Connect Secure

Consume Connect Secure API

Actions222

Application Baseline Actions
- Create Application Baseline Rule
- Update Application Baseline Rule
- Delete Application Baseline Rule
- Retrieve App Baseline Plan Assets
- Retrieve App Baseline Plan Asset
- Retrieve App Baseline Plan Company
- Retrieve App Baseline Plan Global
- Retrieve Application Baseline Rules
- Retrieve Application Baseline Rule
Attack Surface Actions
- Retrieve Attack Surface Domain
- Create Attack Surface Domain
- Update Attack Surface Domain
- Delete Attack Surface Domain
- Retrieve Attack Surface Results
- Retrieve Attack Surface Result
Backup Software Actions
- Retrieve Backup Software
- Create Backup Software
- Update Backup Software
- Delete Backup Software
EDR Actions
- Retrieve Edr
- Create Edr
- Update Edr
- Delete Edr
Tags Actions
- Retrieve Tag Rules
- Retrieve Tag Rule
- Create Tag Rule
- Update Tag Rule
- Delete Tag Rule
- Retrieve Tags
- Retrieve Tag
- Create Tag
- Update Tag
- Delete Tag
PII Actions
- Retrieve Pii Scan Settings
- Retrieve Pii Scan Setting
- Create Pii Scan Setting
- Update Pii Scan Setting
- Delete Pii Scan Setting
External Scan Actions
- Retrieve Custom Profile
- Create Custom Profile
- Update Custom Profile
- Delete Custom Profile
- Scan External Endpoint
Settings Actions
- Retrieve Custom Domains
- Retrieve Custom Domain
- Custom Domain
Compliance Assessment Actions
- Retrieve Compliance Assessment
- Create Compliance Assessment
- Update Compliance Assessment
- Delete Compliance Assessment
Reports Actions
- Retrieve Report Jobs View
- Retrieve Report Job View
- Download Report
- List Standard Report
- Create Report
- Report Settings
Compliance Actions
- Retrieve Compliance Types
- Retrieve Records
Jobs Actions
- Retrieve Job Details View
- Retrieve Job Details
Active Directory Actions
- Retrieve Ad Roles
- Retrieve Ad User Licenses
- Retrieve Azure Licenses
- Retrieve Azure Ad Logs
- Retrieve Azure Secure Score
- Retrieve Ad Password Policies
- Retrieve Ad Groups View
- Retrieve Ad Ous View
- Retrieve Ad Gpos View
- Retrieve Ad Computers View
- Retrieve Ad Users View
- Retrieve Ad Domain Details
- Retrieve Ad Gpos Details
- Retrieve Get Ous Details
- Retrieve Get Groups Details
- Retrieve Ad Group Users
- Retrieve Ad Group Computers
- Retrieve Get User Details
- Retrieve Get Computer Details
- Retrieve Ad Roles Details
- Retrieve Ad Roles Member
- Retrieve Ad Basic Info
Audit Log Actions
- Retrieve Audit Log
Ad Audit Actions
- Retrieve Event Stats
- Retrieve User Event Stats
- Retrieve User Locked Stats
- Retrieve User Enabled Stats
Asset Data Actions
- Retrieve Bios Info
- Retrieve Bio Info
- Retrieve Browser Extensions
- Retrieve Browser Extension
- Retrieve Ciphers View
- Retrieve Cipher View
- Retrieve Windows Protection Status
- Retrieve Window Protection Status
- Retrieve Asset Compliance Report Card
- Retrieve Asset Firewall Policy
- Retrieve Asset Installed Drivers
- Retrieve Asset Installed Driver
- Retrieve Asset Interface
- Retrieve Asset Msdt
- Retrieve Asset Ports
- Retrieve Asset Port
- Retrieve Asset Security Report Data
- Retrieve Asset Security Report Datum
- Retrieve Asset Shares
- Retrieve Asset Share
- Retrieve Asset Storages
- Retrieve Asset Storage
- Retrieve Asset Unqouted Services
- Retrieve Asset Unqouted Service
- Retrieve Asset User Shares
- Retrieve Asset User Share
- Retrieve Asset Video Info
- Retrieve Asset Windows Reboot Required
- Retrieve Asset Window Reboot Required
Vulnerabilities Actions
- Retrieve Remediated
- Retrieve Suppress Vulnerability
- Retrieve Suppres Vulnerability
- Create Suppres Vulnerability
- Update Suppres Vulnerability
- Delete Suppres Vulnerability
- Retrieve Records
Firewall Actions
- Retrieve Firewall Groups
- Retrieve Firewall Group
- Retrieve Firewall Interfaces
- Retrieve Firewall Interface
- Retrieve Firewall License
- Retrieve Firewall Rules
- Retrieve Firewall Rule
- Retrieve Firewall Users
- Retrieve Firewall User
- Retrieve Firewall Zones
- Retrieve Firewall Zone
Integration Actions
- Retrieve Integration Credentials
- Retrieve Integration Credential
- Create Integration Credential
- Update Integration Credential
- Delete Integration Credential
- Retrieve Integration Rules
- Retrieve Integration Rule
- Create Integration Rule
- Update Integration Rule
- Delete Integration Rule
- Retrieve Company Mappings
- Retrieve Company Mapping
- Create Company Mapping
- Update Company Mapping
- Delete Company Mapping
Event Set Actions
- Retrieve Event Set
- Create Event Set
- Update Event Set
- Delete Event Set
Ticket Template Actions
- Retrieve Custom Ticketing Template
- Create Custom Ticketing Template
- Update Custom Ticketing Template
- Delete Custom Ticketing Template
Scheduler Actions
- Retrieve Scheduler
- Create Scheduler
- Update Scheduler
- Delete Scheduler
- Update Schedule
Credentials Actions
- Retrieve Credential
- Create Credential
- Update Credential
- Delete Credential
- Retrieve Agent Credentials Mapping
- Retrieve Agent Credential Mapping
- Create Agent Credential Mapping
- Update Agent Credential Mapping
- Delete Agent Credential Mapping
- Retrieve Credentials
Asset Actions
- Retrieve Records
- Retrieve Assets
- Retrieve Asset
- Create Asset
- Update Asset
- Delete Asset
- Retrieve Asset Stats
- Retrieve Asset Stat
- Retrieve Asset View
- Retrieve Cron Jobs
- Retrieve Kernel Modules
- Retrieve Suid Permissions
- Retrieve Ufw Firewall Rules
- Retrieve Selinux Settings
- Retrieve Asset Iptables Rules
- Retrieve Asset Users
- Retrieve Asset Processes Running
- Retrieve Asset Services
- Retrieve Asset Patches Info
- Retrieve Asset Firewall Rules
- Retrieve Asset Registry Misconfiguration
- Retrieve Asset Open Ports
- Retrieve Notification Tickets View
- Retrieve System Events View
Discovery Settings Actions
- Retrieve Discovery Settings
- Retrieve Discovery Setting
- Create Discovery Setting
- Update Discovery Setting
- Delete Discovery Setting
- Retrieve Agent Discoverysettings Mapping
- Retrieve Agent Discoverysetting Mapping
- Create Agent Discoverysetting Mapping
- Update Agent Discoverysetting Mapping
- Delete Agent Discoverysetting Mapping
Auth Actions
- Authorize
Company Actions
- Retrieve Asset Windows Compatibility
- Retrieve Companies
- Retrieve Company
- Create Company
- Update Company
- Delete Company
- Retrieve Company Stats
- Retrieve Company Stat
- Retrieve Jobs View
- Retrieve Job View
- Retrieve Adaudit
- Retrieve Event Tickets
Agent Actions
- Retrieve Agents
- Retrieve Agent
- Migrate Agents

Overview

This node interacts with the Connect Secure API to retrieve Endpoint Detection and Response (EDR) data. It is designed to query EDR records based on user-defined conditions, pagination controls, and sorting preferences. This node is useful in cybersecurity workflows where automated retrieval of security event logs or endpoint activity data is required for analysis, alerting, or further processing.

Practical examples include:

Fetching recent EDR events matching specific threat indicators.
Paginating through large sets of EDR records for batch processing.
Sorting EDR data by timestamp or severity to prioritize incident response.

Properties

Name	Meaning
X USER ID	User identifier header required for authentication or scoping the request.
Condition	Query condition string to filter EDR records (e.g., specific attributes or criteria).
Skip	Number of records to skip for pagination purposes.
Limit	Maximum number of records to return in the response.
Order By	Field(s) to order the returned EDR records by (e.g., timestamp, severity).

Output

The node outputs JSON data representing the retrieved EDR records from the Connect Secure API. Each item in the output corresponds to an individual EDR record matching the query parameters. The structure typically includes fields relevant to endpoint detection events such as timestamps, event types, user IDs, and other metadata.

No binary data output is indicated by the source code or properties.

Dependencies

Requires a valid API key credential for authenticating with the Connect Secure API.
Depends on the external Connect Secure service being accessible.
Uses the @devlikeapro/n8n-openapi-node package for OpenAPI-based operation parsing and request handling.
Requires proper configuration of the API credentials within n8n.

Troubleshooting

Common issues:
- Missing or invalid "X USER ID" header may cause authentication or authorization failures.
- Incorrect query conditions can result in empty responses or errors from the API.
- Pagination parameters (skip, limit) set improperly might lead to unexpected subsets of data.
- Network connectivity problems or incorrect API credentials will prevent successful data retrieval.
Error messages:
- Authentication errors typically indicate missing or invalid API keys or user IDs.
- Validation errors may arise if query parameters are malformed or unsupported by the API.
- Timeout or connection errors suggest network issues or API service unavailability.

To resolve these, verify that all required input properties are correctly set, ensure API credentials are valid, and confirm network access to the Connect Secure API endpoint.

Links and References

Connect Secure API Documentation (replace with actual URL)
n8n OpenAPI Node Integration Guide