Showing results for 
Search instead for 
Did you mean: 

RESTful API for ESM 10

I have been trying for the last 3 days to get any API Calls with ESM 10.0.0 (20170214 MR1) as all the Examples I have found online is for 9.6.X or earlier. I did find the hint on the change from basic authentication to post the body, so I can successfully Auth in, and use the Session Cookie and the Xsrf-Token in followup calls but even porting the Python example script (


{"types": ["THIRD_PARTY", "EPO", "NSM"]}

<Response [400]>

Input Validation Error

I can get one of the other sample to call essmgtGetESSTime to successfully respond but every other request it's always Input Validation Error. Has the URL changed or is there any ESM API document available for 10.0.0.

Any help/pointers is greatly appreciated.


0 Kudos
6 Replies
Level 12

Re: RESTful API for ESM 10

Try this URL for the verison 10: https://[IPofYourSIEM]/rs/esm/help/commands

0 Kudos

Re: RESTful API for ESM 10

Dead in the water, any other suggestions as this environment was prepared by Mcafee... I noticed also hitting a lot of help links online also return similar responses (but a Json response instead of a 404 "No Such Command" response. Any help as this is kinda dead in the water.

GET /rs/esm/help/commands HTTP/1.1

Host: 10.X.X.X

Pragma: no-cache

Accept-Encoding: gzip, deflate, sdch, br

Accept-Language: en-GB,en-US;q=0.8,en;q=0.6

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Cache-Control: no-cache

Connection: keep-alive

HTTP/1.1 404 Not Found

Date: Mon, 03 Apr 2017 23:45:41 GMT

Server: Apache

X-Frame-Options: SAMEORIGIN

X-XSS-Protection: 1; mode=block

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=63072000; includeSubdomains; preload

Cache-Control: no-cache, no-store, must-revalidate

Pragma: no-cache

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Content-Type: text/html

Content-Length: 16

Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self';

form-action 'self'; media-src 'self'; font-src 'self'; connect-src 'self'; plugin-types application/pdf application/x-shockwave-flash; reflected-xss

block ; frame-src 'self';frame-ancestors 'self'

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

No such command.

0 Kudos
Level 7

Re: RESTful API for ESM 10

I found the ESM 10.X API documentation available here: https://[your_siem_domain]/rs/esm/help

0 Kudos
McAfee Employee

Re: RESTful API for ESM 10

Hi Adam,

Here is a link to a script I have been working on that might help you. It's not fully functional but there are some examples of what you're trying to do. Let me know if you have questions. Thanks.

     GitHub - andywalden/ESM10-Datasource-Toobox: Script for the McAfee ESM v10.0+ API to create dat...

0 Kudos
Level 7

Re: RESTful API for ESM 10

Dear Andy,

In the config file (config.ini) add the next line:

dsconfigdir =

And, works!

Version: ESM McAfee v10 MR1 20170214

McAfee Employee

Re: RESTful API for ESM 10

Sorry for that! The initial intent of the script was to add data sources so the dsconfigdir would be necessary, but for most of the output examples that's not the case so I'll make it optional. I'll do a write-up on it soon and explain some of the details.