Respond to Malops

By using the API you can retrieve MalOps or isolate machines involved in a specific MalOp. This can prove to be very useful in situations where you are remediating MalOps in your ticketing system and you would like to synchronize that system with your Cybereason platform.

Tasks

All APIs assume a URL prefix of https://<your server>/rest.

Note

Click on any URI path to view more detailed information on a specific API request.

Task	Endpoint	Method	Returns
Retrieve all Malops	detection/inbox	POST	List of all Malops (AI Hunt and EP)
Get details on AI Hunt Malops	crimes/unified	POST	List of information about a specific AI Hunt Malop
Retrieve details on a specific Endpoint Protection Malop	detection/details	POST	List of details on the specified Endpoint protection Malop
Perform all possible response actions on a Malop	detection/remediate-custom-actions	POST	List of response actions and details on remediation
Perform all possible response actions on a Malop	detection/exclude	POST	N/A
Isolate a machine connected with a Malop	monitor/global/commands/isolate	POST	result status
Remove a machine involved with a Malop from isolation	monitor/global/commands/un-isolate	POST	result status
Update a Malop’s status	crimes/status	POST	Malop details
Add a comment to a Malop	crimes/comment/:malopID	POST	Malop details
Get a list of Malop labels	detection/labels	POST	A list of Malop labels
Create a Malop label	detection/add-label	POST	Details on the added label
Delete a Malop label	detection/delete-label	POST	Success or error message
Update Malop labels	detection/update-label	POST	Success or error message
Retrieve Malop notification settings changes	settings/configurations	GET	Details on settings updates
Retrieve Malop notification settings changes	settings/configurations	POST	Success or error message