Retrieving raw scanned file data

Available from 9.2.2. You use the GET operation on the /api/sam/raw_file_facts element to retrieve information about all files discovered on the computers in your infrastructure. The API returns details of existing files as well as historical data about files that were removed. By default, raw data is preserved for 7 days. To change this period, go to Management > Advanced Server Settings and change the value of the raw_data_api_history_keep_days parameter.

Note

User To obtain information about detected software use api/sam/v2/software_instances API.

Before you begin

Use limit parameter when previewing API output

When you use /api/sam/raw_file_facts API for test purpose, append the limit parameter to achieve faster response time. First 100 records should be sufficient to have a view on the data available.

https://hostname:port/api/sam/raw_file_facts?token=token&limit=100

Permissions

An icon representing a user. You must have the View Raw Data permission to perform this task.

Resource URL

https://hostname:port/api/sam/raw_file_facts?token=token

Resource information

Table 1. Resource information

The table consists of two columns and 6 rows.

Operation details Description
HTTP method GET
Request headers
Header
Accept-Language (optional)
Values
en-US (only English is supported)

Negotiates the language of the response. If the header is not specified, the content is returned in the server language.

Request format
  • application/json
Response headers
Header
Content-Type
Values
application/json

Specifies the content type of the response.

Header
Content-Language
Values
en-US, …

Specifies the language of the response content. If this header is not specified, the content is returned in the server language.

Response payload File Fact element
Response format
  • application/json
Response codes
  • 200 – OK
  • 500 – “Bad Request” if a query parameter contains errors or is missing

9.2.10 Schema description

To retrieve the list of all columns that are returned by this REST API together with their descriptions, use the following request.
GET api/sam/schemas/raw_file_fact.json?token=token

Available columns

Table 2. Columns with information about scanned files
Column Description Displayed by default Type
computer_id Identifier of the computer on which the file was discovered. String
path Path where the file was discovered. String
name Name of the discovered file. String
size Size of the discovered file. Integer
version Version of the discovered file if available. String
md5 MD5 checksum of the file. String
sha256 SHA256 checksum of the file. String
valid_from Date of the first import that contained information about the file. String
valid_to Date of the first import that did not include information about the file. The value 9999-12-31T23:59:59Z indicates that the file is still being discovered. String
10.0.1 win_hdr_product_name Name of the product with which the file is distributed. String
10.0.1 win_hdr_copyright Copyright notices that apply to the file. String
10.0.1 win_hdr_product_version Version of the product with which the file is distributed. String
10.0.1 win_hdr_description Description of the file. String
10.0.1 win_hdr_company Company that produced the file. String
10.0.1 win_hdr_trademarks Trademarks and registered trademarks that apply to the file. String

Columns starting with 'win_hdr_' require enablement. For details, refer to Enabling the collection of additional properties of Windows executables.

Applicable associations

You can additionally retrieve data from the following associations:

Query parameters

Table 3. Query parameters

The table consists of four columns and nine rows.

Parameter Description Required Value
columns[] Specify which columns to retrieve. If you do not specify this parameter, only default columns are retrieved.
Example: Retrieve the name and size of a file:
URL?columns[]=name&columns[]=size
String
order Specify how to sort the returned data. The default direction for sorting columns is ascending. If you want to specify a descending sort, append desc to the column name.
Example: Order by name
URL?order[]=name desc
String
limit Specify the number of rows to retrieve. If you omit this parameter, all rows are retrieved. For BigFix Inventory versions up to 10.0.1, if you omit the 'limit' parameter, 100 000 rows are retrieved. The number is defined at raw_data_api_default_limit on the Advanced Server Settings panel.
Example: Retrieve 100 records
URL?limit=100
Note: Parameter raw_data_api_default_limit has been removed since BigFix Inventory version 10.0.2.
Numeric
offset Specify the number of rows to skip for retrieving results. You can use it together with the limit parameter to paginate results.
Example: Retrieve 50 records starting after record 150:
URL?limit=50&offset=150
Numeric
token A unique user authentication identifier. You can retrieve it by using REST API for retrieving authentication token. You can also log in to BigFix Inventory, hover over the User icon User icon, and click Profile. Then, click Show token. Alphanumeric
criteria Retrieve records which match specific conditions. The parameter should have the following structure, written in one line:
<criteria> ::= <left-brace> <boolean-operator><colon> <left-bracket> 
<criterion> [{ <comma> <criterion> }...] <right-bracket> <right-brace>
<boolean-operator> ::= "and" | "or"
<criterion> ::= <criteria> | <left-bracket> <column> <comma> <operator> <comma> <value> <right-bracket>
<column> ::= <json-string>
<operator> ::= <json-string>
<value> ::= <json-array> | <json-string> | <json-numver> | <json-null>

For more information about operators, see Common connectors and operators.

Example: Retrieve scanned file data from computer systems with ID greater than 10:
URL?criteria={ "and": [ ["computer_id", ">", "10"]]}

For columns that use the date and time values, such as Last Seen, you can retrieve data also for a period instead of a specific date. To do so, use last or next as <operator>, and then specify the time value in the following convention: PxD/PxW/PxM/PxY, where x is a number in the 1-999 range, and D, W, M, or Y is a designator that represents days, weeks, months, or years respectively.

Example: Retrieve information from computers that were first reported in BigFix Inventory within last 7 days
URL?criteria={"and":[["valid_from","last","P7D"]]}

Example conversation - default columns

Request
GET api/sam/raw_file_facts
?token=7adc3efb175e2bc0f4484bdd2efca54a8fa04623
Host: localhost:9081 
Accept: application/json 
Accept-Language: en-US
Response body
 {
  "computer_id": 5,
  "path": "C:\BES\BESAirgapTool",
  "name": "BESAirgapTool.exe",
  "size": 92174,
  "version": null,
  "valid_from": "2015-07-31T07:03:21Z"
  "valid_to": "9999-12-31T23:59:59Z"
 }
 {
  "computer_id": 5,
  "path": "C:/Program Files/ibm/SQLLIB/BIN",
  "name":"db2set.exe",
  "size": 81768,
  "version": "10.1",
  "valid_from": "2015-07-31T07:03:21Z",
  "valid_to": "9999-12-31T23:59:59Z"
  }

Example conversation - additional Windows parameters

Request
GET api/sam/raw_file_facts
?columns[]=win_hdr_product_name
&columns[]=win_hdr_copyright
&columns[]=win_hdr_product_version
&columns[]=win_hdr_description
&columns[]=win_hdr_company
&columns[]=win_hdr_trademarks
&criteria=
{"and":[["win_hdr_copyright","!=",""]]}
&token=7adc3efb175e2bc0f4484bdd2efca54a8fa04623
Host: localhost:9081
Accept: application/json
Accept-Language: en-US
Response
{
"win_hdr_product_name":"Microsoft (R) Visual Studio (R) 2010",
"win_hdr_copyright":"Ac Microsoft Corporation. All rights reserved.",
"win_hdr_product_version":"10.0.40219.1",
"win_hdr_description":"WebDev.WebServer40.exe",
"win_hdr_company":"Microsoft Corporation",
"win_hdr_trademarks":""
}