Trellix Web Gateway

Trellix Web Gateway Reporting API

API for accessing web traffic logs, security events, threat analytics, and generating custom reports from Web Gateway data.

GitHub OpenAPI

Documentation

📖
Documentation
https://docs.trellix.com/bundle/web-gateway-reporting-api
📖
APIReference
https://docs.trellix.com/api/web-gateway/reporting/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/trellix-web-gateway/refs/heads/main/openapi/trellix-web-gateway-reporting-openapi.yml

Other Resources

🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/trellix-web-gateway/refs/heads/main/capabilities/reporting-dashboards.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/trellix-web-gateway/refs/heads/main/capabilities/reporting-reports.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/trellix-web-gateway/refs/heads/main/capabilities/reporting-security-events.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/trellix-web-gateway/refs/heads/main/capabilities/reporting-statistics.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/trellix-web-gateway/refs/heads/main/capabilities/reporting-traffic-logs.yaml

OpenAPI Specification

trellix-web-gateway-reporting-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Trellix Web Gateway Reporting API
  description: >-
    API for accessing web traffic logs, security events, threat analytics,
    and generating custom reports from Trellix Web Gateway (formerly McAfee
    Web Gateway) data. Provides access to historical traffic data, blocked
    requests, malware detections, and URL categorization statistics.
  version: '1.0'
  contact:
    name: Trellix Support
    url: https://www.trellix.com/support/
    email: [email protected]
  termsOfService: https://www.trellix.com/legal/terms-of-use/
externalDocs:
  description: Trellix Web Gateway Reporting API Documentation
  url: https://docs.trellix.com/bundle/web-gateway-reporting-api
servers:
  - url: https://{mwg-server}:{port}/reporter/api
    description: Trellix Web Gateway Reporting Service
    variables:
      mwg-server:
        default: mwg.example.com
        description: Hostname or IP address of the Web Gateway appliance
      port:
        default: '4712'
        description: Management port for the reporting API
tags:
  - name: Dashboards
    description: Dashboard data for visualization
  - name: Reports
    description: Report generation and retrieval
  - name: Security Events
    description: Security event and threat detection data
  - name: Statistics
    description: Aggregated traffic and security statistics
  - name: Traffic Logs
    description: Web traffic log access and search
security:
  - cookieAuth: []
paths:
  /logs/traffic:
    get:
      operationId: getTrafficLogs
      summary: Retrieve web traffic logs
      description: >-
        Query web traffic access logs with optional filtering by time range,
        source IP, destination URL, action, and other criteria.
      tags:
        - Traffic Logs
      parameters:
        - $ref: '#/components/parameters/startTime'
        - $ref: '#/components/parameters/endTime'
        - name: sourceIp
          in: query
          description: Filter by source IP address
          schema:
            type: string
        - name: destinationUrl
          in: query
          description: Filter by destination URL pattern
          schema:
            type: string
        - name: action
          in: query
          description: Filter by action taken
          schema:
            type: string
            enum:
              - allowed
              - blocked
              - redirected
        - name: user
          in: query
          description: Filter by authenticated user name
          schema:
            type: string
        - $ref: '#/components/parameters/limit'
        - $ref: '#/components/parameters/offset'
      responses:
        '200':
          description: Traffic log entries returned
          content:
            application/json:
              schema:
                type: object
                properties:
                  totalCount:
                    type: integer
                    description: Total number of matching entries
                  entries:
                    type: array
                    items:
                      $ref: '#/components/schemas/TrafficLogEntry'
        '401':
          description: Unauthorized
  /logs/traffic/{logId}:
    get:
      operationId: getTrafficLogEntry
      summary: Get a specific traffic log entry
      description: >-
        Retrieve detailed information about a specific traffic log entry.
      tags:
        - Traffic Logs
      parameters:
        - $ref: '#/components/parameters/logId'
      responses:
        '200':
          description: Traffic log entry details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TrafficLogEntry'
        '401':
          description: Unauthorized
        '404':
          description: Log entry not found
  /events/security:
    get:
      operationId: getSecurityEvents
      summary: Retrieve security events
      description: >-
        Query security events including malware detections, policy
        violations, blocked threats, and suspicious activity alerts.
      tags:
        - Security Events
      parameters:
        - $ref: '#/components/parameters/startTime'
        - $ref: '#/components/parameters/endTime'
        - name: severity
          in: query
          description: Filter by event severity
          schema:
            type: string
            enum:
              - low
              - medium
              - high
              - critical
        - name: eventType
          in: query
          description: Filter by event type
          schema:
            type: string
            enum:
              - malware
              - phishing
              - policy_violation
              - data_leak
              - certificate_error
              - authentication_failure
        - name: sourceIp
          in: query
          description: Filter by source IP address
          schema:
            type: string
        - $ref: '#/components/parameters/limit'
        - $ref: '#/components/parameters/offset'
      responses:
        '200':
          description: Security events returned
          content:
            application/json:
              schema:
                type: object
                properties:
                  totalCount:
                    type: integer
                    description: Total number of matching events
                  events:
                    type: array
                    items:
                      $ref: '#/components/schemas/SecurityEvent'
        '401':
          description: Unauthorized
  /events/security/{eventId}:
    get:
      operationId: getSecurityEvent
      summary: Get a specific security event
      description: >-
        Retrieve detailed information about a specific security event,
        including full threat analysis data.
      tags:
        - Security Events
      parameters:
        - $ref: '#/components/parameters/eventId'
      responses:
        '200':
          description: Security event details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SecurityEvent'
        '401':
          description: Unauthorized
        '404':
          description: Event not found
  /reports:
    get:
      operationId: listReports
      summary: List available reports
      description: >-
        Retrieve a list of available report definitions and previously
        generated reports.
      tags:
        - Reports
      responses:
        '200':
          description: List of reports
          content:
            application/json:
              schema:
                type: object
                properties:
                  reports:
                    type: array
                    items:
                      $ref: '#/components/schemas/Report'
        '401':
          description: Unauthorized
    post:
      operationId: generateReport
      summary: Generate a new report
      description: >-
        Generate a new report based on specified parameters, time range,
        and report type.
      tags:
        - Reports
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ReportRequest'
      responses:
        '202':
          description: Report generation started
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Report'
        '400':
          description: Invalid report parameters
        '401':
          description: Unauthorized
  /reports/{reportId}:
    get:
      operationId: getReport
      summary: Get a report
      description: >-
        Retrieve the status and results of a specific report.
      tags:
        - Reports
      parameters:
        - $ref: '#/components/parameters/reportId'
      responses:
        '200':
          description: Report details and results
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Report'
        '401':
          description: Unauthorized
        '404':
          description: Report not found
    delete:
      operationId: deleteReport
      summary: Delete a report
      description: >-
        Delete a previously generated report and its associated data.
      tags:
        - Reports
      parameters:
        - $ref: '#/components/parameters/reportId'
      responses:
        '200':
          description: Report deleted successfully
        '401':
          description: Unauthorized
        '404':
          description: Report not found
  /reports/{reportId}/download:
    get:
      operationId: downloadReport
      summary: Download a report
      description: >-
        Download a generated report in the specified format (PDF, CSV, or XML).
      tags:
        - Reports
      parameters:
        - $ref: '#/components/parameters/reportId'
        - name: format
          in: query
          description: Output format for the report
          schema:
            type: string
            enum:
              - pdf
              - csv
              - xml
            default: pdf
      responses:
        '200':
          description: Report file
          content:
            application/pdf:
              schema:
                type: string
                format: binary
            text/csv:
              schema:
                type: string
            application/xml:
              schema:
                type: string
        '401':
          description: Unauthorized
        '404':
          description: Report not found
  /statistics/traffic:
    get:
      operationId: getTrafficStatistics
      summary: Get traffic statistics
      description: >-
        Retrieve aggregated traffic statistics including request counts,
        bandwidth usage, and top destinations over a specified time period.
      tags:
        - Statistics
      parameters:
        - $ref: '#/components/parameters/startTime'
        - $ref: '#/components/parameters/endTime'
        - name: granularity
          in: query
          description: Time granularity for aggregation
          schema:
            type: string
            enum:
              - hourly
              - daily
              - weekly
              - monthly
            default: daily
      responses:
        '200':
          description: Traffic statistics returned
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TrafficStatistics'
        '401':
          description: Unauthorized
  /statistics/threats:
    get:
      operationId: getThreatStatistics
      summary: Get threat statistics
      description: >-
        Retrieve aggregated threat detection statistics including malware
        detections, blocked URLs, and category violations over a specified
        time period.
      tags:
        - Statistics
      parameters:
        - $ref: '#/components/parameters/startTime'
        - $ref: '#/components/parameters/endTime'
        - name: granularity
          in: query
          description: Time granularity for aggregation
          schema:
            type: string
            enum:
              - hourly
              - daily
              - weekly
              - monthly
            default: daily
      responses:
        '200':
          description: Threat statistics returned
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ThreatStatistics'
        '401':
          description: Unauthorized
  /statistics/top/urls:
    get:
      operationId: getTopUrls
      summary: Get top accessed URLs
      description: >-
        Retrieve the most frequently accessed URLs during the specified
        time period.
      tags:
        - Statistics
      parameters:
        - $ref: '#/components/parameters/startTime'
        - $ref: '#/components/parameters/endTime'
        - $ref: '#/components/parameters/limit'
      responses:
        '200':
          description: Top URLs returned
          content:
            application/json:
              schema:
                type: object
                properties:
                  entries:
                    type: array
                    items:
                      $ref: '#/components/schemas/TopUrlEntry'
        '401':
          description: Unauthorized
  /statistics/top/categories:
    get:
      operationId: getTopCategories
      summary: Get top URL categories
      description: >-
        Retrieve the most accessed URL categories during the specified
        time period.
      tags:
        - Statistics
      parameters:
        - $ref: '#/components/parameters/startTime'
        - $ref: '#/components/parameters/endTime'
        - $ref: '#/components/parameters/limit'
      responses:
        '200':
          description: Top categories returned
          content:
            application/json:
              schema:
                type: object
                properties:
                  entries:
                    type: array
                    items:
                      $ref: '#/components/schemas/TopCategoryEntry'
        '401':
          description: Unauthorized
  /dashboards/overview:
    get:
      operationId: getDashboardOverview
      summary: Get dashboard overview data
      description: >-
        Retrieve aggregated data for the main reporting dashboard, including
        traffic volume, threat counts, and top statistics.
      tags:
        - Dashboards
      parameters:
        - name: period
          in: query
          description: Time period for the dashboard data
          schema:
            type: string
            enum:
              - last_hour
              - last_24h
              - last_7d
              - last_30d
            default: last_24h
      responses:
        '200':
          description: Dashboard overview data
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DashboardOverview'
        '401':
          description: Unauthorized
components:
  securitySchemes:
    cookieAuth:
      type: apiKey
      in: cookie
      name: JSESSIONID
      description: >-
        Session cookie obtained via the Konfigurator REST /login endpoint.
  parameters:
    startTime:
      name: startTime
      in: query
      description: Start time for the query range (ISO 8601)
      schema:
        type: string
        format: date-time
    endTime:
      name: endTime
      in: query
      description: End time for the query range (ISO 8601)
      schema:
        type: string
        format: date-time
    limit:
      name: limit
      in: query
      description: Maximum number of results to return
      schema:
        type: integer
        default: 100
        maximum: 1000
    offset:
      name: offset
      in: query
      description: Number of results to skip for pagination
      schema:
        type: integer
        default: 0
    logId:
      name: logId
      in: path
      required: true
      description: Unique identifier of the log entry
      schema:
        type: string
    eventId:
      name: eventId
      in: path
      required: true
      description: Unique identifier of the security event
      schema:
        type: string
    reportId:
      name: reportId
      in: path
      required: true
      description: Unique identifier of the report
      schema:
        type: string
  schemas:
    TrafficLogEntry:
      type: object
      properties:
        id:
          type: string
          description: Unique log entry identifier
        timestamp:
          type: string
          format: date-time
          description: Time the request was processed
        sourceIp:
          type: string
          description: Client source IP address
        user:
          type: string
          description: Authenticated user name
        method:
          type: string
          description: HTTP method
        url:
          type: string
          description: Requested URL
        statusCode:
          type: integer
          description: HTTP response status code
        action:
          type: string
          enum:
            - allowed
            - blocked
            - redirected
          description: Action taken by the gateway
        category:
          type: string
          description: URL category classification
        bytesIn:
          type: integer
          description: Bytes received from the client
        bytesOut:
          type: integer
          description: Bytes sent to the client
        duration:
          type: integer
          description: Request processing duration in milliseconds
        ruleName:
          type: string
          description: Name of the policy rule that matched
        mediaType:
          type: string
          description: Content media type
        userAgent:
          type: string
          description: Client user agent string
    SecurityEvent:
      type: object
      properties:
        id:
          type: string
          description: Unique event identifier
        timestamp:
          type: string
          format: date-time
          description: Time the event occurred
        severity:
          type: string
          enum:
            - low
            - medium
            - high
            - critical
          description: Event severity level
        eventType:
          type: string
          enum:
            - malware
            - phishing
            - policy_violation
            - data_leak
            - certificate_error
            - authentication_failure
          description: Type of security event
        sourceIp:
          type: string
          description: Source IP address
        user:
          type: string
          description: Associated user name
        url:
          type: string
          description: URL involved in the event
        threatName:
          type: string
          description: Name of the detected threat
        action:
          type: string
          enum:
            - blocked
            - quarantined
            - logged
            - cleaned
          description: Action taken
        ruleName:
          type: string
          description: Policy rule that triggered the event
        details:
          type: string
          description: Additional event details
    Report:
      type: object
      properties:
        id:
          type: string
          description: Unique report identifier
        name:
          type: string
          description: Report name
        type:
          type: string
          enum:
            - traffic_summary
            - security_summary
            - user_activity
            - url_categories
            - threat_analysis
            - bandwidth_usage
            - policy_hits
          description: Report type
        status:
          type: string
          enum:
            - pending
            - generating
            - completed
            - failed
          description: Report generation status
        createdAt:
          type: string
          format: date-time
          description: When the report was requested
        completedAt:
          type: string
          format: date-time
          description: When the report generation completed
        startTime:
          type: string
          format: date-time
          description: Report data start time
        endTime:
          type: string
          format: date-time
          description: Report data end time
    ReportRequest:
      type: object
      required:
        - name
        - type
        - startTime
        - endTime
      properties:
        name:
          type: string
          description: Name for the report
        type:
          type: string
          enum:
            - traffic_summary
            - security_summary
            - user_activity
            - url_categories
            - threat_analysis
            - bandwidth_usage
            - policy_hits
          description: Type of report to generate
        startTime:
          type: string
          format: date-time
          description: Start of the reporting period
        endTime:
          type: string
          format: date-time
          description: End of the reporting period
        filters:
          type: object
          properties:
            sourceIps:
              type: array
              items:
                type: string
              description: Filter by source IP addresses
            users:
              type: array
              items:
                type: string
              description: Filter by user names
            categories:
              type: array
              items:
                type: string
              description: Filter by URL categories
    TrafficStatistics:
      type: object
      properties:
        totalRequests:
          type: integer
          description: Total number of web requests
        allowedRequests:
          type: integer
          description: Number of allowed requests
        blockedRequests:
          type: integer
          description: Number of blocked requests
        totalBytesIn:
          type: integer
          description: Total inbound bytes
        totalBytesOut:
          type: integer
          description: Total outbound bytes
        uniqueUsers:
          type: integer
          description: Number of unique users
        uniqueDestinations:
          type: integer
          description: Number of unique destinations accessed
        timeSeries:
          type: array
          items:
            type: object
            properties:
              timestamp:
                type: string
                format: date-time
              requests:
                type: integer
              bytesIn:
                type: integer
              bytesOut:
                type: integer
    ThreatStatistics:
      type: object
      properties:
        totalThreats:
          type: integer
          description: Total threats detected
        malwareDetections:
          type: integer
          description: Number of malware detections
        phishingDetections:
          type: integer
          description: Number of phishing site detections
        policyViolations:
          type: integer
          description: Number of policy violations
        dataLeakEvents:
          type: integer
          description: Number of data leak prevention events
        timeSeries:
          type: array
          items:
            type: object
            properties:
              timestamp:
                type: string
                format: date-time
              threats:
                type: integer
              malware:
                type: integer
              phishing:
                type: integer
    TopUrlEntry:
      type: object
      properties:
        url:
          type: string
          description: URL
        requestCount:
          type: integer
          description: Number of requests to this URL
        totalBytes:
          type: integer
          description: Total bytes transferred
    TopCategoryEntry:
      type: object
      properties:
        category:
          type: string
          description: URL category name
        requestCount:
          type: integer
          description: Number of requests in this category
        blockedCount:
          type: integer
          description: Number of blocked requests
        percentage:
          type: number
          format: float
          description: Percentage of total traffic
    DashboardOverview:
      type: object
      properties:
        period:
          type: string
          description: Time period for the data
        totalRequests:
          type: integer
          description: Total web requests in the period
        blockedRequests:
          type: integer
          description: Total blocked requests
        threatsDetected:
          type: integer
          description: Total threats detected
        activeUsers:
          type: integer
          description: Number of active users
        topCategories:
          type: array
          items:
            $ref: '#/components/schemas/TopCategoryEntry'
        topThreats:
          type: array
          items:
            type: object
            properties:
              threatName:
                type: string
              detectionCount:
                type: integer
        trafficTrend:
          type: array
          items:
            type: object
            properties:
              timestamp:
                type: string
                format: date-time
              requests:
                type: integer
              blocked:
                type: integer