Complete

Console reporting API


Userlevel 2
I would like an API to be able to automatically retrieve information from the webroot console.  Ideally, I would like to see a listing of all endpoints on my console, and I would also like to see scan history for individual endpoints.  I wish to import this data into my own database for custom reporting.  
 
The only way I can accomplish this now is to log into the console, select all endpoints under group management, and then export to CSV.  From there I have to manually extrapolate scan history.
 
An API would allow me to automate this process.

17 replies

Userlevel 7
Badge +56
We do have an integration with Spiceworks that might help in the meantime. You could run reports or export data from the Spiceworks database
Userlevel 2
I've spent over a half hour trying and I cannot find how to integrate webroot with spiceworks. I have never worked with spiceworks before. I have looked under cloud services and plugins and can find no mention of webroot.
Userlevel 7
Badge +56
If you go to a device there's a tab all the way at the right that will show you the Webroot status.  There should also be some reports you can run.
Userlevel 2
So this will only work for webroot installations on my local network?
Userlevel 7
Badge +56
There's an agent for Spiceworks that you can install on remove devices.  Or you can do a remote collector server if you have a satellite office.
Userlevel 2
We sell webroot to hundreds of customers and have over 2700 endpoints, a significant number of which are POS terminals, I don't think that spiceworks will work for me. I would really like a way to obtain this information from my webroot console without having to rely on a person manually logging in and exporting the data daily.
Userlevel 7
Badge +56
Yeah, that makes sense - I think your suggestion is a good one, just trying to find a workaround for the meantime.
Userlevel 5
Hey community members!
 
I'd like thoughts around this request from other admins that are constantly looking for other ways of gathering and reporting data from their environments.
 
Would an API be of use to you?
 
How would you use it?
 
Thanks all!
Shawn T
Webroot Manager, Product Support
Badge +7
Shawn,
 
Yes, a Webroot API would be extremely useful to us, mostly for automating our auditing process to confirm Webroot is installed and checking in properly on all our computers.
 
Currently we are creating scripts (aka "agent procedures") in Kaseya that pull info directly from the HKLMSOFTWAREWRDataStatus registry key from individual machines, to check things like whether the subscription is active (IsExpired, which seems to correspond to whether or not the endpoint is able to check into the Webroot servers) and if other AV is detected/enabled, etc.
 
Because we use Kaseya we have all our agents listed in that system. They are broken down by client -- we are an MSP with about 150 clients -- and in Webroot we have a Site in the GSM for each of these clients. Webroot is a completely different web console than Kaseya obviously, so we need to be able to confirm that every computer in Kaseya has Webroot installed, is checking into the web console, and (ideally) has the correct policy assigned. So if we could perform a query or command that would return info about a particular endpoint (or that it doesn't exist in the web console) then we could perform a Webroot audit on all our computers much more efficiently.
 
As it is now we have to either visually inspect both systems (Kaseya and Webroot), or we have to export a computer/endpoint list in CSV format from both systems then compare them line-by-line. With close to 6,000 endpoints total, and the 5-10 second lag when switching from site-to-GSM-to-site, this quickly becomes a tedious, time-consuming task. Even if we could just export the All Endpoints group from all Sites, in one click from the GSM, that would be very helpful. But a full-featured API (like the one Amazon Web Services provides) would be much more useful to us.
Badge +7
I forgot to mention one more piece of information we'd like to be able retrieve from an API:
 
The Group that an endpoint is a member of.
 
We're using the /group=GROUP switch when installing WSA, to move endpoints into the correct group, however we're finding this doesn't work 100% of the time for some reason (it's not due to the known issue of having a space in the group name). If we could run some type of query to find all endpoints that are in the Default Group then we could easily sweep through and move them to the correct group, rather than having to check 150 sites manually.
 
It would also be nice if we could use an API to send Agent Commands to endpoints, rather than it just being a read-only/reporting tool. We can send agent commands from the Webroot web console, of course, but in many cases it would be more efficient for us to be able to run them from Kaseya scripts. That way we could do things like create a script that uninstalls WSA and runs the -poll command to force it to check in right away, or run a Scan, or Send Customer Support Diagnostics, etc. The Kaseya "poll interval" is 30-60 seconds, so we can force an endpoint to check in quickly to Webroot's servers from Kaseya, but we can't do much else from it.
 
Keep in mind we have a small NOC of 3 people auditing/managing Webroot for almost 6,000 endpoints, so even if we can do something manually from the web console, we can only do it one Site at a time, and it's all a manual point-and-click process. That's where a full-featured API would be very handy for us.
I to would like to retrieve data from the console for further analysis against our internal data. Our current AV (we are evaluating Webroot) is managed through an on premise console with a SQL backed. We have grown used to pulling that into Excel and joining it with our RMM, PSA and a General Ledger data. We then post the queries and pivot tables to our SharePoint site (Office 365 Power BI) so staff can interact with the data live. -shaunv
 I would like to beable to query the console from powershell to list the group and policy assigned to an endpoint.  this would be part of a script that would audit a server after its build process is complete.
Userlevel 2
Badge +9
AJohnson, might be a late reply mate but i always use WMIC to execute remote commands to node.
 
Uninstalling software etc such as a few examples below.
To populate software thats installed, create a logon scripts or log off script and add the commands in the batch file
craete a file on notepad and save as getSoftware.bat
 @echo off
wmic /output:\someserversharedFolder%computername%_installedSoftware.html product list brief /format:htable.xsl
 
 
Then when the user logs in it will execute this and save to shared folder.
I have used a lot fo software for simple tasks that WMIC can achieve.
 
This will uninstall WinRar when you define the target (Or you can use a text file like /node:@file.txt)@echo off
set /p target=Whats the computer name:
echo Uninstalling Winrar from %target%
wmic /node:"%target%" process call create "%ProgramFiles%WinRARuninstall.exe /s"
 
to remoteley edit registry (You dont always want it on)
Start the service of the remote node (wmic /node:somePC service where name='remoteregistry' call startservice)
 
etc etc etc, one of the most powerfull tools and has been with Windows for a very long time
 
 
Badge +7
JohnG,
 
Thanks for the suggestion. But I was actually referring to the ability to send Webroot Agent Commands (things like Change Keycode and Scan, as Webroot Support has confirmed that the Scheduled Scans don't always clear the "!" / "Infected" WSA tray icon, but manually sending the Scan Agent Command should clear it) via an API exposed by the client.
 
Note that we use the Kaseya RMM tool, so we manage all our computers in Kaseya, which provides you with the ability to create and run "agent procedures" (aka scripts). They have a lot of functionality built in to these agent procedures, like manipulating the registry, file operations, or just the ability to run whatever WMIC command you want.
 
Currently we can remotely execute the command "WRSA.EXE -poll" through Kaseya, which will force the endpoint to check in with Webroot's servers. But that is all we can do. It would be nice if there was:
 
WRSA.EXE -scan
WRSA.EXE -changeKeycode "NEW_KEYCODE"
 
That way we could create and schedule Kaseya agent procedures that run on a recurring basis. If sending the Scan agent command clears the Infected/"!" status, but the built-in Scheduled Scans do not, then it would be ideal for us to just schedule Webroot scans directly via Kaseya. 
As a new MSP partner, this is something we would really like as well. We would ideally like to operate a fully automated monthly billing cycle where we look up usage for each of our clients using the product and bill accordingly.
 
As a starter, we could really do with a CSV report across all sites, that lists the installed endpoints for each site (with the site listed so we can determine which customer the endpoints are in use by). That would still require a manual action each month, so the best solution would be a simple API call to retrieve the same information. This billing functionality is our main requirement right now.
 
From there, we would like to see access to status information on endpoints so we could identify when endpoints require attention. These often works well as a journal so we can retrieve events in the journal periodically (polling every 10 mins say). We can then feed that information into our ticketing system and prompt our support team to take action on serious issues.
I would kill for an API...
 
We want to be able to do actionable things when infections happen, like post to our rocket.chat, query things (if we could get the hash we would generate a link to virus total search) so yeah, probably a lot more, but the more things we have available with the API the better.
 
Things we are trying to do are:
 
Know right away when something is detected without being in the dashboard or using something cluttered like email. If we had a REST api where we could hit it and get back JSON or something that would be perfect. We can write our own webhooks for things.
 
Also would like be able to pull generic data useful for billing etc..
 
 
Userlevel 7
Badge +47
As always, for all of your Unity API needs, be sure to check out: https://community.webroot.com/t5/Unity-API-forum/bd-p/UnityAPI 

Reply