Retrieve a List of Supported Forensics Ingestion Tools

Note

To use the data ingestion tool features, you can add the DFIR package to your instance of the Cybereason platform for an additional cost or request an Express IR environment (partners only). Contact your Customer Success representative to request access to this package or for details on how to submit the request, see How to Request a Cybereason Express IR Environment.

Endpoint URL: https://<your server>/rest/forensics/forensicTools
Endpoint URI: forensics/forensicTools

Action: GET

Retrieves a list of supported forensic data ingestion tools.

This request is supported for versions 21.2.221 and later.

You must have the Responder L2 role assigned for your Cybereason user to run this request.

Note

Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.

Request Headers

You must add a Content-Type:application/json header with the request.

Note

If you are using cURL, add the authorization cookie details or the path to the file containing the cookie details as part of every request.


Request Body

None


Request Parameters

URL/URI parameters: none

Request Body Parameters: none


Response Status Codes

This request can return the following status codes:

  • 200: Request OK

  • 403: Lack of permissions to perform the request

  • 503: The forensics service is disabled


Response Success Schema

The response contains the following fields:

Field

Type

Parameter

name

String

The name of the forensics data package.

description

String

A description of the forensic data package.

version

Integer

The version of the forensic data package.

type

Enum

The type of package. Possible values include:

  • UNKNOWN

  • CYBEREASON


Response Failure Schema

An error code with a description of the error.


Important Response Fields

Important information is found in these fields:

  • name: The name of the package


Example: Retrieve a list of suppported forensic data ingestion tools

Request

curl --request GET \
  --url https://12.34.56.78/rest/forensics/forensicTools \
  --header 'Content-Type:application/json' \

Response

[
    {
        "name": "CustomPrefetchOfflineCollector",
        "description": "Collects Windows prefetch files from the endpoint",
        "version": "1.0",
        "type": "PREFETCH",
        "supportedOsTypes": [
            "WINDOWS_TYPES"
        ]
    }
]