Quarantine APIs for preventing reinfection by ransomware
Overview of GraphQL object types available to quarantine objects, release objects from quarantine, get quarantine objects for a workload or snapshots.
Quarantine & Release From Quarantine APIs
These APIs are used to change the quarantine status of snapshots and files by either quarantining them or releasing them from quarantine.
Multiple snapshots and files can be quarantined or released from quarantined with a single request.
Quarantining multiple snapshots
This API is used to quarantine single or multiple snapshots in an account.
MUTATION='{
"query": "mutation BatchQuarantineSnapshotMutation(
"query": " $input: BatchQuarantineSnapshotInput!
"query": ") {
"query": " batchQuarantineSnapshot(input: $input) {
"query": " isBatchQuarantineSuccessful
"query": " }
"query": "}
"
}'
curl -X POST https://$account.my.rubrik.com/api/graphql \
--header "authorization: Bearer $access_token" \
--header "content-type: application/json" \
--data "$(echo $MUTATION)"
Input for batch quarantining snapshots
The input includes a list of quarantine objects.
type BatchQuarantineSnapshotInput{
quarantineSpecs: [QuarantineSpec]!,
}
Quarantine spec object
This object identifies the snapshot and files to be quarantined.
type QuarantineSpec{
filesDetails: [FileDetails]!,
snapshotId: String,
}
FileDetails
This includes details of the file to be quarantined.
type FileDetails{
fileName: String,
}
Response
The response for this operation is a boolean which indicates whether the operation is successful.
Sample response
{
"data": {
"isSuccessful": true,
},
"loading": false,
"networkStatus": 7
}
Releasing snapshots from quarantine
This API is used to release multiple snapshots from quarantine.
MUTATION='{
"query": "mutation BatchReleaseFromQuarantineSnapshotMutation(
"query": " $input: BatchReleaseFromQuarantineSnapshotInput!
"query": ") {
"query": " batchReleaseFromQuarantineSnapshot(input: $input) {
"query": " isBatchReleaseFromQuarantineSuccessful
"query": " }
"query": "}
"
}'
curl -X POST https://$account.my.rubrik.com/api/graphql \
--header "authorization: Bearer $access_token" \
--header "content-type: application/json" \
--data "$(echo $MUTATION)"
Release Quarantine - Input
This includes a list of quarantine objects to be released from quarantine.
type BatchQuarantineSnapshotInput{
quarantineSpecs: [QuarantineSpec]!,
}
The quarantine specifications mentioned here were defined in the Quarantine spec object.
Release Quarantine - Response
The response for this operation is a boolean which indicates whether the operation is successful.
Release Quarantine - Sample response
{
"data": {
"isSuccessful": true,
},
"loading": false,
"networkStatus": 7
}
Get quarantine detail APIs
These are read APIs used to get quarantine status of a particular object or list of objects.
Get quarantine details for snapshots
This API is used to get quarantine details for a list of snapshots.
QUERY='{
"query": "query BatchGetQuarantinedDetailsForSnapshots($snapshotIds: [String!]!) {
"query": " allQuarantinedDetailsForSnapshots(snapshotIds: $snapshotIds) {
"query": " snapshotId
"query": " filesDetails {
"query": " fileName
"query": " }
"query": " }
"query": "}
"
}'
curl -X POST https://$account.my.rubrik.com/api/graphql \
--header "authorization: Bearer $access_token" \
--header "content-type: application/json" \
--data "$(echo $QUERY)"
Input for getting quarantine details for a batch of snapshots
The input includes a list of FIDs for which quarantine details need to be retrieved.
snapshotFids: [String]!
Get quarantine details for snapshots - Response
The response includes a list of snapshotIds and the corresponding fileDetails about quarantined snapshots. Snapshots that are not quarantined will be excluded from the response.
{
snapshotId
filesDetails {
fileName
}
}
Get batch quarantine snapshot - Sample Response
{
"data": {
"quarantineSpecs" : [
{
"snapshotId" : "abcd-fgeb-vefb-veef",
"filesDetails" : [
{
"fileName" : "/C:/Engineering/"
},
{
"fileName": "/C:/Medical/"
}
]
},
{
"snapshotId" : "veef-fege-vfdf-fgeb",
"filesDetails" : [
{
"fileName" : "/C:/HumanResources/abc.txt"
},
{
"fileName": "/C:/Unknown/def.txt"
}
]
}
]
},
"loading": false,
"networkStatus": 7
}
Get quarantine details for workload
This API is used to get all quarantine details for a workload.
QUERY='{
"query": "query BatchGetQuarantinedDetailsForWorkload($workloadId: String!) {
"query": " allQuarantinedDetailsForWorkload(workloadId: $workloadId) {
"query": " snapshotId
"query": " filesDetails {
"query": " fileName
"query": " }
"query": " }
"query": "}
"
}'
curl -X POST https://$account.my.rubrik.com/api/graphql \
--header "authorization: Bearer $access_token" \
--header "content-type: application/json" \
--data "$(echo $QUERY)"
Input for getting quarantine details for a workload
The input is a workloadID that indicates the quarantine details to be retrieved.
workloadId: String!
Get quarantine details for workload - Response
The response includes a list of snapshotIds and the corresponding fileDetails. If no files or snapshots are quarantined, an empty list will be returned.
{
snapshotId
filesDetails {
fileName
}
}
Get batch quarantine workload - Sample Response
{
"data": {
"quarantineSpecs" : [
{
"snapshotId" : "fwgf-vfdf-vefb-veef",
"filesDetails" : [
{
"fileName" : "/D:/Engineering/"
},
{
"fileName": "/D:/Medical/"
}
]
},
{
"snapshotId" : "vsfg-fgeb-abcd-vefb",
"filesDetails" : [
{
"fileName" : "/E:/HumanResources/abc.txt"
},
{
"fileName": "/E:/Unknown/def.txt"
}
]
}
]
},
"loading": false,
"networkStatus": 7
}