Skip to content

Agents

Incydr Agents run on the endpoints in your environment and monitor for insider risk activity.

class _incydr_sdk.agents.client.AgentsV1(parent)

Client for /v1/agents endpoints.

Usage example:

>>> import incydr
>>> client = incydr.Client(**kwargs)
>>> client.agents.v1.get_page()
activate(self, agent_ids)

Activate a set of agents.

Parameters:

  • agent_ids: str | List[str] - An agent ID or list of agent IDs to activate.

Returns: A requests.Response indicating success.

deactivate(self, agent_ids)

Deactivate a set of agents.

Parameters:

  • agent_ids: str | List[str] - An agent ID or list of agent IDs to deactivate.

Returns: A requests.Response indicating success.

get_agent(self, agent_id)

Get a single agent.

Parameters:

  • agent_id: str (required) - The unique ID for the agent.

Returns: An Agent object representing the agent.

get_page(self, active=None, agent_type=None, sort_dir=, sort_key=, page_num=1, page_size=500, agent_healthy=None, agent_health_issue_types=None)

Get a page of agents.

Filter results by passing the appropriate parameters:

Parameters:

  • active: bool | None - When True, return only active agents. When False, return only deactivated agents. Defaults to None (returning both).
  • agent_type: AgentType | str | None - Return only agents of given type.
  • page_num: int - Page number for results, starting at 1.
  • page_size: int - Max number of results to return per page.
  • sort_dir: SortDirection - asc or desc. The direction in which to sort the response based on the corresponding key. Defaults to asc.
  • sort_key: SortKeys - Values on which the response will be sorted. Defaults to agent name.
  • agent_healthy: bool | None - Optionally retrieve agents with this health status. Agents that have no health issue types are considered healthy.
  • agent_health_issue_types: List[str] | str - Optionally retrieve agents that have (at least) any of the given issue type(s). Health issue types include the following: NOT_CONNECTING, NOT_SENDING_SECURITY_EVENTS, SECURITY_INGEST_REJECTED, MISSING_MACOS_PERMISSION_FULL_DISK_ACCESS, MISSING_MACOS_PERMISSION_ACCESSIBILITY.

Returns: An AgentsPage object.

iter_all(self, active=None, agent_type=None, sort_dir=, sort_key=, page_size=500, agent_healthy=None, agent_health_issue_types=None)

Iterate over all agents.

Accepts the same parameters as .get_page() excepting page_num.

Returns: A generator yielding individual Agent objects.

update(self, agent_id, name=None, external_reference=None)

Update an agent.

Parameters:

  • agent_id: str (required) - The unique ID for the agent.
  • name: str | None - The updated name for the agent.
  • external_reference: str | None - The updated external reference info for the agent.

Returns: A requests.Response indicating success.