Showing results for 
Show  only  | Search instead for 
Did you mean: 

RESTful API for ESM 10

I have been trying for the last 3 days to get any API Calls with ESM 10.0.0 (20170214 MR1) as all the Examples I have found online is for 9.6.X or earlier. I did find the hint on the change from basic authentication to post the body, so I can successfully Auth in, and use the Session Cookie and the Xsrf-Token in followup calls but even porting the Python example script (


{"types": ["THIRD_PARTY", "EPO", "NSM"]}

<Response [400]>

Input Validation Error

I can get one of the other sample to call essmgtGetESSTime to successfully respond but every other request it's always Input Validation Error. Has the URL changed or is there any ESM API document available for 10.0.0.

Any help/pointers is greatly appreciated.


10 Replies
Level 12
Report Inappropriate Content
Message 2 of 11

Re: RESTful API for ESM 10

Try this URL for the verison 10: https://[IPofYourSIEM]/rs/esm/help/commands


Re: RESTful API for ESM 10

Dead in the water, any other suggestions as this environment was prepared by Mcafee... I noticed also hitting a lot of help links online also return similar responses (but a Json response instead of a 404 "No Such Command" response. Any help as this is kinda dead in the water.

GET /rs/esm/help/commands HTTP/1.1

Host: 10.X.X.X

Pragma: no-cache

Accept-Encoding: gzip, deflate, sdch, br

Accept-Language: en-GB,en-US;q=0.8,en;q=0.6

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Cache-Control: no-cache

Connection: keep-alive

HTTP/1.1 404 Not Found

Date: Mon, 03 Apr 2017 23:45:41 GMT

Server: Apache

X-Frame-Options: SAMEORIGIN

X-XSS-Protection: 1; mode=block

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=63072000; includeSubdomains; preload

Cache-Control: no-cache, no-store, must-revalidate

Pragma: no-cache

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Content-Type: text/html

Content-Length: 16

Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self';

form-action 'self'; media-src 'self'; font-src 'self'; connect-src 'self'; plugin-types application/pdf application/x-shockwave-flash; reflected-xss

block ; frame-src 'self';frame-ancestors 'self'

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

No such command.


Re: RESTful API for ESM 10

I found the ESM 10.X API documentation available here: https://[your_siem_domain]/rs/esm/help

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 11

Re: RESTful API for ESM 10

Hi Adam,

Here is a link to a script I have been working on that might help you. It's not fully functional but there are some examples of what you're trying to do. Let me know if you have questions. Thanks.

     GitHub - andywalden/ESM10-Datasource-Toobox: Script for the McAfee ESM v10.0+ API to create dat...


Re: RESTful API for ESM 10

Dear Andy,

In the config file (config.ini) add the next line:

dsconfigdir =

And, works!

Version: ESM McAfee v10 MR1 20170214

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 11

Re: RESTful API for ESM 10

Sorry for that! The initial intent of the script was to add data sources so the dsconfigdir would be necessary, but for most of the output examples that's not the case so I'll make it optional. I'll do a write-up on it soon and explain some of the details.


Re: RESTful API for ESM 10

Does this script still exist anywhere?


Re: RESTful API for ESM 10

I'm having a problem with the API as well. I keep getting an [Errno 60] Operation timed out when trying to login through the API but I can visit https://{my siem IP}/rs/esm/v2/help just fine.


Re: RESTful API for ESM 10

Hi there, I wrote a few lines for python 3.6. The only operations I needed were Login/WatchlistUpdating

So those are the only ones I wrote for but the Documentation should help if you want to automate some of that or copy the login function and use the authenticated header in future requests.


Hope this helps

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community