List Clients - SpecterOps

{
  "count": 1,
  "skip": 1,
  "limit": 1,
  "data": [
    {
      "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "name": "<string>",
      "ip_address": "127.0.0.1",
      "hostname": "<string>",
      "configured_user": "<string>",
      "last_checkin": "2023-11-07T05:31:56Z",
      "events": [
        {
          "id": 123,
          "client_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
          "rrule": "<string>",
          "session_collection": true,
          "local_group_collection": true,
          "ad_structure_collection": true,
          "cert_services_collection": true,
          "ca_registry_collection": true,
          "dc_registry_collection": true,
          "all_trusted_domains": true,
          "ous": [
            {
              "objectid": "<string>",
              "name": "<string>",
              "exists": true,
              "distinguishedname": "<string>",
              "type": "<string>"
            }
          ],
          "domains": [
            {
              "objectid": "<any>",
              "name": "<any>",
              "exists": "<any>",
              "type": "<string>"
            }
          ]
        }
      ],
      "token": {
        "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "created_at": "2023-11-07T05:31:56Z",
        "updated_at": "2023-11-07T05:31:56Z",
        "deleted_at": {},
        "user_id": {
          "uuid": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
          "valid": true
        },
        "name": {
          "string": "<string>",
          "valid": true
        },
        "key": "<string>",
        "hmac_method": "<string>",
        "last_access": "2023-11-07T05:31:56Z"
      },
      "current_job_id": {
        "int64": 123,
        "valid": true
      },
      "current_task_id": {
        "int64": 123,
        "valid": true
      },
      "current_job": {
        "id": 123,
        "client_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "client_name": "<string>",
        "event_id": {
          "int32": 123,
          "valid": true
        },
        "execution_time": "2023-11-07T05:31:56Z",
        "start_time": "2023-11-07T05:31:56Z",
        "end_time": "2023-11-07T05:31:56Z",
        "status": -1,
        "status_message": "<string>",
        "session_collection": true,
        "local_group_collection": true,
        "ad_structure_collection": true,
        "cert_services_collection": true,
        "ca_registry_collection": true,
        "dc_registry_collection": true,
        "all_trusted_domains": true,
        "domain_controller": "<string>",
        "ous": [
          {
            "objectid": "<any>",
            "name": "<any>",
            "exists": "<any>",
            "distinguishedname": "<any>",
            "type": "<any>"
          }
        ],
        "domains": [
          {
            "objectid": "<any>",
            "name": "<any>",
            "exists": "<any>",
            "type": "<any>"
          }
        ],
        "domain_results": [
          {
            "id": "<any>",
            "created_at": "<any>",
            "updated_at": "<any>",
            "deleted_at": "<any>",
            "job_id": "<any>",
            "domain_name": "<any>",
            "success": "<any>",
            "message": "<any>",
            "user_count": "<any>",
            "group_count": "<any>",
            "computer_count": "<any>",
            "gpo_count": "<any>",
            "ou_count": "<any>",
            "container_count": "<any>",
            "aiaca_count": "<any>",
            "rootca_count": "<any>",
            "enterpriseca_count": "<any>",
            "ntauthstore_count": "<any>",
            "certtemplate_count": "<any>",
            "deleted_count": "<any>"
          }
        ]
      },
      "current_task": {
        "id": 123,
        "client_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "client_name": "<string>",
        "event_id": {
          "int32": 123,
          "valid": true
        },
        "execution_time": "2023-11-07T05:31:56Z",
        "start_time": "2023-11-07T05:31:56Z",
        "end_time": "2023-11-07T05:31:56Z",
        "status": -1,
        "status_message": "<string>",
        "session_collection": true,
        "local_group_collection": true,
        "ad_structure_collection": true,
        "cert_services_collection": true,
        "ca_registry_collection": true,
        "dc_registry_collection": true,
        "all_trusted_domains": true,
        "domain_controller": "<string>",
        "ous": [
          {
            "objectid": "<any>",
            "name": "<any>",
            "exists": "<any>",
            "distinguishedname": "<any>",
            "type": "<any>"
          }
        ],
        "domains": [
          {
            "objectid": "<any>",
            "name": "<any>",
            "exists": "<any>",
            "type": "<any>"
          }
        ],
        "domain_results": [
          {
            "id": "<any>",
            "created_at": "<any>",
            "updated_at": "<any>",
            "deleted_at": "<any>",
            "job_id": "<any>",
            "domain_name": "<any>",
            "success": "<any>",
            "message": "<any>",
            "user_count": "<any>",
            "group_count": "<any>",
            "computer_count": "<any>",
            "gpo_count": "<any>",
            "ou_count": "<any>",
            "container_count": "<any>",
            "aiaca_count": "<any>",
            "rootca_count": "<any>",
            "enterpriseca_count": "<any>",
            "ntauthstore_count": "<any>",
            "certtemplate_count": "<any>",
            "deleted_count": "<any>"
          }
        ]
      },
      "completed_job_count": 123,
      "completed_task_count": 123,
      "domain_controller": {
        "string": "<string>",
        "valid": true
      },
      "version": "<string>",
      "user_sid": {
        "string": "<string>",
        "valid": true
      },
      "type": "sharphound"
    }
  ]
}

GET

api

clients

{
  "count": 1,
  "skip": 1,
  "limit": 1,
  "data": [
    {
      "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "name": "<string>",
      "ip_address": "127.0.0.1",
      "hostname": "<string>",
      "configured_user": "<string>",
      "last_checkin": "2023-11-07T05:31:56Z",
      "events": [
        {
          "id": 123,
          "client_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
          "rrule": "<string>",
          "session_collection": true,
          "local_group_collection": true,
          "ad_structure_collection": true,
          "cert_services_collection": true,
          "ca_registry_collection": true,
          "dc_registry_collection": true,
          "all_trusted_domains": true,
          "ous": [
            {
              "objectid": "<string>",
              "name": "<string>",
              "exists": true,
              "distinguishedname": "<string>",
              "type": "<string>"
            }
          ],
          "domains": [
            {
              "objectid": "<any>",
              "name": "<any>",
              "exists": "<any>",
              "type": "<string>"
            }
          ]
        }
      ],
      "token": {
        "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "created_at": "2023-11-07T05:31:56Z",
        "updated_at": "2023-11-07T05:31:56Z",
        "deleted_at": {},
        "user_id": {
          "uuid": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
          "valid": true
        },
        "name": {
          "string": "<string>",
          "valid": true
        },
        "key": "<string>",
        "hmac_method": "<string>",
        "last_access": "2023-11-07T05:31:56Z"
      },
      "current_job_id": {
        "int64": 123,
        "valid": true
      },
      "current_task_id": {
        "int64": 123,
        "valid": true
      },
      "current_job": {
        "id": 123,
        "client_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "client_name": "<string>",
        "event_id": {
          "int32": 123,
          "valid": true
        },
        "execution_time": "2023-11-07T05:31:56Z",
        "start_time": "2023-11-07T05:31:56Z",
        "end_time": "2023-11-07T05:31:56Z",
        "status": -1,
        "status_message": "<string>",
        "session_collection": true,
        "local_group_collection": true,
        "ad_structure_collection": true,
        "cert_services_collection": true,
        "ca_registry_collection": true,
        "dc_registry_collection": true,
        "all_trusted_domains": true,
        "domain_controller": "<string>",
        "ous": [
          {
            "objectid": "<any>",
            "name": "<any>",
            "exists": "<any>",
            "distinguishedname": "<any>",
            "type": "<any>"
          }
        ],
        "domains": [
          {
            "objectid": "<any>",
            "name": "<any>",
            "exists": "<any>",
            "type": "<any>"
          }
        ],
        "domain_results": [
          {
            "id": "<any>",
            "created_at": "<any>",
            "updated_at": "<any>",
            "deleted_at": "<any>",
            "job_id": "<any>",
            "domain_name": "<any>",
            "success": "<any>",
            "message": "<any>",
            "user_count": "<any>",
            "group_count": "<any>",
            "computer_count": "<any>",
            "gpo_count": "<any>",
            "ou_count": "<any>",
            "container_count": "<any>",
            "aiaca_count": "<any>",
            "rootca_count": "<any>",
            "enterpriseca_count": "<any>",
            "ntauthstore_count": "<any>",
            "certtemplate_count": "<any>",
            "deleted_count": "<any>"
          }
        ]
      },
      "current_task": {
        "id": 123,
        "client_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "client_name": "<string>",
        "event_id": {
          "int32": 123,
          "valid": true
        },
        "execution_time": "2023-11-07T05:31:56Z",
        "start_time": "2023-11-07T05:31:56Z",
        "end_time": "2023-11-07T05:31:56Z",
        "status": -1,
        "status_message": "<string>",
        "session_collection": true,
        "local_group_collection": true,
        "ad_structure_collection": true,
        "cert_services_collection": true,
        "ca_registry_collection": true,
        "dc_registry_collection": true,
        "all_trusted_domains": true,
        "domain_controller": "<string>",
        "ous": [
          {
            "objectid": "<any>",
            "name": "<any>",
            "exists": "<any>",
            "distinguishedname": "<any>",
            "type": "<any>"
          }
        ],
        "domains": [
          {
            "objectid": "<any>",
            "name": "<any>",
            "exists": "<any>",
            "type": "<any>"
          }
        ],
        "domain_results": [
          {
            "id": "<any>",
            "created_at": "<any>",
            "updated_at": "<any>",
            "deleted_at": "<any>",
            "job_id": "<any>",
            "domain_name": "<any>",
            "success": "<any>",
            "message": "<any>",
            "user_count": "<any>",
            "group_count": "<any>",
            "computer_count": "<any>",
            "gpo_count": "<any>",
            "ou_count": "<any>",
            "container_count": "<any>",
            "aiaca_count": "<any>",
            "rootca_count": "<any>",
            "enterpriseca_count": "<any>",
            "ntauthstore_count": "<any>",
            "certtemplate_count": "<any>",
            "deleted_count": "<any>"
          }
        ]
      },
      "completed_job_count": 123,
      "completed_task_count": 123,
      "domain_controller": {
        "string": "<string>",
        "valid": true
      },
      "version": "<string>",
      "user_sid": {
        "string": "<string>",
        "valid": true
      },
      "type": "sharphound"
    }
  ]
}

Authorizations

Authorization

string

header

required

Authorization: Bearer $JWT_TOKEN

Headers

Prefer

integer

default:0

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240.

Required range: x >= 0

Query Parameters

created_at

string<date-time>

Filter results by created_at value. See filter schema details for valid predicates.

updated_at

string<date-time>

Filter results by updated_at value. See filter schema details for valid predicates.

deleted_at

string<date-time>

Filter results by deleted_at value. See filter schema details for valid predicates.

hydrate_domains

boolean

default:true

When a value of true is passed, any Domains associated with scheduled and finished jobs for each client will have expanded properties including name and type. When a value of false is passed, these same Domains will only return as a list of objectids.

hydrate_ous

boolean

default:true

When a value of true is passed, any OUs associated with scheduled and finished jobs for each client will have expanded properties including name and type. When a value of false is passed, these same OUs will only return as a list of objectids.

skip

integer

This query parameter is used for determining the number of objects to skip in pagination.

Required range: x >= 0

limit

integer

This query parameter is used for setting an upper limit of objects returned in paginated responses.

Required range: x >= 0

sort_by

string

Sortable columns are name, ip_address, hostname, configured_user, last_checkin, completed_job_count, created_at, updated_at, deleted_at.

name

string

Filter results by column string value. Valid filter predicates are eq, ~eq, neq.

ip_address

string

Filter results by column string value. Valid filter predicates are eq, ~eq, neq.

hostname

string

Filter results by column string value. Valid filter predicates are eq, ~eq, neq.

configured_user

string

Filter results by column string value. Valid filter predicates are eq, ~eq, neq.

version

string

Filter results by column string value. Valid filter predicates are eq, ~eq, neq.

user_sid

string

Filter results by column string value. Valid filter predicates are eq, ~eq, neq.

last_checkin

string

Filter results by column string value. Valid filter predicates are eq, ~eq, neq.

current_job_id

integer

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

completed_job_count

integer

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

domain_controller

string

Filter results by column string value. Valid filter predicates are eq, ~eq, neq.

string<uuid>

Filter results by column string-formatted uuid value. Valid filter predicates are eq, neq.

Response

count

integer

The total number of results.

Required range: x >= 0

skip

integer

The number of items to skip in a paginated response.

Required range: x >= 0

limit

integer

The limit of results requested by the client.

Required range: x >= 0

data

object[]

Show child attributes

Endpoint for data ingestion Create Client

⌘I

Get Started

Auth

Permissions

Roles

API Tokens

BloodHound Users

Collectors

Collection Uploads

API Info

Search

Audit

Config

Asset Isolation

Graph

Cypher

Azure Entities

AD Base Entities

Computers

Containers

Domains

GPOs

AIA CAs

Root CAs

Enterprise CAs

NT Auth Stores

Cert Templates

OUs

AD Users

Groups

Data Quality

Database

Datapipe

EULA

Analysis

Client Ingest

Clients

Jobs

Events (Schedules)

Attack Paths

Risk Posture

Meta Entities

Authorizations

Headers

Query Parameters

Response