Using the API to upload offline scans to the EDR cloud

NAVIGATION > Admin > Users & Tokens > API Tokens

NAVIGATION > My Profile > API Tokens

SECURITY Datto EDR subscription with administrator or analyst-level platform access

SECURITY Service account or administrator-level rights on the target endpoint

If an endpoint cannot connect to the internet due to a network outage or because of security considerations, you can perform manual offline scans of the host and use the Import-ICSurvey function to upload the results to our analysis engine for review.

This article describes how to use the API to upload one or multiple offline survey files at a time. To learn how to perform an offline scan, refer to Scanning an offline endpoint.

Procedure

Install and configure the EDR PowerShell module

On the endpoint from which you'd like to communicate with the API, launch an administrative instance of PowerShell.

NOTE If you are a non-Windows user, you may be able to use PowerShell Core to complete these steps. Datto is unable to provide support for third-party applications.

Install the PowerShell EDR module by running the following command.
```
PS > Install-Module InfocyteHUNTAPI
```

If you see the message, "You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from 'PSGallery'?" select [A] Yes to All.

Register your Datto EDR instance with the API token. Doing so will store the token and server information in a global variable for use with API commands.

Replace <instanceName> with the first part of your EDR instance's address. As an example, for the URL https://alpo1.infocyte.com, enter alpo1.

Replace <token> with the PowerShell API token ID you generated for the endpoint.

PS > Set-ICToken -Instance <instanceName> -Token <token> -save

You'll see a message stating that your authorization token is being set for the specified URL.

You're now ready to import your offline scans. To learn how to do, proceed to the next section of this article.

Importing surveys

You'll upload scans to your EDR instance by running special PowerShell commands. You can upload a single survey or an entire folder of surveys. The uploaded data may take several minutes to appear in EDR. By default, the information will upload to the offline scans location, but you can change the destination.

Single survey

To import a single survey result, run the following command. Replace <path to survey.json.gz> with the full path to the survey.

PS > Import-ICSurvey -Path <path to survey.json.gz>

EXAMPLE Import-ICSurvey -Path C:\Users\Administrator\Surveys\HostSurvey.json.gz

Multiple surveys

To import multiple surveys, run the following command. Replace <path to survey folder> with the full path to the directory where the surveys are stored on the endpoint.

PS > Get-ChildItem <path to survey folder> -filter *json.gz | Import-ICSurvey

EXAMPLE Get-ChildItem C:\Users\Administrator\Surveys\ -filter *json.gz | Import-ICSurvey

Changing the location.

By default, the Import-ICSurvey command will load the survey results into the OfflineScans location. If you’d like to load the scans into an existing location, include the TargetGroupId value of your preferred group in your import command. Replace <id> with this value.

EXAMPLE Get-ChildItem C:\Users\Administrator\Surveys\ -filter *json.gz | Import-ICSurvey -TargetGroupId <id>

If you don't know the ID of your preferred location, you can obtain it by running the Get-ICTargetGroup command.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.