Trellix Web Gateway Reporting API
API for accessing web traffic logs, security events, threat analytics, and generating custom reports from Web Gateway data.
OpenAPI Specification
openapi: 3.1.0
info:
title: Trellix Web Gateway Reporting API
description: >-
API for accessing web traffic logs, security events, threat analytics,
and generating custom reports from Trellix Web Gateway (formerly McAfee
Web Gateway) data. Provides access to historical traffic data, blocked
requests, malware detections, and URL categorization statistics.
version: '1.0'
contact:
name: Trellix Support
url: https://www.trellix.com/support/
email: support@trellix.com
termsOfService: https://www.trellix.com/legal/terms-of-use/
externalDocs:
description: Trellix Web Gateway Reporting API Documentation
url: https://docs.trellix.com/bundle/web-gateway-reporting-api
servers:
- url: https://{mwg-server}:{port}/reporter/api
description: Trellix Web Gateway Reporting Service
variables:
mwg-server:
default: mwg.example.com
description: Hostname or IP address of the Web Gateway appliance
port:
default: '4712'
description: Management port for the reporting API
tags:
- name: Dashboards
description: Dashboard data for visualization
- name: Reports
description: Report generation and retrieval
- name: Security Events
description: Security event and threat detection data
- name: Statistics
description: Aggregated traffic and security statistics
- name: Traffic Logs
description: Web traffic log access and search
security:
- cookieAuth: []
paths:
/logs/traffic:
get:
operationId: getTrafficLogs
summary: Retrieve web traffic logs
description: >-
Query web traffic access logs with optional filtering by time range,
source IP, destination URL, action, and other criteria.
tags:
- Traffic Logs
parameters:
- $ref: '#/components/parameters/startTime'
- $ref: '#/components/parameters/endTime'
- name: sourceIp
in: query
description: Filter by source IP address
schema:
type: string
- name: destinationUrl
in: query
description: Filter by destination URL pattern
schema:
type: string
- name: action
in: query
description: Filter by action taken
schema:
type: string
enum:
- allowed
- blocked
- redirected
- name: user
in: query
description: Filter by authenticated user name
schema:
type: string
- $ref: '#/components/parameters/limit'
- $ref: '#/components/parameters/offset'
responses:
'200':
description: Traffic log entries returned
content:
application/json:
schema:
type: object
properties:
totalCount:
type: integer
description: Total number of matching entries
entries:
type: array
items:
$ref: '#/components/schemas/TrafficLogEntry'
'401':
description: Unauthorized
/logs/traffic/{logId}:
get:
operationId: getTrafficLogEntry
summary: Get a specific traffic log entry
description: >-
Retrieve detailed information about a specific traffic log entry.
tags:
- Traffic Logs
parameters:
- $ref: '#/components/parameters/logId'
responses:
'200':
description: Traffic log entry details
content:
application/json:
schema:
$ref: '#/components/schemas/TrafficLogEntry'
'401':
description: Unauthorized
'404':
description: Log entry not found
/events/security:
get:
operationId: getSecurityEvents
summary: Retrieve security events
description: >-
Query security events including malware detections, policy
violations, blocked threats, and suspicious activity alerts.
tags:
- Security Events
parameters:
- $ref: '#/components/parameters/startTime'
- $ref: '#/components/parameters/endTime'
- name: severity
in: query
description: Filter by event severity
schema:
type: string
enum:
- low
- medium
- high
- critical
- name: eventType
in: query
description: Filter by event type
schema:
type: string
enum:
- malware
- phishing
- policy_violation
- data_leak
- certificate_error
- authentication_failure
- name: sourceIp
in: query
description: Filter by source IP address
schema:
type: string
- $ref: '#/components/parameters/limit'
- $ref: '#/components/parameters/offset'
responses:
'200':
description: Security events returned
content:
application/json:
schema:
type: object
properties:
totalCount:
type: integer
description: Total number of matching events
events:
type: array
items:
$ref: '#/components/schemas/SecurityEvent'
'401':
description: Unauthorized
/events/security/{eventId}:
get:
operationId: getSecurityEvent
summary: Get a specific security event
description: >-
Retrieve detailed information about a specific security event,
including full threat analysis data.
tags:
- Security Events
parameters:
- $ref: '#/components/parameters/eventId'
responses:
'200':
description: Security event details
content:
application/json:
schema:
$ref: '#/components/schemas/SecurityEvent'
'401':
description: Unauthorized
'404':
description: Event not found
/reports:
get:
operationId: listReports
summary: List available reports
description: >-
Retrieve a list of available report definitions and previously
generated reports.
tags:
- Reports
responses:
'200':
description: List of reports
content:
application/json:
schema:
type: object
properties:
reports:
type: array
items:
$ref: '#/components/schemas/Report'
'401':
description: Unauthorized
post:
operationId: generateReport
summary: Generate a new report
description: >-
Generate a new report based on specified parameters, time range,
and report type.
tags:
- Reports
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ReportRequest'
responses:
'202':
description: Report generation started
content:
application/json:
schema:
$ref: '#/components/schemas/Report'
'400':
description: Invalid report parameters
'401':
description: Unauthorized
/reports/{reportId}:
get:
operationId: getReport
summary: Get a report
description: >-
Retrieve the status and results of a specific report.
tags:
- Reports
parameters:
- $ref: '#/components/parameters/reportId'
responses:
'200':
description: Report details and results
content:
application/json:
schema:
$ref: '#/components/schemas/Report'
'401':
description: Unauthorized
'404':
description: Report not found
delete:
operationId: deleteReport
summary: Delete a report
description: >-
Delete a previously generated report and its associated data.
tags:
- Reports
parameters:
- $ref: '#/components/parameters/reportId'
responses:
'200':
description: Report deleted successfully
'401':
description: Unauthorized
'404':
description: Report not found
/reports/{reportId}/download:
get:
operationId: downloadReport
summary: Download a report
description: >-
Download a generated report in the specified format (PDF, CSV, or XML).
tags:
- Reports
parameters:
- $ref: '#/components/parameters/reportId'
- name: format
in: query
description: Output format for the report
schema:
type: string
enum:
- pdf
- csv
- xml
default: pdf
responses:
'200':
description: Report file
content:
application/pdf:
schema:
type: string
format: binary
text/csv:
schema:
type: string
application/xml:
schema:
type: string
'401':
description: Unauthorized
'404':
description: Report not found
/statistics/traffic:
get:
operationId: getTrafficStatistics
summary: Get traffic statistics
description: >-
Retrieve aggregated traffic statistics including request counts,
bandwidth usage, and top destinations over a specified time period.
tags:
- Statistics
parameters:
- $ref: '#/components/parameters/startTime'
- $ref: '#/components/parameters/endTime'
- name: granularity
in: query
description: Time granularity for aggregation
schema:
type: string
enum:
- hourly
- daily
- weekly
- monthly
default: daily
responses:
'200':
description: Traffic statistics returned
content:
application/json:
schema:
$ref: '#/components/schemas/TrafficStatistics'
'401':
description: Unauthorized
/statistics/threats:
get:
operationId: getThreatStatistics
summary: Get threat statistics
description: >-
Retrieve aggregated threat detection statistics including malware
detections, blocked URLs, and category violations over a specified
time period.
tags:
- Statistics
parameters:
- $ref: '#/components/parameters/startTime'
- $ref: '#/components/parameters/endTime'
- name: granularity
in: query
description: Time granularity for aggregation
schema:
type: string
enum:
- hourly
- daily
- weekly
- monthly
default: daily
responses:
'200':
description: Threat statistics returned
content:
application/json:
schema:
$ref: '#/components/schemas/ThreatStatistics'
'401':
description: Unauthorized
/statistics/top/urls:
get:
operationId: getTopUrls
summary: Get top accessed URLs
description: >-
Retrieve the most frequently accessed URLs during the specified
time period.
tags:
- Statistics
parameters:
- $ref: '#/components/parameters/startTime'
- $ref: '#/components/parameters/endTime'
- $ref: '#/components/parameters/limit'
responses:
'200':
description: Top URLs returned
content:
application/json:
schema:
type: object
properties:
entries:
type: array
items:
$ref: '#/components/schemas/TopUrlEntry'
'401':
description: Unauthorized
/statistics/top/categories:
get:
operationId: getTopCategories
summary: Get top URL categories
description: >-
Retrieve the most accessed URL categories during the specified
time period.
tags:
- Statistics
parameters:
- $ref: '#/components/parameters/startTime'
- $ref: '#/components/parameters/endTime'
- $ref: '#/components/parameters/limit'
responses:
'200':
description: Top categories returned
content:
application/json:
schema:
type: object
properties:
entries:
type: array
items:
$ref: '#/components/schemas/TopCategoryEntry'
'401':
description: Unauthorized
/dashboards/overview:
get:
operationId: getDashboardOverview
summary: Get dashboard overview data
description: >-
Retrieve aggregated data for the main reporting dashboard, including
traffic volume, threat counts, and top statistics.
tags:
- Dashboards
parameters:
- name: period
in: query
description: Time period for the dashboard data
schema:
type: string
enum:
- last_hour
- last_24h
- last_7d
- last_30d
default: last_24h
responses:
'200':
description: Dashboard overview data
content:
application/json:
schema:
$ref: '#/components/schemas/DashboardOverview'
'401':
description: Unauthorized
components:
securitySchemes:
cookieAuth:
type: apiKey
in: cookie
name: JSESSIONID
description: >-
Session cookie obtained via the Konfigurator REST /login endpoint.
parameters:
startTime:
name: startTime
in: query
description: Start time for the query range (ISO 8601)
schema:
type: string
format: date-time
endTime:
name: endTime
in: query
description: End time for the query range (ISO 8601)
schema:
type: string
format: date-time
limit:
name: limit
in: query
description: Maximum number of results to return
schema:
type: integer
default: 100
maximum: 1000
offset:
name: offset
in: query
description: Number of results to skip for pagination
schema:
type: integer
default: 0
logId:
name: logId
in: path
required: true
description: Unique identifier of the log entry
schema:
type: string
eventId:
name: eventId
in: path
required: true
description: Unique identifier of the security event
schema:
type: string
reportId:
name: reportId
in: path
required: true
description: Unique identifier of the report
schema:
type: string
schemas:
TrafficLogEntry:
type: object
properties:
id:
type: string
description: Unique log entry identifier
timestamp:
type: string
format: date-time
description: Time the request was processed
sourceIp:
type: string
description: Client source IP address
user:
type: string
description: Authenticated user name
method:
type: string
description: HTTP method
url:
type: string
description: Requested URL
statusCode:
type: integer
description: HTTP response status code
action:
type: string
enum:
- allowed
- blocked
- redirected
description: Action taken by the gateway
category:
type: string
description: URL category classification
bytesIn:
type: integer
description: Bytes received from the client
bytesOut:
type: integer
description: Bytes sent to the client
duration:
type: integer
description: Request processing duration in milliseconds
ruleName:
type: string
description: Name of the policy rule that matched
mediaType:
type: string
description: Content media type
userAgent:
type: string
description: Client user agent string
SecurityEvent:
type: object
properties:
id:
type: string
description: Unique event identifier
timestamp:
type: string
format: date-time
description: Time the event occurred
severity:
type: string
enum:
- low
- medium
- high
- critical
description: Event severity level
eventType:
type: string
enum:
- malware
- phishing
- policy_violation
- data_leak
- certificate_error
- authentication_failure
description: Type of security event
sourceIp:
type: string
description: Source IP address
user:
type: string
description: Associated user name
url:
type: string
description: URL involved in the event
threatName:
type: string
description: Name of the detected threat
action:
type: string
enum:
- blocked
- quarantined
- logged
- cleaned
description: Action taken
ruleName:
type: string
description: Policy rule that triggered the event
details:
type: string
description: Additional event details
Report:
type: object
properties:
id:
type: string
description: Unique report identifier
name:
type: string
description: Report name
type:
type: string
enum:
- traffic_summary
- security_summary
- user_activity
- url_categories
- threat_analysis
- bandwidth_usage
- policy_hits
description: Report type
status:
type: string
enum:
- pending
- generating
- completed
- failed
description: Report generation status
createdAt:
type: string
format: date-time
description: When the report was requested
completedAt:
type: string
format: date-time
description: When the report generation completed
startTime:
type: string
format: date-time
description: Report data start time
endTime:
type: string
format: date-time
description: Report data end time
ReportRequest:
type: object
required:
- name
- type
- startTime
- endTime
properties:
name:
type: string
description: Name for the report
type:
type: string
enum:
- traffic_summary
- security_summary
- user_activity
- url_categories
- threat_analysis
- bandwidth_usage
- policy_hits
description: Type of report to generate
startTime:
type: string
format: date-time
description: Start of the reporting period
endTime:
type: string
format: date-time
description: End of the reporting period
filters:
type: object
properties:
sourceIps:
type: array
items:
type: string
description: Filter by source IP addresses
users:
type: array
items:
type: string
description: Filter by user names
categories:
type: array
items:
type: string
description: Filter by URL categories
TrafficStatistics:
type: object
properties:
totalRequests:
type: integer
description: Total number of web requests
allowedRequests:
type: integer
description: Number of allowed requests
blockedRequests:
type: integer
description: Number of blocked requests
totalBytesIn:
type: integer
description: Total inbound bytes
totalBytesOut:
type: integer
description: Total outbound bytes
uniqueUsers:
type: integer
description: Number of unique users
uniqueDestinations:
type: integer
description: Number of unique destinations accessed
timeSeries:
type: array
items:
type: object
properties:
timestamp:
type: string
format: date-time
requests:
type: integer
bytesIn:
type: integer
bytesOut:
type: integer
ThreatStatistics:
type: object
properties:
totalThreats:
type: integer
description: Total threats detected
malwareDetections:
type: integer
description: Number of malware detections
phishingDetections:
type: integer
description: Number of phishing site detections
policyViolations:
type: integer
description: Number of policy violations
dataLeakEvents:
type: integer
description: Number of data leak prevention events
timeSeries:
type: array
items:
type: object
properties:
timestamp:
type: string
format: date-time
threats:
type: integer
malware:
type: integer
phishing:
type: integer
TopUrlEntry:
type: object
properties:
url:
type: string
description: URL
requestCount:
type: integer
description: Number of requests to this URL
totalBytes:
type: integer
description: Total bytes transferred
TopCategoryEntry:
type: object
properties:
category:
type: string
description: URL category name
requestCount:
type: integer
description: Number of requests in this category
blockedCount:
type: integer
description: Number of blocked requests
percentage:
type: number
format: float
description: Percentage of total traffic
DashboardOverview:
type: object
properties:
period:
type: string
description: Time period for the data
totalRequests:
type: integer
description: Total web requests in the period
blockedRequests:
type: integer
description: Total blocked requests
threatsDetected:
type: integer
description: Total threats detected
activeUsers:
type: integer
description: Number of active users
topCategories:
type: array
items:
$ref: '#/components/schemas/TopCategoryEntry'
topThreats:
type: array
items:
type: object
properties:
threatName:
type: string
detectionCount:
type: integer
trafficTrend:
type: array
items:
type: object
properties:
timestamp:
type: string
format: date-time
requests:
type: integer
blocked:
type: integer