object (Deployment)

id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of this deployment
user_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the platform user who created this deployment
inserted_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the creation
updated_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last update
registered_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the first registration
registered_updated_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last registration
deregistered_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the deregistration of this client
email	string <email> Example: "user@example.com" Employee email associated with the client
status	string Enum: "deregistered" "pending" "registered" "unassigned" Current status of this client as it pertains to registrations and deployment

Request samples

Curl

curl -X GET https://api.neoncyber.io/v1/deployments/<deploymentId> \
      -H 'Authorization: <token>'

Response samples

Content type

application/json

{"error": null,
"data": {"id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"user_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"inserted_at": "2024-10-04T20:33:45.39199+00:00",
"updated_at": "2024-10-04T20:33:45.39199+00:00",
"registered_at": "2024-10-04T20:33:45.39199+00:00",
"registered_updated_at": "2024-10-04T20:33:45.39199+00:00",
"deregistered_at": "2024-10-04T20:33:45.39199+00:00",
"email": "user@example.com",
"status": "deregistered"
}
}

Detections

Security events that require attention. These detections are opinionated events that are either known security events or require investiation.

Note: For performance reasons the source data view is columnar and may include 'null' fields when a detection type filter is not applied. This does not mean that expected data for each detection type is missing.

Get all detections

Gets all detection records

query Parameters

limit	integer <int32> Example: limit=100 max records to return
start	integer <int32> Example: start=1 Start records at position
end	integer <int32> Example: end=10 End records at position
sort	string Example: sort=asc Sort results by updated time ascending (asc) or default descending (desc)
type	Array of any Items Enum: "download" "form" "intel" "malware" "phishing" Specify array of specific detection types to include

Responses

Response Schema: application/json

error

object or null (NullObject)

Example: null

Array of objects (Detection)

Array

id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of this detection
deployment_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the deployment associated with this detection
client_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the client associated with this detection
registration_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the registration associated with this detection
detection_type	string Enum: "download" "form" "intel" "malware" Type of detection record
detection_timestamp	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the detection
inserted_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the creation
updated_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last update
source	string Example: "Compromised Credential" The analytic source that detected the event
description	string Example: "Threat intelligence detected a url know to distribute malware" A description of the detection to aid in response
url	string <url> Example: "https://badurl.com" The url that the user visited and triggered the detection
filename	string Example: "c:\\Users\\user\\Downloads\\suspicious.exe" The local filename of a download detection
mime	string Example: "application/x-executable" The mime-type of a download detection
incognito	boolean Example: "true" If the user browser was in icognito mode when the detection occurred
referrer	string <url> Example: "https://sendingyoutobad.com" The referrer url leading to the detection url
danger	string Example: "suspicious" The flag assigned by chrome-based browsers when classifying downloads
total_bytes	number <int64> Example: "423154" The size of the downloaded file in bytes
action	string Example: "https://login.example.com/submit" The destination of a submit button when a form was detected
email	string <email> Example: "user@example.com" The email entered into a form when a form detection was triggered
password	boolean Example: "true" If the form submission included a password field
compromised	boolean Example: "true" If the form submission password has been compromised in a data breach
tab_id	integer <int32> Example: "2004943471" The browser tab ID that triggered the detection
pii	boolean Example: "false" If the form submission included PII such as SSN or birthdate

Request samples

Curl

curl -X GET https://api.neoncyber.io/v1/detections \
      -H 'Authorization: <token>'

Response samples

Content type

application/json

{"error": null,
"data": [{"id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"deployment_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"client_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"registration_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"detection_type": "download",
"detection_timestamp": "2024-10-04T20:33:45.39199+00:00",
"inserted_at": "2024-10-04T20:33:45.39199+00:00",
"updated_at": "2024-10-04T20:33:45.39199+00:00",
"source": "Compromised Credential",
"description": "Threat intelligence detected a url know to distribute malware",
"url": "https://badurl.com",
"filename": "c:\\Users\\user\\Downloads\\suspicious.exe",
"mime": "application/x-executable",
"incognito": true,
"referrer": "https://sendingyoutobad.com",
"danger": "suspicious",
"total_bytes": 423154,
"action": "https://login.example.com/submit",
"email": "user@example.com",
"password": true,
"compromised": true,
"tab_id": 2004943471,
"pii": false
}
]
}

Get detection by id

Gets a detection using the id, useful when fetching from other requests.

path Parameters

detectionId

required

string <uuid>

Id of the detection record

Responses

Response Schema: application/json

error

object or null (NullObject)

Example: null

object (Detection)

id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of this detection
deployment_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the deployment associated with this detection
client_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the client associated with this detection
registration_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the registration associated with this detection
detection_type	string Enum: "download" "form" "intel" "malware" Type of detection record
detection_timestamp	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the detection
inserted_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the creation
updated_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last update
source	string Example: "Compromised Credential" The analytic source that detected the event
description	string Example: "Threat intelligence detected a url know to distribute malware" A description of the detection to aid in response
url	string <url> Example: "https://badurl.com" The url that the user visited and triggered the detection
filename	string Example: "c:\\Users\\user\\Downloads\\suspicious.exe" The local filename of a download detection
mime	string Example: "application/x-executable" The mime-type of a download detection
incognito	boolean Example: "true" If the user browser was in icognito mode when the detection occurred
referrer	string <url> Example: "https://sendingyoutobad.com" The referrer url leading to the detection url
danger	string Example: "suspicious" The flag assigned by chrome-based browsers when classifying downloads
total_bytes	number <int64> Example: "423154" The size of the downloaded file in bytes
action	string Example: "https://login.example.com/submit" The destination of a submit button when a form was detected
email	string <email> Example: "user@example.com" The email entered into a form when a form detection was triggered
password	boolean Example: "true" If the form submission included a password field
compromised	boolean Example: "true" If the form submission password has been compromised in a data breach
tab_id	integer <int32> Example: "2004943471" The browser tab ID that triggered the detection
pii	boolean Example: "false" If the form submission included PII such as SSN or birthdate

Request samples

Curl

curl -X GET https://api.neoncyber.io/v1/detections/<detectionId> \
      -H 'Authorization: <token>'

Response samples

Content type

application/json

{"error": null,
"data": {"id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"deployment_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"client_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"registration_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"detection_type": "download",
"detection_timestamp": "2024-10-04T20:33:45.39199+00:00",
"inserted_at": "2024-10-04T20:33:45.39199+00:00",
"updated_at": "2024-10-04T20:33:45.39199+00:00",
"source": "Compromised Credential",
"description": "Threat intelligence detected a url know to distribute malware",
"url": "https://badurl.com",
"filename": "c:\\Users\\user\\Downloads\\suspicious.exe",
"mime": "application/x-executable",
"incognito": true,
"referrer": "https://sendingyoutobad.com",
"danger": "suspicious",
"total_bytes": 423154,
"action": "https://login.example.com/submit",
"email": "user@example.com",
"password": true,
"compromised": true,
"tab_id": 2004943471,
"pii": false
}
}

DetectionsPol

The Neon agent keeps track of browsing events locally in the browser that are sent when a Detection occurs. This Pattern-of-life gives users the ability to see what lead to the detection, including why the tab was opened, what websites the user navigated to, and the remote resources of the offending page.

Get all detections pattern-of-life

Gets all detection pattern-of-life events that happened when the detection occured

query Parameters

limit	integer <int32> Example: limit=100 max records to return
start	integer <int32> Example: start=1 Start records at position
end	integer <int32> Example: end=10 End records at position
sort	string Example: sort=asc Sort results by updated time ascending (asc) or default descending (desc)

Responses

Response Schema: application/json

error

object or null (NullObject)

Example: null

Array of objects (DetectionPol)

Array

id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of this detection pol
detection_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the detection associated with this pol
tab_id	integer <int32> Example: "2004943475" Unique id of the tab associated with the detection
tab_parent	integer <int32> Example: "2004943327" Unique id of the parent tab associated with the tab_id
tab_url	string <url> Example: "https://www.google.com/" The URL loaded at the time this pol entry was collected
tab_timestamp	string <date-time> Example: "2024-10-17 20:49:48.776+00" Timestamp when the tab was created
page_id	integer <int32> Example: "7510" The unique id of the webpage visited by this tab
page_idx	integer <int32> Example: "14" An index for the page that indicates the order of events happening in the tab
page_url	string <url> Example: "https://github.com/login" The URL of the page that was loaded in the tab
page_entry	string <date-time> Example: "2024-10-17 20:52:03.547+00" Timestamp when the page was first loaded in the active tab
page_exit	string <date-time> Example: "2024-10-17 20:62:03.547+00" Timestamp when the user navigated away from the page
page_title	string Example: "Sign in to GitHub · GitHub" The webpage title as shown in the browser tab
frame_id	integer <int32> Example: "1828" The unique id of iframes loaded into a page
frame_idx	integer <int32> Example: "2" An index for the iframe that indicates the order of iframes loaded in the page
frame_url	string <url> Example: "https://www.google.com/recaptcha/api2/aframe" The URL source of the loaded iframe
frame_timestamp	string <date-time> Example: "2024-10-17 21:62:03.547+00" Timestamp when the iframe was loaded
inserted_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the creation
updated_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last update

Request samples

Curl

curl -X GET https://api.neoncyber.io/v1/detections_pol \
      -H 'Authorization: <token>'

Response samples

Content type

application/json

{"error": null,
"data": [{"id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"detection_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"tab_id": 2004943475,
"tab_parent": 2004943327,
"tab_url": "https://www.google.com/",
"tab_timestamp": "2024-10-17 20:49:48.776+00",
"page_id": 7510,
"page_idx": 14,
"page_url": "https://github.com/login",
"page_entry": "2024-10-17 20:52:03.547+00",
"page_exit": "2024-10-17 20:62:03.547+00",
"page_title": "Sign in to GitHub · GitHub",
"frame_id": 1828,
"frame_idx": 2,
"frame_url": "https://www.google.com/recaptcha/api2/aframe",
"frame_timestamp": "2024-10-17 21:62:03.547+00",
"inserted_at": "2024-10-04T20:33:45.39199+00:00",
"updated_at": "2024-10-04T20:33:45.39199+00:00"
}
]
}

Get detection pattern-of-life by detection id

Gets a detection pol using the id of the source detection, useful when fetching from detections.

path Parameters

detectionId

required

string <uuid>

Id of the detection record

Responses

Response Schema: application/json

error

object or null (NullObject)

Example: null

Array of objects (DetectionPol)

Array

id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of this detection pol
detection_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the detection associated with this pol
tab_id	integer <int32> Example: "2004943475" Unique id of the tab associated with the detection
tab_parent	integer <int32> Example: "2004943327" Unique id of the parent tab associated with the tab_id
tab_url	string <url> Example: "https://www.google.com/" The URL loaded at the time this pol entry was collected
tab_timestamp	string <date-time> Example: "2024-10-17 20:49:48.776+00" Timestamp when the tab was created
page_id	integer <int32> Example: "7510" The unique id of the webpage visited by this tab
page_idx	integer <int32> Example: "14" An index for the page that indicates the order of events happening in the tab
page_url	string <url> Example: "https://github.com/login" The URL of the page that was loaded in the tab
page_entry	string <date-time> Example: "2024-10-17 20:52:03.547+00" Timestamp when the page was first loaded in the active tab
page_exit	string <date-time> Example: "2024-10-17 20:62:03.547+00" Timestamp when the user navigated away from the page
page_title	string Example: "Sign in to GitHub · GitHub" The webpage title as shown in the browser tab
frame_id	integer <int32> Example: "1828" The unique id of iframes loaded into a page
frame_idx	integer <int32> Example: "2" An index for the iframe that indicates the order of iframes loaded in the page
frame_url	string <url> Example: "https://www.google.com/recaptcha/api2/aframe" The URL source of the loaded iframe
frame_timestamp	string <date-time> Example: "2024-10-17 21:62:03.547+00" Timestamp when the iframe was loaded
inserted_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the creation
updated_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last update

Request samples

Curl

curl -X GET https://api.neoncyber.io/v1/detectionspol/<detectionId> \
      -H 'Authorization: <token>'

Response samples

Content type

application/json

{"error": null,
"data": [{"id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"detection_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"tab_id": 2004943475,
"tab_parent": 2004943327,
"tab_url": "https://www.google.com/",
"tab_timestamp": "2024-10-17 20:49:48.776+00",
"page_id": 7510,
"page_idx": 14,
"page_url": "https://github.com/login",
"page_entry": "2024-10-17 20:52:03.547+00",
"page_exit": "2024-10-17 20:62:03.547+00",
"page_title": "Sign in to GitHub · GitHub",
"frame_id": 1828,
"frame_idx": 2,
"frame_url": "https://www.google.com/recaptcha/api2/aframe",
"frame_timestamp": "2024-10-17 21:62:03.547+00",
"inserted_at": "2024-10-04T20:33:45.39199+00:00",
"updated_at": "2024-10-04T20:33:45.39199+00:00"
}
]
}

Events

Browser telemetry events and actions. These events are collected from the Neon Agent as un-opinionated data as it happens in the browser.

Note: For performance reasons the source data view is columnar and may include 'null' fields when an event type filter is not applied. This does not mean that expected data for each event type is missing.

Get all events

Gets all event records

query Parameters

limit	integer <int32> Example: limit=100 max records to return
start	integer <int32> Example: start=1 Start records at position
end	integer <int32> Example: end=10 End records at position
sort	string Example: sort=asc Sort results by updated time ascending (asc) or default descending (desc)
type	Array of any Items Enum: "app" "auth" "download" "extension" "geo" "navigation" "platform" "upload" Specify array of specific event types to include

Responses

Response Schema: application/json

error

object or null (NullObject)

Example: null

Array of objects (Event)

Array

id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of this event
deployment_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the deployment associated with this event
client_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the client associated with this event
registration_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the registration associated with this event
event_type	string Enum: "download" "geo" "navigation" "platform" Type of event record
event_timestamp	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the event
inserted_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the creation
updated_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last update
agent	string Example: "2.1.4" The Neon agent version
arch	string Example: "x86-64" The architecture of the clients platform
display	string Example: "Chrome" The readable display name of the clients browser
name	string Example: "chrome" The system display name of the clients browser
os	string Example: "win" The short operating system of the clients platform
ua	string Example: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/129.0.0.0" The full User-Agent string of the clients browser
version	string Example: "129.0.0.0" The semantic version of the clients browser
latitude	number <double> Example: "46.4805" The client-side latitude of the registered browser
longitude	number <double> Example: "-121.4363" The client-side longitude of the registered browser
ip	string <ipv4> Example: "20.30.40.50" The IPv4 address of the clients egress traffic
ip_latitude	number <double> Example: "46.4805" The network ip latitude of the registered browser egress ip
ip_longitude	number <double> Example: "-121.4363" The network ip longitude of the registered browser egress ip
asn	number <int32> Example: "7922" The Autonomous System Number of the egress network
asn_isp	string Example: "COMCAST-7922" The ISP associated with the ASN network
city	string Example: "Portland" The city of the egress GeoIP
country	string Example: "US" The country code of the egress GeoIP
postal_code	string Example: "97202" The postal code of the egress GeoIP
region_code	string Example: "OR" The region code of the egress GeoIP
region_name	string Example: "Oregon" The region name of the egress GeoIP
tab_id	number <int32> Example: "2000398" The unique tab id of the browser window
url	string <url> Example: "https://example.com" The url of the tab navigation or download
frame_id	number <int32> Example: "1293" The unique frame id of the tab in the browser window
download_id	number <int32> Example: "102937" The unique download id of the download action in the browser
filename	string Example: "c:\\Users\\user\\Downloads\\anything.json" The local filename of a file download
mime	string Example: "application/json" The mime-type of a file download
incognito	boolean Example: "true" If the user browser was in icognito mode when the event occurred
referrer	string <url> Example: "https://sendingyoutodownload.com" The referrer url leading to the download event
danger	string Example: "safe" The flag assigned by chrome-based browsers when classifying downloads
total_bytes	number <int64> Example: "423154" The size of the downloaded file in bytes

Request samples

Curl

curl -X GET https://api.neoncyber.io/v1/events \
      -H 'Authorization: <token>'

Response samples

Content type

application/json

{"error": null,
"data": [{"id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"deployment_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"client_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"registration_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"event_type": "download",
"event_timestamp": "2024-10-04T20:33:45.39199+00:00",
"inserted_at": "2024-10-04T20:33:45.39199+00:00",
"updated_at": "2024-10-04T20:33:45.39199+00:00",
"agent": "2.1.4",
"arch": "x86-64",
"display": "Chrome",
"name": "chrome",
"os": "win",
"ua": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/129.0.0.0",
"version": "129.0.0.0",
"latitude": 46.4805,
"longitude": -121.4363,
"ip": "20.30.40.50",
"ip_latitude": 46.4805,
"ip_longitude": -121.4363,
"asn": 7922,
"asn_isp": "COMCAST-7922",
"city": "Portland",
"country": "US",
"postal_code": 97202,
"region_code": "OR",
"region_name": "Oregon",
"tab_id": 2000398,
"url": "https://example.com",
"frame_id": 1293,
"download_id": 102937,
"filename": "c:\\Users\\user\\Downloads\\anything.json",
"mime": "application/json",
"incognito": true,
"referrer": "https://sendingyoutodownload.com",
"danger": "safe",
"total_bytes": 423154
}
]
}

Get event by id

Gets an event using the id, useful when fetching from other requests.

path Parameters

eventId

required

string <uuid>

Id of the event record

Responses

Response Schema: application/json

error

object or null (NullObject)

Example: null

object (Event)

id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of this event
deployment_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the deployment associated with this event
client_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the client associated with this event
registration_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the registration associated with this event
event_type	string Enum: "download" "geo" "navigation" "platform" Type of event record
event_timestamp	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the event
inserted_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the creation
updated_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last update
agent	string Example: "2.1.4" The Neon agent version
arch	string Example: "x86-64" The architecture of the clients platform
display	string Example: "Chrome" The readable display name of the clients browser
name	string Example: "chrome" The system display name of the clients browser
os	string Example: "win" The short operating system of the clients platform
ua	string Example: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/129.0.0.0" The full User-Agent string of the clients browser
version	string Example: "129.0.0.0" The semantic version of the clients browser
latitude	number <double> Example: "46.4805" The client-side latitude of the registered browser
longitude	number <double> Example: "-121.4363" The client-side longitude of the registered browser
ip	string <ipv4> Example: "20.30.40.50" The IPv4 address of the clients egress traffic
ip_latitude	number <double> Example: "46.4805" The network ip latitude of the registered browser egress ip
ip_longitude	number <double> Example: "-121.4363" The network ip longitude of the registered browser egress ip
asn	number <int32> Example: "7922" The Autonomous System Number of the egress network
asn_isp	string Example: "COMCAST-7922" The ISP associated with the ASN network
city	string Example: "Portland" The city of the egress GeoIP
country	string Example: "US" The country code of the egress GeoIP
postal_code	string Example: "97202" The postal code of the egress GeoIP
region_code	string Example: "OR" The region code of the egress GeoIP
region_name	string Example: "Oregon" The region name of the egress GeoIP
tab_id	number <int32> Example: "2000398" The unique tab id of the browser window
url	string <url> Example: "https://example.com" The url of the tab navigation or download
frame_id	number <int32> Example: "1293" The unique frame id of the tab in the browser window
download_id	number <int32> Example: "102937" The unique download id of the download action in the browser
filename	string Example: "c:\\Users\\user\\Downloads\\anything.json" The local filename of a file download
mime	string Example: "application/json" The mime-type of a file download
incognito	boolean Example: "true" If the user browser was in icognito mode when the event occurred
referrer	string <url> Example: "https://sendingyoutodownload.com" The referrer url leading to the download event
danger	string Example: "safe" The flag assigned by chrome-based browsers when classifying downloads
total_bytes	number <int64> Example: "423154" The size of the downloaded file in bytes

Request samples

Curl

curl -X GET https://api.neoncyber.io/v1/events/<eventId> \
      -H 'Authorization: <token>'

Response samples

Content type

application/json

{"error": null,
"data": {"id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"deployment_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"client_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"registration_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"event_type": "download",
"event_timestamp": "2024-10-04T20:33:45.39199+00:00",
"inserted_at": "2024-10-04T20:33:45.39199+00:00",
"updated_at": "2024-10-04T20:33:45.39199+00:00",
"agent": "2.1.4",
"arch": "x86-64",
"display": "Chrome",
"name": "chrome",
"os": "win",
"ua": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/129.0.0.0",
"version": "129.0.0.0",
"latitude": 46.4805,
"longitude": -121.4363,
"ip": "20.30.40.50",
"ip_latitude": 46.4805,
"ip_longitude": -121.4363,
"asn": 7922,
"asn_isp": "COMCAST-7922",
"city": "Portland",
"country": "US",
"postal_code": 97202,
"region_code": "OR",
"region_name": "Oregon",
"tab_id": 2000398,
"url": "https://example.com",
"frame_id": 1293,
"download_id": 102937,
"filename": "c:\\Users\\user\\Downloads\\anything.json",
"mime": "application/json",
"incognito": true,
"referrer": "https://sendingyoutodownload.com",
"danger": "safe",
"total_bytes": 423154
}
}

Policies

Policies allow you to manage which events or detections are collected and emitted.

Get all policies

Gets all policy records

query Parameters

limit	integer <int32> Example: limit=100 max records to return
start	integer <int32> Example: start=1 Start records at position
end	integer <int32> Example: end=10 End records at position
sort	string Example: sort=asc Sort results by updated time ascending (asc) or default descending (desc)

Responses

Response Schema: application/json

error

object or null (NullObject)

Example: null

Array of objects (Policy)

Array

id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of this policy
deployment_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the deployment associated with this policy
user_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the platform user that created this policy
inserted_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the creation
updated_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last update
description	string Example: "Developer restrictions on github usage" A description added by the creator to explain the policy
detections	object Additional flags for detection settings
events	object Additional flags for event collection settings

Request samples

Curl

curl -X GET https://api.neoncyber.io/v1/policies \
      -H 'Authorization: <token>'

Response samples

Content type

application/json

{"error": null,
"data": [{"id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"deployment_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"user_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"inserted_at": "2024-10-04T20:33:45.39199+00:00",
"updated_at": "2024-10-04T20:33:45.39199+00:00",
"description": "Developer restrictions on github usage",
"detections": { },
"events": { }
}
]
}

Get policy by id

Gets a policy using the id, useful when fetching from other requests.

path Parameters

policyId

required

string <uuid>

Id of the policy record

Responses

Response Schema: application/json

error

object or null (NullObject)

Example: null

object (Policy)

id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of this policy
deployment_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the deployment associated with this policy
user_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the platform user that created this policy
inserted_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the creation
updated_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last update
description	string Example: "Developer restrictions on github usage" A description added by the creator to explain the policy
detections	object Additional flags for detection settings
events	object Additional flags for event collection settings

Request samples

Curl

curl -X GET https://api.neoncyber.io/v1/policies/<policyId> \
      -H 'Authorization: <token>'

Response samples

Content type

application/json

{"error": null,
"data": {"id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"deployment_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"user_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"inserted_at": "2024-10-04T20:33:45.39199+00:00",
"updated_at": "2024-10-04T20:33:45.39199+00:00",
"description": "Developer restrictions on github usage",
"detections": { },
"events": { }
}
}

Get registration by id

Gets a registration using the id, useful when fetching from other requests.

path Parameters

registrationId

required

string <uuid>

Id of the registration record

Responses

Response Schema: application/json

error

object or null (NullObject)

Example: null

object (Registration)

id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of this registration
client_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the client associated with this registration
inserted_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the creation
updated_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last update
email	string Example: "user@example.com" The email used when a client registered
enabled	boolean Example: "true" A flag that determines if this registration is enabled and active

Request samples

Curl

curl -X GET https://api.neoncyber.io/v1/policies/<policyId> \
      -H 'Authorization: <token>'

Response samples

Content type

application/json

{"error": null,
"data": {"id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"client_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"inserted_at": "2024-10-04T20:33:45.39199+00:00",
"updated_at": "2024-10-04T20:33:45.39199+00:00",
"email": "user@example.com",
"enabled": true
}
}

Registrations

Browsers that have registered with the Neon Platform and associated to Clients. Clients can have one-to-many registrations associated with their Client (w/Email)

Get all registrations

Gets all registration records

query Parameters

limit	integer <int32> Example: limit=100 max records to return
start	integer <int32> Example: start=1 Start records at position
end	integer <int32> Example: end=10 End records at position
sort	string Example: sort=asc Sort results by updated time ascending (asc) or default descending (desc)
enabled	boolean Filter on enabled status

Responses

Response Schema: application/json

error

object or null (NullObject)

Example: null

Array of objects (Registration)

Array

id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of this registration
client_id	string <uuid> Example: "572ba294-4ccc-457c-b4ee-e3845467c254" Unique id of the client associated with this registration
inserted_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the creation
updated_at	string <date-time> Example: "2024-10-04T20:33:45.39199+00:00" Timestamp of the last update
email	string Example: "user@example.com" The email used when a client registered
enabled	boolean Example: "true" A flag that determines if this registration is enabled and active

Request samples

Curl

curl -X GET https://api.neoncyber.io/v1/registration \
      -H 'Authorization: <token>'

Response samples

Content type

application/json

{"error": null,
"data": [{"id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"client_id": "572ba294-4ccc-457c-b4ee-e3845467c254",
"inserted_at": "2024-10-04T20:33:45.39199+00:00",
"updated_at": "2024-10-04T20:33:45.39199+00:00",
"email": "user@example.com",
"enabled": true
}
]
}