Eleata Phalanx API

Returns platform health, product availability, and tenant metadata including plan and active products.

{
  "status": "operational",
  "tenant": {
    "id": "YOUR_TENANT",
    "name": "Your Company",
    "plan": "guardian"
  },
  "products": {
    "praetor": "healthy",
    "vigil": "healthy",
    "regen": "healthy",
    "forge": "healthy"
  },
  "version": "1.6.0",
  "timestamp": "2026-02-26T12:00:00Z"
}

Returns your current security score (0-100) with letter grade and breakdown by category.

{
  "score": 82,
  "grade": "B+",
  "breakdown": {
    "network": 85,
    "application": 78,
    "compliance": 90,
    "configuration": 75
  },
  "trend": "improving",
  "last_scan": "2026-02-26T10:30:00Z"
}

Trigger a new security scan. Returns immediately with scan ID; poll status via GET.

{
  "scan_id": "scan_20260226_001",
  "status": "queued",
  "message": "Scan queued successfully"
}

List recent security scans with status and summary results.

Get detailed information about a specific scan including progress, duration, and finding counts.

Stop a running scan. Partial results are preserved.

List security findings from completed scans, ordered by severity.

{
  "findings": [
    {
      "id": "f_0042",
      "severity": "high",
      "category": "configuration",
      "title": "TLS 1.0 enabled on port 443",
      "description": "Legacy TLS protocol detected...",
      "remediation": "Disable TLS 1.0 in nginx config",
      "first_seen": "2026-02-20T08:00:00Z",
      "scan_id": "scan_20260226_001"
    }
  ],
  "total": 1
}

Get detailed information about a specific finding, including full description, evidence, and remediation steps.

List generated security reports.

Generate a new security report. Reports are generated asynchronously.

List AI-generated remediation recommendations based on current findings.

Returns a comprehensive overview: entity counts, recent findings, scanner status, Sigma/CIS stats, and threat intelligence summary.

{
  "entities_total": 634,
  "findings_24h": 12,
  "scanners_active": 27,
  "sigma_rules": 5256,
  "cis_checks": {
    "total": 313,
    "windows": 117,
    "aws": 38,
    "azure": 49,
    "gcp": 40,
    "kubernetes": 29,
    "active_directory": 20,
    "microsoft_365": 20
  },
  "threat_iocs": 21000,
  "threat_feeds": 7,
  "recent_findings": [
    {
      "id": 1042,
      "severity": "medium",
      "category": "config",
      "title": "Unencrypted Redis port exposed",
      "found_at": "2026-02-26T11:45:00Z"
    }
  ]
}

Trigger an on-demand Vigil scan. Quick scans run critical checks; full scans run all 27 scanners including Sigma matching, CIS compliance, threat intelligence correlation, and entity discovery.

List Vigil scan history with results and timing.

Retrieve all findings from continuous monitoring. Supports filtering by severity, category, and entity.

Mark a finding as resolved.

Add a finding to the whitelist. Future scans will skip this entity/pattern.

List all whitelisted entities.

Add an entity to the whitelist directly.

Launch an AI-powered threat hunt using natural language queries. Searches across Vigil findings, threat intelligence, and knowledge graph. Returns results via Server-Sent Events (SSE) for real-time streaming.

curl -s -N -X POST https://api.eleata.io/v1/vigil/hunt \
  -H "X-API-Key: el_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"query": "Find exposed services with no TLS"}'

Get AI-generated hunt suggestions based on recent findings and threat landscape.

Get the full attack path graph — nodes (entities) and edges (relationships/vulnerabilities) for force-directed visualization.

{
  "nodes": [
    {
      "id": "nginx",
      "type": "service",
      "risk_score": 35,
      "findings_count": 3
    }
  ],
  "edges": [
    {
      "source": "nginx",
      "target": "api_v3",
      "type": "proxies_to"
    }
  ],
  "total_nodes": 495,
  "total_edges": 1145
}

Get identified attack chains — sequences of findings that together form a potential attack path.

Get attack paths related to a specific entity, including adjacent nodes and risk context.

Vigil service health check with scanner status details.

Returns healing statistics, success rate, experience level, active healers, and recent activity.

{
  "total_rounds": 256,
  "total_heals": 723,
  "success_rate": 0.91,
  "experience_points": 4340,
  "healers": [
    "ServiceHealer",
    "ProductHealer",
    "AgentHealer",
    "SecurityHealer",
    "DbHealer"
  ],
  "escalation_chain": "5 failures triggers human alert",
  "last_round": "2026-02-26T11:50:00Z"
}

Regen service health check with healer status and uptime.

Get detailed experience data: XP per healer, learning history, and improvement trends.

List healing rounds. Each round is a full diagnosis and remediation cycle.

Manually trigger a healing round of specified type.

List individual heal operations with target, remedy applied, healer used, and outcome.

{
  "heals": [
    {
      "id": 723,
      "round_id": 256,
      "healer": "ServiceHealer",
      "target": "quiron-proxy",
      "issue": "High memory usage (92%)",
      "remedy": "adaptive_restart",
      "success": true,
      "healed_at": "2026-02-26T11:50:30Z"
    }
  ],
  "total": 723
}

List pre-heal configuration snapshots. Regen automatically captures service state before every heal, enabling safe rollback.

Get snapshot statistics: total count, storage size, rollback success rate.

Rollback a service to a previous configuration snapshot. Use this to undo a heal that caused unintended side effects.

Create a new code factory task. Tasks enter the governance pipeline and require approval before execution.

curl -s -X POST https://api.eleata.io/v1/forge/tasks \
  -H "X-API-Key: el_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Add rate limiting to API endpoints",
    "description": "Implement per-tenant rate limiting using Redis...",
    "priority": 2,
    "target_files": ["routers/api_gateway.py"]
  }'

{
  "id": 43,
  "title": "Add rate limiting to API endpoints",
  "status": "pending",
  "message": "Task created, awaiting governance approval"
}

List code factory tasks with status and tier assignment.

Get detailed information about a task including execution logs, tier, timing, and code diff.

Get the execution log for a task — step-by-step output from the AI agent.

Approve a pending task for execution. The task will be assigned to a tier and dispatched.

Reject a pending task with an optional reason.

Retry a failed task, optionally escalating to a higher tier.

Factory statistics: total tasks, success rates, average execution time by tier.

{
  "total_tasks": 127,
  "completed": 118,
  "failed": 9,
  "success_rate": 0.929,
  "avg_execution_s": {
    "tier1_ollama": 45,
    "tier2_claude": 180
  },
  "tasks_today": 5
}

Full governance audit trail: who created, approved, rejected, or retried each task.

List all SOAR playbooks.

Create a new playbook with node graph definition.

Get a specific playbook with full node graph.

Update a playbook's nodes, connections, or metadata.

Delete a playbook (archives it; can be restored).

Export playbook as YAML for use with external SOAR platforms.

Clone a playbook to create a new version based on an existing one.

List available node types and their configuration schemas.

Ingest security events from cloud agents (CloudTrail, Azure Activity logs). Events are matched against cloud-specific Sigma rules (214 cloud rules).

Submit CIS compliance check results from agents. Vigil correlates results across accounts.

Submit discovered cloud assets for inventory and drift detection.

Get agent configuration: scan intervals, enabled checks, Sigma rule updates.

List all registered cloud accounts.

Register a new cloud account (AWS, Azure, or GCP).

Get details for a specific cloud account.

Remove a cloud account and its associated data.

Force a sync for a specific cloud account.

Register a new Windows agent with a registration token. Returns the agent key for future authentication.

Agent heartbeat. Send periodically to indicate agent is alive. Includes basic system metrics.

Submit Windows security events. Events are matched against Sigma rules and correlated with threat intelligence.

Submit CIS Windows Benchmark results (117 template-based checks).

Get agent configuration: check intervals, enabled CIS checks, log collection rules.

List all registered agents with status and last heartbeat.

Revoke an agent's key, preventing further communication.

Get findings from a specific agent.

Get recent events submitted by a specific agent.

List alerts with filtering. Aggregates findings from Praetor, Vigil, and Regen.

Alert counts by severity and status.

Get full alert details.

Acknowledge an alert.

Mark alert as resolved.

Bulk acknowledge multiple alerts by ID array.

Get notification preferences (severity thresholds, channels, cooldown).

Update notification preferences.

List configured webhook endpoints.

Register a webhook endpoint to receive real-time alert notifications.

Update a webhook configuration.

Remove a webhook endpoint.

Generate a security report. Reports are created asynchronously and include findings from Praetor, Vigil, and Regen activity.

List all generated reports.

Get the most recent report.

Get a specific report with full content.

Usage summary for the current billing period.

{
  "period_start": "2026-02-01T00:00:00Z",
  "period_end": "2026-02-28T23:59:59Z",
  "api_calls": 4521,
  "scans": 34,
  "heals": 89,
  "forge_tasks": 12,
  "cloud_events": 15230,
  "agent_heartbeats": 8640,
  "plan_limits": {
    "api_calls": 50000,
    "scans": 100,
    "heals": "unlimited",
    "forge_tasks": 50,
    "cloud_accounts": 10,
    "agents": 50
  }
}

Daily usage breakdown for trend analysis.