AvantGuard - ConnectSecure

Actions223

Reports Actions
- Get List Standard Report
- Post Create Report
- Get Report Settings
- Post Report Settings
- Get Retrieve Report Jobs View
- Get Retrieve Report Job View
- Get Download Report
Compliance Actions
- Get Retrieve Compliance Types
- Get Retrieve Records
Jobs Actions
- Get Retrieve Job Details View
- Get Retrieve Job Details
Active Directory Actions
- Get Retrieve Ad Roles
- Get Retrieve Ad User Licenses
- Get Retrieve Azure Licenses
- Get Retrieve Azure Ad Logs
- Get Retrieve Azure Secure Score
- Get Retrieve Ad Password Policies
- Get Retrieve Ad Groups View
- Get Retrieve Ad Ous View
- Get Retrieve Ad Gpos View
- Get Retrieve Ad Computers View
- Get Retrieve Ad Users View
- Get Retrieve Ad Domain Details
- Get Retrieve Ad Gpos Details
- Get Retrieve Get Ous Details
- Get Retrieve Get Groups Details
- Get Retrieve Ad Group Users
- Get Retrieve Ad Group Computers
- Get Retrieve Get User Details
- Get Retrieve Get Computer Details
- Get Retrieve Ad Roles Details
- Get Retrieve Ad Roles Member
- Get Retrieve Ad Basic Info
Audit Log Actions
- Get Retrieve Audit Log
Ad Audit Actions
- Get Retrieve Event Stats
- Get Retrieve User Event Stats
- Get Retrieve User Locked Stats
- Get Retrieve User Enabled Stats
Scheduler Actions
- Get Retrieve Scheduler
- Post Create Scheduler
- Patch Update Scheduler
- Delete Delete Scheduler
- Post Update Schedule
Application Baseline Actions
- Get Retrieve Application Baseline Rules
- Get Retrieve Application Baseline Rule
- Post Create Application Baseline Rule
- Patch Update Application Baseline Rule
- Delete Delete Application Baseline Rule
- Get Retrieve App Baseline Plan Assets
- Get Retrieve App Baseline Plan Asset
- Get Retrieve App Baseline Plan Company
- Get Retrieve App Baseline Plan Global
Attack Surface Actions
- Get Retrieve Attack Surface Domain
- Post Create Attack Surface Domain
- Patch Update Attack Surface Domain
- Delete Delete Attack Surface Domain
- Get Retrieve Attack Surface Results
- Get Retrieve Attack Surface Result
Backup Software Actions
- Get Retrieve Backup Software
- Post Create Backup Software
- Patch Update Backup Software
- Delete Delete Backup Software
EDR Actions
- Get Retrieve Edr
- Post Create Edr
- Patch Update Edr
- Delete Delete Edr
Tags Actions
- Get Retrieve Tag Rules
- Get Retrieve Tag Rule
- Post Create Tag Rule
- Patch Update Tag Rule
- Delete Delete Tag Rule
- Get Retrieve Tags
- Get Retrieve Tag
- Post Create Tag
- Patch Update Tag
- Delete Delete Tag
PII Actions
- Get Retrieve Pii Scan Settings
- Get Retrieve Pii Scan Setting
- Post Create Pii Scan Setting
- Patch Update Pii Scan Setting
- Delete Delete Pii Scan Setting
External Scan Actions
- Get Retrieve Custom Profile
- Post Create Custom Profile
- Patch Update Custom Profile
- Delete Delete Custom Profile
- Post Scan External Endpoint
Settings Actions
- Get Retrieve Custom Domains
- Get Retrieve Custom Domain
- Post Custom Domain
Compliance Assessment Actions
- Get Retrieve Compliance Assessment
- Post Create Compliance Assessment
- Patch Update Compliance Assessment
- Delete Delete Compliance Assessment
Auth Actions
- Post Authorize
Company Actions
- Get Retrieve Asset Windows Compatibility
- Get Retrieve Companies
- Get Retrieve Company
- Post Create Company
- Patch Update Company
- Delete Delete Company
- Get Retrieve Company Stats
- Get Retrieve Company Stat
- Get Retrieve Jobs View
- Get Retrieve Job View
- Get Retrieve Adaudit
- Get Retrieve Event Tickets
Agent Actions
- Get Retrieve Agents
- Get Retrieve Agent
- Post Migrate Agents
Credentials Actions
- Get Retrieve Credentials
- Get Retrieve Credential
- Post Create Credential
- Patch Update Credential
- Delete Delete Credential
- Get Retrieve Agent Credentials Mapping
- Get Retrieve Agent Credential Mapping
- Post Create Agent Credential Mapping
- Patch Update Agent Credential Mapping
- Delete Delete Agent Credential Mapping
Asset Actions
- Get Retrieve Records
- Get Retrieve Assets
- Get Retrieve Asset
- Post Create Asset
- Patch Update Asset
- Delete Delete Asset
- Get Retrieve Asset Stats
- Get Retrieve Asset Stat
- Get Retrieve Asset View
- Get Retrieve Cron Jobs
- Get Retrieve Kernel Modules
- Get Retrieve Suid Permissions
- Get Retrieve Ufw Firewall Rules
- Get Retrieve Selinux Settings
- Get Retrieve Asset Iptables Rules
- Get Retrieve Asset Users
- Get Retrieve Asset Processes Running
- Get Retrieve Asset Services
- Get Retrieve Asset Patches Info
- Get Retrieve Asset Firewall Rules
- Get Retrieve Asset Registry Misconfiguration
- Get Retrieve Asset Open Ports
- Get Retrieve Notification Tickets View
- Get Retrieve System Events View
Discovery Settings Actions
- Get Retrieve Discovery Settings
- Get Retrieve Discovery Setting
- Post Create Discovery Setting
- Patch Update Discovery Setting
- Delete Delete Discovery Setting
- Get Retrieve Agent Discoverysettings Mapping
- Get Retrieve Agent Discoverysetting Mapping
- Post Create Agent Discoverysetting Mapping
- Patch Update Agent Discoverysetting Mapping
- Delete Delete Agent Discoverysetting Mapping
Asset Data Actions
- Get Retrieve Asset Compliance Report Card
- Get Retrieve Asset Firewall Policy
- Get Retrieve Asset Installed Drivers
- Get Retrieve Asset Installed Driver
- Get Retrieve Asset Interface
- Get Retrieve Asset Msdt
- Get Retrieve Asset Ports
- Get Retrieve Asset Port
- Get Retrieve Asset Security Report Data
- Get Retrieve Asset Security Report Datum
- Get Retrieve Asset Shares
- Get Retrieve Asset Share
- Get Retrieve Asset Storages
- Get Retrieve Asset Storage
- Get Retrieve Asset Unqouted Services
- Get Retrieve Asset Unqouted Service
- Get Retrieve Asset User Shares
- Get Retrieve Asset User Share
- Get Retrieve Asset Video Info
- Get Retrieve Asset Windows Reboot Required
- Get Retrieve Asset Window Reboot Required
- Get Retrieve Bios Info
- Get Retrieve Bio Info
- Get Retrieve Browser Extensions
- Get Retrieve Browser Extension
- Get Retrieve Ciphers View
- Get Retrieve Cipher View
- Get Retrieve Windows Protection Status
- Get Retrieve Window Protection Status
Vulnerabilities Actions
- Get Retrieve Remediated
- Get Retrieve Suppress Vulnerability
- Get Retrieve Suppres Vulnerability
- Post Create Suppres Vulnerability
- Patch Update Suppres Vulnerability
- Delete Delete Suppres Vulnerability
- Get Retrieve Records
Firewall Actions
- Get Retrieve Firewall Groups
- Get Retrieve Firewall Group
- Get Retrieve Firewall Interfaces
- Get Retrieve Firewall Interface
- Get Retrieve Firewall License
- Get Retrieve Firewall Rules
- Get Retrieve Firewall Rule
- Get Retrieve Firewall Users
- Get Retrieve Firewall User
- Get Retrieve Firewall Zones
- Get Retrieve Firewall Zone
Integration Actions
- Get Retrieve Integration Credentials
- Get Retrieve Integration Credential
- Post Create Integration Credential
- Patch Update Integration Credential
- Delete Delete Integration Credential
- Get Retrieve Integration Rules
- Get Retrieve Integration Rule
- Post Create Integration Rule
- Patch Update Integration Rule
- Delete Delete Integration Rule
- Get Retrieve Company Mappings
- Get Retrieve Company Mapping
- Post Create Company Mapping
- Patch Update Company Mapping
- Delete Delete Company Mapping
Event Set Actions
- Get Retrieve Event Set
- Post Create Event Set
- Patch Update Event Set
- Delete Delete Event Set
Ticket Template Actions
- Get Retrieve Custom Ticketing Template
- Post Create Custom Ticketing Template
- Patch Update Custom Ticketing Template
- Delete Delete Custom Ticketing Template

Overview

This node interacts with the AvantGuard ConnectSecure API to retrieve Endpoint Detection and Response (EDR) data. Specifically, the "Get Retrieve Edr" operation fetches EDR records based on user-supplied criteria. This is useful in cybersecurity workflows where automated retrieval of endpoint security events or alerts is needed for monitoring, analysis, or incident response.

Practical examples include:

Automatically fetching recent EDR alerts for a specific user to trigger further investigation.
Querying EDR logs with filters such as conditions, pagination (skip/limit), and sorting order.
Integrating EDR data into dashboards or SIEM systems via n8n workflows.

Properties

Name	Meaning
X USER ID	The User Id header value identifying the user context for which to retrieve EDR data.
Additional Query Parameters	Optional query parameters to refine the request: - Condition: Query filter condition string. - Skip: Number of records to skip (pagination). - Limit: Maximum number of records to return. - Order By: Field(s) to sort the results by.

Output

The node outputs JSON data representing the retrieved EDR records matching the query parameters. The structure corresponds to the API's response schema for EDR data, typically including details about detected threats, timestamps, affected endpoints, and other relevant metadata.

No binary data output is indicated for this operation.

Dependencies

Requires an API key credential for AvantGuard ConnectSecure service authentication.
Needs the base URL of the AvantGuard ConnectSecure API configured in credentials.
Depends on the @avantguardllc/n8n-openapi-node package for OpenAPI-based request building.

Troubleshooting

Missing or invalid X USER ID: The API requires a valid user identifier in the header; ensure this is provided and correct.
Incorrect query parameters: Invalid values for condition, skip, limit, or order_by may cause API errors or empty responses.
Authentication failures: Verify that the API key credential is correctly set up and has necessary permissions.
Network issues: Ensure connectivity to the configured base URL and that no firewall blocks the requests.
API rate limits: Excessive requests might be throttled; implement retry logic or reduce request frequency.

Links and References

AvantGuard ConnectSecure API documentation (refer to official AvantGuard resources)
n8n OpenAPI integration guide: https://docs.n8n.io/integrations/builtin/app-nodes/n8n-openapi/
General EDR concepts: https://en.wikipedia.org/wiki/Endpoint_detection_and_response

AvantGuard - ConnectSecureInstall