Login
    содержание x
    NinjaOne RMM Client Facing Document - compressed
    • 13 Feb 2025
    • 47 Минуты для чтения
    • Авторы
    • Распечатать
    • Тьма
      Свет
    • формат pdf
    содержание

    NinjaOne RMM Client Facing Document - compressed

    • Обновление 13 Feb 2025
    • 47 Минуты для чтения
    • Авторы
    • Распечатать
    • Тьма
      Свет
    • формат pdf
    The content is currently unavailable in Русский. You are viewing the default English version.
    Вводный текст

    NinjaOne RMM Integration Guide

    (LAST UPDATED: 07/15/2024)

    Overview

    NinjaOne RMM is a remote monitoring and management software. It provides the tools to monitor IT infrastructure from anywhere. NinjaRMM provides this capability from a single-pane-of-glass and allows organizations to create custom alerts based on system performance.

    D3 SOAR is providing REST operations to function with NinjaOne RMM.

    NinjaOne RMM is available for use in:

    D3 SOAR

    V16.8+

    Category

    Other

    Deployment Options

    Option II, Option IV

    Connection

    To connect to NinjaOne RMM from D3 SOAR, please follow this part to collect the required information below:

    Parameter

    Description

    Example

    Default

    Server URL

    The server URL for the API connection in domain level is the same as your NinjaOne UI portal URL.

    https://ca.ninjarmm.com

    Grant Type

    The OAuth2.0 grant type that D3 vSOC uses for authentication and acting on behalf of a user. If you select the Authorization_code option, make sure to also input both an Authorization Code and a Refresh Token (see Authorization Code Flow - Public API for details). If you select the Client_Credentials option, you do not need to provide those fields (see Client Credentials Flow for details).

    Client_credentials

    Grant Type = Client_credentials

    API Version

    The API version to use for establishing the connection.

    v2

    Client ID

    The client ID used for authenticating the API connection.

    CLIENT_ID

    Client Secret

    The secret code used for authenticating the API connection.

    ******

    Scope

    A space-separated list of application scopes that you wish to access. Available options include monitoring, management, and control. If not specified, the default scope is monitoring. Be aware that if you modify the scope of the connection, you should create a new connection rather than altering an existing one.

    monitoring management

    Grant Type = Authorization_code

    API Version

    The API version to use for establishing the connection.

    v2

    Client ID

    The client ID used for authenticating the API connection.

    *****

    Client Secret

    The client secret to authenticate the API connection.

    *****

    Scope

    A space-separated list of application scopes that you wish to access. Available options include monitoring, management, and control. If not specified, the default scope is monitoring. Be aware that if you modify the scope of the connection, you should create a new connection rather than altering an existing one.

    Monitoring Management

    Authorization Code

    The authorization code is specifically used for the Authorization_code grant type. Click the "Get Authorization" button on the New Connection form to generate the authorization code automatically.

    0.AXgA*****QgAA

    Callback URL

    The Callback URL is necessary for the authorization code grant type. Add this URL to your NinjaOne application's Redirect URIs. For more details, refer to Regular Web Apps documentation.

    https://v2019.d3securityonline.net/V127Cyber/VSOC/Auth2Callback.aspx

    Refresh Token

    The refresh token for the Authorization_code grant type. Click on the "Get Refresh Token" button on the New Connection form to automatically generate a refresh token.

    851f*****xlRk=

    Permission Requirements

    Each endpoint in the NinjaOne RMM API requires a certain permission scope. The following are required scopes for the commands in this integration:

    Command

    Required Scopes

    Control Device Windows Service

    Management + Control

    Create Agent

    Management

    Delete Devices

    Management

    Execute Command

    The Execute Command can send requests to various endpoints, each with unique scope requirements. Refer to the reader note below to determine the appropriate scope(s).

    Fetch Event

    Monitoring

    Get Device Health Reports

    Monitoring

    List Automation Scripts

    Monitoring

    List Device Custom Fields

    Monitoring

    Note: The custom fields being used must be assigned with the API: Read Only or Read/Write Permissions. Please refer to Configuring Custom Fields | NinjaOne for setup details.

    List Device OS Patch Installation Reports

    Monitoring

    List Devices

    Monitoring

    List Device Scripting Options

    Monitoring

    List Devices With Pending Failed Rejected OS Patches

    Monitoring

    List Devices With Pending Failed Rejected SW Patches

    Monitoring

    List Device Software Patch Installation Reports

    Monitoring

    List Device Windows Services

    Monitoring

    Run Script Or Built-in Action

    Management + Control

    Update Device Custom Field Values

    Management

    Note: The custom fields being used must be assigned with the API: Read/Write Permissions. Please refer to Configuring Custom Fields | NinjaOne for setup details.

    Test Connection

    Monitoring

    READER NOTE

    Scope: A specific set of permissions required to execute specific commands. Scopes are associated with the credentials generated for accessing the NinjaOne RMM API.

    • Monitoring: grants read-only access to monitoring data and organization structure.
    • Management: allows modification of device and organization information; including creating new organizations, adding new devices, running scripts, etc.
    • Control: enables remote access via API.

    Refer to https://app.ninjarmm.com/apidocs-beta/authorization/create-applications/machine-to-machine-apps for more information.

    Configuring NinjaOne RMM to Work with D3 SOAR

    1. Login to NinjaOne RMM at https://app.ninjarmm.com/auth/#/login.
    2. Add a Client App.

      1. Navigate to the Administration menu item on the left sidebar.
      2. Click on the Apps accordion.
      3. Click on the API section.
      4. Click on the Client App IDs tab.
      5. Click on the Add button on the upper right hand side.
    1. Select the API Services (machine-to-machine) dropdown option.
    2. Fill in the Application Configuration form.
      1. Enter an application Name.
      2. Copy the Callback URL from D3 SOAR and paste it into the Redirect URIs field (refer to step 3h > Grant Type: Authorization_code > step 8 in the Configuring D3 SOAR to Work with NinjaOne RMM section to retrieve the Callback URL).
      3. Select your desired Scopes. Check the Permission Requirements section for the required scope for each commands.
      4. Choose your Allowed Grant Types.

    Grant Type=Authorization_code: Select all 3 options (Authorization Code, Client Credentials and Refresh Token).
    Grant Type=Client_credentials: Select the Client Credentials option.

    ALERT

    As of July 11 2024, if you choose to establish a connection to NinjaOne RMM using the Authorization_code grant type, ensure that the Client Credentials checkbox is also selected. Not selecting the Client Credentials checkbox may result in the Client Secret not being generated.

    1. Click the Save button located at the top right corner. Afterward, you will be redirected to view the client secret credential.
    2. Copy and store your client secret. You will not be able to see it again.
    3. Find your API Client App back in the Administration > Apps > API > Client App IDs page, then copy and store your client ID.

    Configuring D3 SOAR to Work with NinjaOne RMM

    1. Log in to D3 SOAR.
    2. Find the NinjaOne RMM integration.
      1. Navigate to Configuration on the top header menu.
      2. Click on the Integration icon on the left sidebar.
      3. Type NinjaOne RMM in the search box to find the integration, then click it to select it.
      4. Click + Connection, on the right side of the Connections section. A new connection window will appear.
    3. Configure the following fields to create a connection to NinjaOne RMM.

      1. Connection Name: The desired name for the connection.
      2. Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
      3. Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.
      4. Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
      5. Description (Optional): Add your desired description for the connection.
      6. Configure User Permissions: Defines which users have access to the connection.
      7. Active: Check the tick box to ensure the connection is available for use.
      8. System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.

    Grant Type: Client_Credentials

    1. Input the Server URL. The default value is https://app.ninjarmm.com.
    2. Choose the Grant Type. The default value is Client_credentials.
    3. Input the API Version. The default value is v2.
    4. Input the Client ID. Copy the Client ID from the NinjaOne RMM platform. Please refer to step 7 of Configuring NinjaOne RMM to Work with D3 SOAR.
    5. Input the Client Secret.Copy the Client Secret from the NinjaOne RMM platform. Please refer to step 6 of Configuring NinjaOne RMM to Work with D3 SOAR.
    6. (Optional) Input the Scope. The default value is monitoring.

    Grant Type: Authorization_code

    1. Input the Server URL. The default value is https://app.ninjarmm.com.
    2. Choose the Grant Type. Select the Authorization_code dropdown option.
    3. Input the API Version. The default value is v2.
    4. Input the Client ID. Copy the Client ID from the NinjaOne RMM platform. Please refer to step 7 of Configuring NinjaOne RMM to Work with D3 SOAR.
    5. Input the Client Secret. Copy the Client Secret from the NinjaOne RMM platform. Please refer to step 6 of Configuring NinjaOne RMM to Work with D3 SOAR.
    6. (Optional) Input the Scope. The default value is monitoring.
    7. Click on the Get Authorization button to be directed to another page. On the new page, click the Authorize button, copy the provided Authorization Code, and paste it in the D3 vSOC Authorization Code field.

    1. Copy this Callback URL and paste it into the Redirect URIs field on the NinjaOne RMM platform. Refer to step 4b of the Configuring NinjaOne RMM to Work with D3 SOAR section.
    2. Click on the Get Refresh Token button to generate the refresh token.

      1. Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active.

    To set up a connection health check, check the Connection Health Check tick box. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.

      1. Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.
    1. Test the connection.

      1. Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green check mark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.
      2. Click OK to close the alert window.
      3. Click + Add to create and add the configured connection.

    Commands

    NinjaOne RMM includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.

    Integration API Note

    For more information about the NinjaOne RMM API, please refer to the NinjaOne RMM API reference.

    READER NOTE

    Certain permissions are required for each command. Please refer to the Permission Requirements and Configuring NinjaOne RMM to Work with D3 SOAR for details.

    Note for Time-related parameters

    The input format of time-related parameters may vary based on your account settings. As a result, the sample data provided in our commands is different from what you see. To set your preferred time format, follow these steps:

    1. Navigate to Configuration > Application Settings. Select Date/Time Format.
    2. Choose your desired date and time format.

    After that, you will be able to view your preferred time format when configuring the DateTime input parameters for commands.

    Control Device Windows Service

    Starts/Stops/Restarts Windows Service on the specified device(s).

    READER NOTE

    Device IDs and Service Name are required parameters to run this command.

    • Run the List Devices command to obtain Device IDs. Device IDs can be found in the raw data at the path $.results[*].id.
    • Run the List Device Windows Services command to obtain Service Name. Service Names can be found in the raw data at the path $.results[*].name.

    Input

    Input Parameter

    Required/Optional

    Description

    Example

    Device IDs

    Required

    The ID(s) of the device(s) to control Windows service. Device IDs can be obtained using the List Devices command.

    [ 0 ]

    Service Name

    Required

    The Windows service name to take control action. Service Name can be obtained using the List Device Windows Services command.

    Netman

    Action

    Required

    The action to take on the Windows Service. The options are Start, Pause, Stop, Restart.

    Stop

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.

    The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

    String

    Raw Data

    The primary response data from the API request.

    JSON

    Result

    Provides a brief summary of outputs in an HTML formatted table.

    HTML

    Error Handling

    If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    Control Device Windows Service failed.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    Control Device Windows Service failed.

    Status Code: 401.

    Message: Access key does not have required scope.

    Create Agent

    Generates and returns URL for installer with specified setting.

    READER NOTE

    Organization ID and Location IDs are required parameters to run this command.

    • Run the List Devices command to obtain the Organization ID. Organization IDs can be found in the raw data at the path $.results[*].organizationId.
    • Run the List Devices command to obtain Location IDs. Location IDs can be found in the raw data at the path $.results[*].locationId.

    Input

    Input Parameter

    Required/Optional

    Description

    Example

    Organization ID

    Required

    The ID of the organization to generate the installer. Organization ID can be obtained using the List Devices command.

    0

    Location IDs

    Required

    The ID(s) of the location(s) to generate the installer(s). Location IDs can be obtained using the List Devices command. If multiple locations are provided, each location will generate one installer with the Organization ID.

    [0]

    Installer Type

    Required

    The agent installer type to generate the installer. The options for installer type are: Windows .msi, Mac .dmg, Mac .pkg, Linux .deb, Linux .rpm.

    Windows .msi

    Content

    Optional

    The additional content to generate the installer.

    {
    "additionalProp1": {}
    }

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.

    The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

    String

    Raw Data

    The primary response data from the API request.

    JSON

    Key Fields

    Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

    The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

    JSON

    Result

    Provides a brief summary of outputs in an HTML formatted table.

    HTML

    Error Handling

    If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    Create Agent failed.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    Create Agent failed.

    Status Code: 401.

    Message: Access key does not have required scope.

    Delete Devices

    Deletes specified device(s).

    READER NOTE

    Device IDs is a required parameter to run this command.

    • Run the List Devices command to obtain Device IDs. Device IDs can be found in the raw data at the path $.results[*].id.

    Input

    Input Parameter

    Required/Optional

    Description

    Example

    Device IDs

    Required

    The ID(s) of the device(s) to delete. Device IDs can be obtained using the List Devices command.

    [ 0 ]

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.

    The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

    String

    Raw Data

    The primary response data from the API request.

    JSON

    Result

    Provides a brief summary of outputs in an HTML formatted table.

    HTML

    Error Handling

    If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    Delete Devices failed.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    Delete Devices failed.

    Status Code: 401.

    Message: Access key does not have required scope.

    Execute Command

    Returns the according response based on the input parameters.

    Input

    Input Parameter

    Required/Optional

    Description

    Example

    Endpoint Of API

    Required

    The API endpoint of the command you want to use. Please refer to NinjaRMM Public API for the available API endpoints.

    /devices/search

    HTTP Request Method

    Optional

    The HTTP request method for the endpoint. The options are GET, POST, PUT, PATCH, and DELETE. The default value is GET.

    GET

    HTTP Query Parameters

    Optional

    The HTTP query parameters for the endpoint.

    {
    "q": "192.168.1.1",
    "limit": 100
    }

    HTTP Request Body

    Optional

    The HTTP request body for the endpoint. This parameter is required when the HTTP request method is POST, PATCH or PUT. If not specified, the default value is {}.

    {
    "name": "string",
    "description": "string",
    "userData": {
    "additionalProp1": {}
    },
    "nodeApprovalMode": "AUTOMATIC",
    "tags": [
    "string"
    ],
    "fields": {
    "additionalProp1": {},
    "additionalProp2": {},
    "additionalProp3": {}
    },
    "locations": [
    {
    "name": "string",
    "address": "string",
    "description": "string",
    "userData": {
    "additionalProp1": {}
    },
    "tags": [
    "string"
    ],
    "fields": {
    "additionalProp1": {},
    "additionalProp2": {},
    "additionalProp3": {}
    }
    }
    ],
    "policies": [
    {
    "nodeRoleId": 0,
    "policyId": 0
    }
    ]
    }

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful or Failed.

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

    String

    Raw Data

    The primary response data from the API request.

    JSON

    Result

    Provides a brief summary of outputs in an HTML formatted table.

    HTML

    Error Handling

    If the Return Data is Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    Execute Command failed.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    Execute Command failed.

    Status Code: 401.

    Message: Access key does not have required scope.

    Fetch Event

    Ingests active alerts into the D3 vSOC platform as events based on specified search criteria.

    Input

    Input Parameter

    Required/Optional

    Description

    Example

    Start Time

    Optional

    The active alert updates after this time (in UTC) will be ingested. If this parameter is not specified, the default start time will be set to 30 days prior to the End Time.

    2024-06-27 00:00

    End Time

    Optional

    The active alert updates before this time (in UTC) will be ingested. If this parameter is not specified, the default end time is set to the current time.

    2024-07-13 00:00

    Source Type

    Optional

    Filters alerts based on alert origin.

    AGENT_OFFLINE

    Device Filter

    Optional

    The filters alerts based on device. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax.

    class=WINDOWS_SERVER AND offline

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful, Successful but without events, or Failed.

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

    String

    Raw Data

    The primary response data from the API request.

    JSON

    Key Fields

    Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

    The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

    JSON

    Result

    Provides a brief summary of outputs in an HTML formatted table.

    HTML

    READER NOTE

    The Unique Event Key field mapping is used to prevent duplicate event ingestions. D3 SOAR will check whether the value of a selected JSON path matches any Unique Event Key of previously ingested events. If a match is found, the event will be dismissed. If no match is found, an event will be created. However, if no Unique Event Key is mapped, the hash value from the event pending ingestion will be used to check for any matches with existing events. If no match is found, the event will be created.

    Unlike most other D3 SOAR integrations, the NinjaOne RMM integration’s Fetch Event command’s Default Event Source mapping does not include a Unique Event Key to fetch the same active alerts with multiple updates.

    Fetch Event Field Mapping

    Fetch Event commands require event field mapping. Field mapping plays a key role for data normalization within the event pipeline. Field mapping converts the original data fields from the different providers to standardized D3 fields as defined by the D3 Model. Please refer to Event and Incident Intake Field Mapping for details.

    To customize field mapping, click + Add Field and add the custom field of your choice. You can also remove built-in field mappings by clicking x. Please note that two underscore characters will automatically prefix the defined Field Name as the System Name for a custom field mapping. Additionally, if an input Field Name contains any spaces, they will automatically be replaced with underscores for the corresponding System Name.

    As a system integration, the NinjaOne RMM integration has some pre-configured field mappings for default field mapping.

    • Default Event Source

    The Default Event Source is the default set of field mappings that are applied when this fetch event command is executed. For out-of-the-box integrations, you will find a set of field mapping provided by the system. Default event source provides field mappings for common fields from fetched active alerts. The default event source has a “Main Event JSON Path” (i.e., $.Results) that is used to extract a batch of events from the response raw data. Click Edit Event Source to view the “Main Event JSON Path”.

    • Main Event JSON Path: $.Results

    The Main Event JSON Path determines the root path where the system starts parsing raw response data into D3 event data. The JSON path begins with $, representing the root element. The path is formed by appending a sequence of child elements to $, each separated by a dot (.). Square brackets with nested quotation marks ([‘...’]) should be used to separate child elements in JSON arrays.

    For example, the root node of a JSON Path is Results. The child node denoting the Device ID field would be deviceId. Putting it together, the JSON Path expression to extract the Device ID is $.Results.deviceId.

    The pre-configured field mappings are detailed below:

    Field Name

    Source Field

    Device Approval Status

    .device.approvalStatus

    Device Created Time

    .device.created

    Device ID

    .deviceId

    Device Is Offline

    .device.offline

    Device Last Contact Time

    .device.lastContact

    Device Last Update Time

    .device.lastUpdate

    Device Maintenance Status

    .device.maintenance.status

    Device Netbios Name

    .device.netbiosName

    Device Role Name

    .device.references.role.name

    Device Tags

    .device.tags

    Last Updated Time

    .updateTime

    Location Name

    .device.references.location.name

    Organization Name

    .device.references.organization.name

    Parent Device ID

    .device.parentDeviceId

    Policy Name

    .device.references.policy.name

    PSA Ticket ID

    .psaTicketId

    Role Policy Name

    .device.references.rolePolicy.name

    Title

    .subject

    User ID

    .userId

    DNS query name

    .device.dnsName

    Document ID

    .uid

    Device category

    .device.nodeClass

    Device

    .device.displayName

    Event Type

    .sourceName

    Hostname

    .device.systemName

    Start Time

    .createTime

    Description

    .message

    Alert Raw Log

    .data

    Source type

    .sourceType

    Error Handling

    If the Return Data is Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    Fetch Event failed.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    Fetch Event failed.

    Status Code: 401.

    Message: Access key does not have required scope.

    Get Device Health Reports

    Returns a list of device health summary records.

    Input

    Input Parameter

    Required/Optional

    Description

    Example

    Device Filter

    Optional

    The filter used for the narrowing down of returned device health reports. For example, to retrieve all offline Windows Servers, input "class=WINDOWS_SERVER AND offline". If this parameter is not specified, health reports for all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax.

    class=WINDOWS_SERVER AND offline

    Health Status

    Optional

    Filters device health reports based on the device health status of the devices. If not specified, health reports for devices across all health statuses will be returned.

    Unknown

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful or Failed

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

    String

    Raw Data

    The primary response data from the API request.

    JSON

    Key Fields

    Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

    The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

    JSON

    Result

    Provides a brief summary of outputs in an HTML formatted table.

    HTML

    Error Handling

    If the Return Data is Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    Get Device Health Reports failed.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    Get Device Health Reports failed.

    Status Code: 401.

    Message: Access key does not have required scope.

    List Automation Scripts

    Returns a list of all available automation scripts.

    Input

    N/A

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful or Failed.

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

    String

    Raw Data

    The primary response data from the API request.

    JSON

    Key Fields

    Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

    The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

    JSON

    Result

    Provides a brief summary of outputs in an HTML formatted table.

    HTML

    Error Handling

    If the Return Data is Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    List Automation Scripts failed.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    List Automation Scripts failed.

    Status Code: 401.

    Message: Access key does not have required scope.

    List Device Custom Fields

    Returns a list of custom field values for the specified device(s). Please visit Configuring Custom Fields | NinjaOne for details on setting up API: Read Only or Read/Write permissions.

    READER NOTE

    Device IDs is a required parameter to run this command.

    • Run the List Devices command to obtain Device IDs. Device IDs can be found in the raw data at the path $.results[*].id.

    Input

    Input Parameter

    Required/Optional

    Description

    Example

    Device IDs

    Required

    The ID(s) of the device(s) for retrieving custom field values. Device IDs can be obtained using the List Devices command.

    [ 0 ]

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.

    The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

    String

    Raw Data

    The primary response data from the API request.

    JSON

    Result

    Provides a brief summary of outputs in an HTML formatted table.

    HTML

    Error Handling

    If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    List Device Custom Fields failed.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    List Device Custom Fields failed.

    Status Code: 401.

    Message: Access key does not have required scope.

    List Device OS Patch Installation Reports

    Returns patch installation history records (successful and failed).

    Input

    Input Parameter

    Required/Optional

    Description

    Example

    Device Filter

    Optional

    The filter used to narrow down the returned OS patches. For example, to retrieve all offline Windows Servers, one can input "class=WINDOWS_SERVER AND offline". If not specified, OS patch installation reports for all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax.

    id in (<DeviceID1>, <DeviceID2>)

    Patch Status

    Optional

    Filters OS patches based on their patch status. If not specified, both Failed and installed patches will be returned.

    Failed

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful or Failed.

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

    String

    Raw Data

    The primary response data from the API request.

    JSON

    Key Fields

    Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

    The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

    JSON

    Result

    Provides a brief summary of outputs in an HTML formatted table.

    HTML

    Error Handling

    If the Return Data is Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    List Device OS Patch Installation Reports failed.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    List Device OS Patch Installation Reports failed.

    Status Code: 401.

    Message: Access key does not have required scope.

    List Devices

    Returns a list of devices with basic node information.

    Input

    Input Parameter

    Required/Optional

    Description

    Example

    Device Filter

    Optional

    The filter used for the narrowing down of returned devices. For example, to retrieve all offline Windows Servers, input "class=WINDOWS_SERVER AND offline". If not specified, all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax.

    class=WINDOWS_SERVER AND offline

    Limit

    Optional

    The number of devices to be returned. If not specified, all devices will be returned.

    100

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful or Failed.

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

    String

    Raw Data

    The primary response data from the API request.

    JSON

    Key Fields

    Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

    The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

    JSON

    Result

    Provides a brief summary of outputs in an HTML formatted table.

    HTML

    Error Handling

    If the Return Data is Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    List Devices failed.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    List Devices failed.

    Status Code: 401.

    Message: Access key does not have required scope.

    List Device Scripting Options

    Returns the scripting options (built-in actions and custom scripts) available for the device.

    READER NOTE

    Device IDs is a required parameter to run this command.

    • Run the List Devices command to obtain Device IDs. Device IDs can be found in the raw data at the path $.results[*].id.

    Input

    Input Parameter

    Required/Optional

    Description

    Example

    Device ID

    Required

    The ID of the device for which to retrieve scripting options. The Device ID can be obtained using the List Devices command.

    0

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful or Failed.

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

    String

    Raw Data

    The primary response data from the API request.

    JSON

    Key Fields

    Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

    The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

    JSON

    Result

    Provides a brief summary of outputs in an HTML formatted table.

    HTML

    Error Handling

    If the Return Data is Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    List Device Scripting Options failed.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    List Device Scripting Options failed.

    Status Code: 401.

    Message: Access key does not have required scope.

    List Devices With Pending Failed Rejected OS Patches

    Returns list of OS patches for which there were no installation attempts.

    Input

    Input Parameter

    Required/Optional

    Description

    Example

    Device Filter

    Optional

    The filter used to narrow down the returned OS patches. For example, if you want to get all offline Windows Servers, you can input "class=WINDOWS_SERVER AND offline". If not specified, all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax.

    class=WINDOWS_SERVER AND offline

    Patch Severity

    Optional

    The OS patches based on patch severity.

    IMPORTANT

    Patch Status

    Optional

    The OS patches based on patch status.

    APPROVED

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful or Failed.

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

    String

    Raw Data

    The primary response data from the API request.

    JSON

    Key Fields

    Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

    The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

    JSON

    Result

    Provides a brief summary of outputs in an HTML formatted table.

    HTML

    Error Handling

    If the Return Data is Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    List Devices With Pending Failed Rejected OS Patches failed.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    List Devices With Pending Failed Rejected OS Patches failed.

    Status Code: 401.

    Message: Access key does not have required scope.

    List Devices With Pending Failed Rejected SW Patches

    Returns a list of 3rd party Software patches for which there were no installation attempts.

    Input

    Input Parameter

    Required/Optional

    Description

    Example

    Device Filter

    Optional

    The filter used to narrow down the returned software patches. For example, if you want to get all offline Windows Servers, you can input "class=WINDOWS_SERVER AND offline". If not specified, all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax.

    class=WINDOWS_SERVER AND offline

    Patch Impact

    Optional

    The software patches based on patch impact.

    High

    Patch Status

    Optional

    The software patches based on patch status.

    PENDING

    Software Identifier

    Optional

    The software patches based on the software product identifier.

    c899*****a4fa

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful or Failed.

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

    String

    Raw Data

    The primary response data from the API request.

    JSON

    Key Fields

    Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

    The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

    JSON

    Result

    Provides a brief summary of outputs in an HTML formatted table.

    HTML

    Error Handling

    If the Return Data is Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    List Devices With Pending Failed Rejected SW Patches failed.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    List Devices With Pending Failed Rejected SW Patches failed.

    Status Code: 401.

    Message: Access key does not have required scope.

    List Device Software Patch Installation Reports

    Returns 3rd party software patch installation history records (successful and failed).

    Input

    Input Parameter

    Required/Optional

    Description

    Example

    Device Filter

    Optional

    The filter used to narrow down the returned software patches. For example, if you want to get all offline Windows Servers, you can input "class=WINDOWS_SERVER AND offline". If not specified, all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax.

    id in (<DeviceID1>, <DeviceID2>)

    Patch Impact

    Optional

    The software patches based on patch impact.

    High

    Patch Status

    Optional

    The software patches based on patch status.

    FAILED

    Software Identifier

    Optional

    The software patches based on the software product identifier.

    c899*****a4fa

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful or Failed.

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

    String

    Raw Data

    The primary response data from the API request.

    JSON

    Key Fields

    Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

    The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

    JSON

    Result

    Provides a brief summary of outputs in an HTML formatted table.

    HTML

    Error Handling

    If the Return Data is Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    List Device Software Patch Installation Reports failed.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    List Device Software Patch Installation Reports failed.

    Status Code: 401.

    Message: Access key does not have required scope.

    List Device Windows Services

    Returns list of Windows Services and their statuses for specified device(s). The maximum number of returned Windows services is 10000.

    Input

    Input Parameter

    Required/Optional

    Description

    Example

    Device Filter

    Optional

    The filter used to narrow down the returned Windows services. For example, if you want to get all offline Windows Servers, you can input "class=WINDOWS_SERVER AND offline".If not specified, Windows Services of all devices will be returned. Please refer to Ninja RMM Public API v2.0.5 Device Filter Syntax for Device Filter syntax.

    id in (<DeviceID1>, <DeviceID2>)

    Service Name

    Optional

    The Windows services based on the service name.

    String

    Service State

    Optional

    The Windows services based on the service state. If not specified, Windows services in any state will be returned.

    Running

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful or Failed.

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

    String

    Raw Data

    The primary response data from the API request.

    JSON

    Key Fields

    Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

    The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

    JSON

    Result

    Provides a brief summary of outputs in an HTML formatted table.

    HTML

    Error Handling

    If the Return Data is Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    List Device Windows Services failed.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    List Device Windows Services failed.

    Status Code: 401.

    Message: Access key does not have required scope.

    Run Script Or Built-in Action

    Runs script or built-in action on a specific device

    READER NOTE

    Device ID is a required parameter to run this command.

    • Run the List Devices command to obtain Device ID. Device IDs can be found in the raw data at the path $.results[*].id.

    Script ID and Built-in Action ID are optional parameters to run this command.

    • Run the List Device Scripting Options command to obtain Script ID. Script IDs can be found in the raw data at the path $.scripts[*].id.
    • Run the List Device Scripting Options command to obtain Built-in Action ID. Built-in Action IDs can be found in the raw data at the path $.scripts[*].uid.

    Input

    Input Parameter

    Required/Optional

    Description

    Example

    Device ID

    Required

    The ID of the device for which to run a script or built-in action. The Device ID can be obtained using the List Devices command.

    0

    Type

    Required

    The choice to run a Script or a Built-in Action.

    Script

    Script ID

    Optional

    The ID of the script to run when the Type is Script. The Script ID can be obtained using the List Device Scripting Options command.

    0

    Built-in Action ID

    Optional

    The ID of the built-in action to run when the Type is Built-in Action. The Built-in Action ID can be obtained using the List Device Scripting Options command.

    07cc*****e2b5

    Parameters

    Optional

    The parameters of Script or Build-in Action.

    String

    Run As

    Optional

    The credential role or ID used to run the Script or Built-in Action.

    String

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful or Failed.

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

    String

    Raw Data

    The primary response data from the API request.

    JSON

    Result

    Provides a brief summary of outputs in an HTML formatted table.

    HTML

    Error Handling

    If the Return Data is Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    Run Script Or Built-in Action failed.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    Run Script Or Built-in Action failed.

    Status Code: 401.

    Message: Access key does not have required scope.

    Update Device Custom Field Values

    Updates custom field values of the specified device(s). Ensure that the custom fields are assigned with API Read/Write permissions. Please visit Configuring Custom Fields | NinjaOne for details on setting up API: Read/Write permissions.

    READER NOTE

    Device IDs and Custom Field Object are required parameters to run this command.

    • Run the List Devices command to obtain Device IDs. Device IDs can be found in the raw data at the path $.results[*].id.
    • Run the List Device Custom Fields command to obtain the properties of the Custom Field Object.
      • D3 suggests running the List Devices command to obtain your desired Device IDs. Then, use those ID(s) to run the List Device Custom Fields command to obtain the corresponding Custom Field Object. The Custom Field Objects can be found in the raw data at the path $.Results[*].CustomFields.

    Input

    Input Parameter

    Required/Optional

    Description

    Example

    Device IDs

    Required

    The ID(s) of the device(s) for retrieving custom field values. Device IDs can be obtained using the List Devices command.

    [ 0 ]

    Custom Field Object

    Required

    The custom field object used to update custom field values. The Custom Field Object of the device can be obtained using the List Device Custom Fields command.

    {
    "property1": {},
    "property2": {}
    }

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.

    The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

    String

    Raw Data

    The primary response data from the API request.

    JSON

    Result

    Provides a brief summary of outputs in an HTML formatted table.

    HTML

    Error Handling

    If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    Update Device Field Values failed.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    Update Device Field Values failed.

    Status Code: 401.

    Message: Access key does not have required scope.

    Test Connection

    Allows you to perform a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.

    Input

    N/A

    Output

    Output Type

    Description

    Return Data Type

    Return Data

    Indicates one of the possible command execution states: Successful or Failed.

    The Failed state can be triggered by any of the following errors:

    - A connection issue with the integration

    - The API returned an error message

    - No response from the API

    You can view more details about an error in the Error tab.

    String

    Error Handling

    If the Return Data is Failed, an Error tab will appear in the Test Result window.

    The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

    Parts in Error

    Description

    Example

    Failure Indicator

    Indicates the command failure that happened at a specific input and/or API call.

    Test Connection failed. Failed to check the connector.

    Status Code

    The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the NinjaOne RMM portal. Refer to the HTTP Status Code Registry for details.

    Status Code: 401.

    Message

    The raw data or captured key error message from the integration API server about the API request failure.

    Message: Access key does not have required scope.

    Error Sample Data

    Test Connection failed. Failed to check the connector.

    Status Code: 401.

    Message: Access key does not have required scope.

    Была ли эта статья полезной?
    What's Next
    Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy.
    Products
    Company
    Top Features
    Solutions
    Existing Users
    Connect With Us
    Sales and Support
    Copyright © Abc Inc. All Rights Reserved
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout