Start a File Download Operation

Endpoint URL: https://<your server>/rest/fetchfile/start
Endpoint URI: fetchfile/start

Action: POST

Starts an operation to download files from the Element Details screen. You will need to run additional requests to:

  1. Get the batch number for the operation. For details on the request, see Get a Download Batch Number.

  2. Download the file. For details on the request, see Download a File.

Note

Before running this request, ensure that you have logged into the Cybereason platform. For details, see Log in with the API.

Request Headers

You must add an Content-Type:application/json header with the request.

Note

If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.


Request Body

Input: JSON

{
	"elementGuids":["GUID for the Element"],
	"initiatorUserName":"<user name>"
}

Download JSON syntax file

Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.


Request Parameters

URL/URI parameters: none

Request Body Parameters: The request body contains these required parameters:

  • <element GUIDs>: The unique GUID string(s) used by the Cybereason platform to identify the files. You can get these GUIDs from the results of an investigation query. For details on how to create such a query, see Run a Query.

  • initiatorUserName: The complete Cybereason user name string for the user performing the request.


Response Status Codes

This request can return the following status codes:

  • 200: Success OK or an error message saying why


Response Success Schema

The response can contain any of the following fields:

Field

Type

Description

data

Boolean

Indicates whether there is a response.

status

Enum

The status of the file download start operation. Possible values include:

  • PARTIAL_SUCCESS

  • NO_SERVERS_CONFIGURED

  • QUERY_LIMIT_CROSSED

  • FAILURE

  • TIMEOUT_ERROR

message

String

The message received from the server about this operation.


Response Failure Schema

A message and an error in the status field with one of the following:

  • NO_SERVERS_CONFIGURED

  • QUERY_LIMIT_CROSSED

  • FAILURE

  • TIMEOUT_ERROR


Important Response Fields

Important information is found in these fields:

  • status parameter: This displays where the download operation start was successful.


Example: Start a file download operation

Request

curl --request POST \
    --url https://12.34.56.78/rest/fetchfile/start \
    --header 'Content-Type:application/json' \
    --data '{
              "elementGuids":["2111376845.-3637657128836262604"],
              "initiatorUserName":"[email protected]"
            }'

Response

{
  "data":true,
  "status":"SUCCESS",
  "message":""
}