Start a File Download Operation
Endpoint URL: https://<your server>/rest/fetchfile/start
Endpoint URI: fetchfile/start
Action: POST
Starts an operation to download files from the Element Details screen. You will need to run additional requests to:
Get the batch number for the operation. For details on the request, see Get a Download Batch Number.
Download the file. For details on the request, see Download a File.
Note
Before running this request, ensure that you have logged into the Cybereason platform. For details, see Log in with the API.
Request Headers
You must add an Content-Type:application/json header with the request.
Note
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
Input: JSON
{
"elementGuids":["GUID for the Element"],
"initiatorUserName":"<user name>"
}
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
Request Parameters
URL/URI parameters: none
Request Body Parameters: The request body contains these required parameters:
<element GUIDs>: The unique GUID string(s) used by the Cybereason platform to identify the files. You can get these GUIDs from the results of an investigation query. For details on how to create such a query, see Run a Query.
initiatorUserName: The complete Cybereason user name string for the user performing the request.
Response Status Codes
This request can return the following status codes:
200: Success OK or an error message saying why
Response Success Schema
The response can contain any of the following fields:
Field |
Type |
Description |
---|---|---|
data |
Boolean |
Indicates whether there is a response. |
status |
Enum |
The status of the file download start operation. Possible values include:
|
message |
String |
The message received from the server about this operation. |
Response Failure Schema
A message and an error in the status field with one of the following:
NO_SERVERS_CONFIGURED
QUERY_LIMIT_CROSSED
FAILURE
TIMEOUT_ERROR
Important Response Fields
Important information is found in these fields:
status parameter: This displays where the download operation start was successful.
Example: Start a file download operation
Request
curl --request POST \ --url https://12.34.56.78/rest/fetchfile/start \ --header 'Content-Type:application/json' \ --data '{ "elementGuids":["2111376845.-3637657128836262604"], "initiatorUserName":"[email protected]" }'
Response
{
"data":true,
"status":"SUCCESS",
"message":""
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
Use this request body:
{
"filters": [],
"fileFilters": [
{
"fieldName": "fileName",
"values": [
"ShadowCopy.ps"
],
"operator": "Equals"
}
]
}
Response
{
"data":true,
"status":"SUCCESS",
"message":""
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
endpoint_url = "rest/fetchfile/start"
api_url = base_url + endpoint_url
# These are the variables that represent different fields in the request.
element_id = "2111376845.-3637657128836262604"
search = json.dumps({"elementGuids":[element_id],"initiatorUserName":username})
api_headers = {'Content-Type':'application/json'}
api_response = session.request("POST", api_url, data=query, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"data":true,
"status":"SUCCESS",
"message":""
}