Update MalOp Status
Endpoint URL: https://<your server/rest/crimes/status
Endpoint URI: crimes/status
Action: POST
Updates a MalOps’s status.
This request is supported for updating the MalOp status if your Cybereason platform does not use the Cybereason platform’s newer data infrastructure. If you use the newer data infrastructure and the Malops manageement screen for your Malop management, you cannot currently use the API to update a Malop’s status.
Note
Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.
Request Headers
You must add an Content-Type:application/json header with the request.
Note
If you are using CURL, specify the authorization credentials or location of the cookie file with every request.
Request Body
Input: JSON
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
{
"<malopID>": "<malop status>"
}
Request Parameters
URL/URI parameters: none
Request Body Parameters: You must provide the following REQUIRED parameters:
MalopID: The unique GUID for the MalOp. This number is found in the Malop Inbox when the MalOp details view is opened or using the API GET request to return all MalOp details. For details on the API request, see Retrieve All MalOps.
malop status: A string value. The status to apply to the MalOp. Possible values include: TODO, CLOSED, UNREAD, FP, or OPEN.
Response Success Schema
The response contains full details on the selected MalOp, including all the details about Suspicions, Evidence, and so forth. For details on all the fields, see Get Details on a Specific AI Hunt Malop.
To see the result of the status update, view the following fields at the end of the response:
managementStatus: The status of the MalOp.
status: The current status of the MalOp status update.
Response Failure Schema
If the request fails, the status field will report one of the following messages:
FAILURE
PARTIAL_SUCCESS
NO_SERVERS_CONFIGURED
QUERY_LIMIT_CROSSED
TIMEOUT_ERROR
Important Response Fields
Important information is found in these fields:
managementStatus: The status of the MalOp. Ensure that this value matches the value sent in the request.
status: The status of the update. To ensure that the status update succeeded, make sure this value is SUCCESS.
Example: Update a MalOp’s status
Request
curl --request POST \
--url https://12.34.56.78/rest/crimes/status \
--header 'Content-Type:application/json' \
--data '{
"11.3053227225402057795": "TODO"
}'
Response
{
"data": {
"11.8504680670420182250": {
"simpleValues": {
"remediationType": {
"totalValues": 1,
"values": [
"MALICIOUS_BEHAVIOR"
]
},
"hasSuspicions": {
"totalValues": 1,
"values": [
"false"
]
},
"rootCauseElementCompanyProduct": {
"totalValues": 1,
"values": [
"CentOS : "
]
},
"decisionFeature": {
"totalValues": 1,
"values": [
"Process.maliciousSignatureVerificationFailure(Malop decision)"
]
},
"detectionType": {
"totalValues": 1,
"values": [
"MALICIOUS_PROCESS"
]
},
"malopActivityTypes": {
"totalValues": 1,
"values": [
"MALICIOUS_INFECTION"
]
},
"elementDisplayName": {
"totalValues": 1,
"values": [
"MALICIOUS_INFECTION"
]
},
"creationTime": {
"totalValues": 1,
"values": [
"1512230036955"
]
},
"isBlocked": {
"totalValues": 1,
"values": [
"false"
]
},
"primaryMalopType": {
"totalValues": 1,
"values": [
"MALICIOUS_INFECTION"
]
},
"hasRansomwareSuspendedProcesses": {
"totalValues": 1,
"values": [
"false"
]
},
"rootCauseElementTypes": {
"totalValues": 1,
"values": [
"File"
]
},
"malopStartTime": {
"totalValues": 1,
"values": [
"1509990787000"
]
},
"rootCauseElementNames": {
"totalValues": 1,
"values": [
"chkconfig"
]
},
"malopDetectionTypes": {
"totalValues": 1,
"values": null
},
"malopLastUpdateTime": {
"totalValues": 1,
"values": [
"1512230036970"
]
},
"allRansomwareProcessesSuspended": {
"totalValues": 1,
"values": [
"false"
]
},
"rootCauseElementHashes": {
"totalValues": 1,
"values": [
"0484b5e61527beafb19eea5755971051f888fbf3"
]
},
"managementStatus": {
"totalValues": 1,
"values": [
"TODO"
]
},
"closeTime": {
"totalValues": 1,
"values": [
null
]
},
"closerName": {
"totalValues": 1,
"values": [
null
]
},
"customClassification": {
"totalValues": 1,
"values": [
"None"
]
},
"comments": {
"totalValues": 1,
"values": [
{
"commentId": "be859ed4-acc9-45d0-bdf5-27d690b56836",
"username": "[email protected]",
"message": "Check this.",
"timestamp": 1512305378137
}
]
}
},
"elementValues": {
"suspectsHostProcesses": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"affectedMachines": {
"totalValues": 1,
"elementValues": [
{
"elementType": "Machine",
"guid": "2008666417.1198775089551518743",
"name": "guyQA-Centos6",
"hasSuspicions": false,
"hasMalops": false
}
],
"totalSuspicious": 0,
"totalMalicious": 0
},
"suspectsWithNoTid": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"primaryRootCauseElements": {
"totalValues": 1,
"elementValues": [
{
"elementType": "File",
"guid": "2008666417.-5234933168794814552",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": false
}
],
"totalSuspicious": 1,
"totalMalicious": 0
},
"suspectsInjectingProcesses": {
"totalValues": 0,
"elementValues": null,
"totalSuspicious": 0,
"totalMalicious": 0
},
"registryKeysToRemediate": {
"totalValues": 0,
"elementValues": null,
"totalSuspicious": 0,
"totalMalicious": 0
},
"suspects": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"suspectsProcesses": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"affectedUsers": {
"totalValues": 1,
"elementValues": [
{
"elementType": "User",
"guid": "0.8755380527291090081",
"name": "user-centos6\\root",
"hasSuspicions": false,
"hasMalops": false
}
],
"totalSuspicious": 0,
"totalMalicious": 0
},
"self": {
"totalValues": 1,
"elementValues": [
{
"elementType": "MalopProcess",
"guid": "11.8504680670420182250",
"name": "MALICIOUS_INFECTION",
"hasSuspicions": false,
"hasMalops": false
}
],
"totalSuspicious": 0,
"totalMalicious": 0
},
"rootCauseElements": {
"totalValues": 1,
"elementValues": [
{
"elementType": "File",
"guid": "2008666417.-5234933168794814552",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": false
}
],
"totalSuspicious": 1,
"totalMalicious": 0
},
"suspectsFeatureCollection": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"filesToRemediate": {
"totalValues": 0,
"elementValues": null,
"totalSuspicious": 0,
"totalMalicious": 0
},
"processesToRemediate": {
"totalValues": 0,
"elementValues": null,
"totalSuspicious": 0,
"totalMalicious": 0
}
},
"suspicions": null,
"filterData": {
"sortInGroupValue": "11.8504680670420182250",
"groupByValue": "MalopProcessRuntime:11.8504680670420182250 "
},
"isMalicious": false,
"suspicionCount": 0,
"guidString": "11.8504680670420182250",
"labelsIds": [
86
],
"malopPriority": "MEDIUM"
}
},
"status": "SUCCESS",
"message": ""
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
Use this request body:
{
"11.3053227225402057795": "TODO"
}
Response
{
"data": {
"11.8504680670420182250": {
"simpleValues": {
"remediationType": {
"totalValues": 1,
"values": [
"MALICIOUS_BEHAVIOR"
]
},
"hasSuspicions": {
"totalValues": 1,
"values": [
"false"
]
},
"rootCauseElementCompanyProduct": {
"totalValues": 1,
"values": [
"CentOS : "
]
},
"decisionFeature": {
"totalValues": 1,
"values": [
"Process.maliciousSignatureVerificationFailure(Malop decision)"
]
},
"detectionType": {
"totalValues": 1,
"values": [
"MALICIOUS_PROCESS"
]
},
"malopActivityTypes": {
"totalValues": 1,
"values": [
"MALICIOUS_INFECTION"
]
},
"elementDisplayName": {
"totalValues": 1,
"values": [
"MALICIOUS_INFECTION"
]
},
"creationTime": {
"totalValues": 1,
"values": [
"1512230036955"
]
},
"isBlocked": {
"totalValues": 1,
"values": [
"false"
]
},
"primaryMalopType": {
"totalValues": 1,
"values": [
"MALICIOUS_INFECTION"
]
},
"hasRansomwareSuspendedProcesses": {
"totalValues": 1,
"values": [
"false"
]
},
"rootCauseElementTypes": {
"totalValues": 1,
"values": [
"File"
]
},
"malopStartTime": {
"totalValues": 1,
"values": [
"1509990787000"
]
},
"rootCauseElementNames": {
"totalValues": 1,
"values": [
"chkconfig"
]
},
"malopDetectionTypes": {
"totalValues": 1,
"values": null
},
"malopLastUpdateTime": {
"totalValues": 1,
"values": [
"1512230036970"
]
},
"allRansomwareProcessesSuspended": {
"totalValues": 1,
"values": [
"false"
]
},
"rootCauseElementHashes": {
"totalValues": 1,
"values": [
"0484b5e61527beafb19eea5755971051f888fbf3"
]
},
"managementStatus": {
"totalValues": 1,
"values": [
"TODO"
]
},
"closeTime": {
"totalValues": 1,
"values": [
null
]
},
"closerName": {
"totalValues": 1,
"values": [
null
]
},
"customClassification": {
"totalValues": 1,
"values": [
"None"
]
},
"comments": {
"totalValues": 1,
"values": [
{
"commentId": "be859ed4-acc9-45d0-bdf5-27d690b56836",
"username": "[email protected]",
"message": "Check this.",
"timestamp": 1512305378137
}
]
}
},
"elementValues": {
"suspectsHostProcesses": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"affectedMachines": {
"totalValues": 1,
"elementValues": [
{
"elementType": "Machine",
"guid": "2008666417.1198775089551518743",
"name": "guyQA-Centos6",
"hasSuspicions": false,
"hasMalops": false
}
],
"totalSuspicious": 0,
"totalMalicious": 0
},
"suspectsWithNoTid": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"primaryRootCauseElements": {
"totalValues": 1,
"elementValues": [
{
"elementType": "File",
"guid": "2008666417.-5234933168794814552",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": false
}
],
"totalSuspicious": 1,
"totalMalicious": 0
},
"suspectsInjectingProcesses": {
"totalValues": 0,
"elementValues": null,
"totalSuspicious": 0,
"totalMalicious": 0
},
"registryKeysToRemediate": {
"totalValues": 0,
"elementValues": null,
"totalSuspicious": 0,
"totalMalicious": 0
},
"suspects": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"suspectsProcesses": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"affectedUsers": {
"totalValues": 1,
"elementValues": [
{
"elementType": "User",
"guid": "0.8755380527291090081",
"name": "user-centos6\\root",
"hasSuspicions": false,
"hasMalops": false
}
],
"totalSuspicious": 0,
"totalMalicious": 0
},
"self": {
"totalValues": 1,
"elementValues": [
{
"elementType": "MalopProcess",
"guid": "11.8504680670420182250",
"name": "MALICIOUS_INFECTION",
"hasSuspicions": false,
"hasMalops": false
}
],
"totalSuspicious": 0,
"totalMalicious": 0
},
"rootCauseElements": {
"totalValues": 1,
"elementValues": [
{
"elementType": "File",
"guid": "2008666417.-5234933168794814552",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": false
}
],
"totalSuspicious": 1,
"totalMalicious": 0
},
"suspectsFeatureCollection": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"filesToRemediate": {
"totalValues": 0,
"elementValues": null,
"totalSuspicious": 0,
"totalMalicious": 0
},
"processesToRemediate": {
"totalValues": 0,
"elementValues": null,
"totalSuspicious": 0,
"totalMalicious": 0
}
},
"suspicions": null,
"filterData": {
"sortInGroupValue": "11.8504680670420182250",
"groupByValue": "MalopProcessRuntime:11.8504680670420182250 "
},
"isMalicious": false,
"suspicionCount": 0,
"guidString": "11.8504680670420182250",
"labelsIds": [
86
],
"malopPriority": "MEDIUM"
}
},
"status": "SUCCESS",
"message": ""
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests import json # Login information username = "[email protected]" password = "mypassword" server = "yourserver.com" port = "443" data = { "username": username, "password": password } headers = {"Content-Type": "application/json"} base_url = "https://" + server + ":" + port login_url = base_url + "/login.html" session = requests.session() login_response = session.post(login_url, data=data, verify=True) print (login_response.status_code) print (session.cookies.items()) # Request URL endpoint_url = "/rest/crimes/status" api_url = base_url + endpoint_url # These are the variables that represent different fields in the request. malop_id = "11.3053227225402057795" status = "TODO" query = json.dumps({malop_id:status}) api_headers = {'Content-Type':'application/json'} api_response = session.request("POST", api_url, data=query, headers=api_headers) your_response = json.loads(api_response.content) print(json.dumps(your_response, indent=4, sort_keys=True))Response
{ "data": { "11.8504680670420182250": { "simpleValues": { "remediationType": { "totalValues": 1, "values": [ "MALICIOUS_BEHAVIOR" ] }, "hasSuspicions": { "totalValues": 1, "values": [ "false" ] }, "rootCauseElementCompanyProduct": { "totalValues": 1, "values": [ "CentOS : " ] }, "decisionFeature": { "totalValues": 1, "values": [ "Process.maliciousSignatureVerificationFailure(Malop decision)" ] }, "detectionType": { "totalValues": 1, "values": [ "MALICIOUS_PROCESS" ] }, "malopActivityTypes": { "totalValues": 1, "values": [ "MALICIOUS_INFECTION" ] }, "elementDisplayName": { "totalValues": 1, "values": [ "MALICIOUS_INFECTION" ] }, "creationTime": { "totalValues": 1, "values": [ "1512230036955" ] }, "isBlocked": { "totalValues": 1, "values": [ "false" ] }, "primaryMalopType": { "totalValues": 1, "values": [ "MALICIOUS_INFECTION" ] }, "hasRansomwareSuspendedProcesses": { "totalValues": 1, "values": [ "false" ] }, "rootCauseElementTypes": { "totalValues": 1, "values": [ "File" ] }, "malopStartTime": { "totalValues": 1, "values": [ "1509990787000" ] }, "rootCauseElementNames": { "totalValues": 1, "values": [ "chkconfig" ] }, "malopDetectionTypes": { "totalValues": 1, "values": null }, "malopLastUpdateTime": { "totalValues": 1, "values": [ "1512230036970" ] }, "allRansomwareProcessesSuspended": { "totalValues": 1, "values": [ "false" ] }, "rootCauseElementHashes": { "totalValues": 1, "values": [ "0484b5e61527beafb19eea5755971051f888fbf3" ] }, "managementStatus": { "totalValues": 1, "values": [ "TODO" ] }, "closeTime": { "totalValues": 1, "values": [ null ] }, "closerName": { "totalValues": 1, "values": [ null ] }, "customClassification": { "totalValues": 1, "values": [ "None" ] }, "comments": { "totalValues": 1, "values": [ { "commentId": "be859ed4-acc9-45d0-bdf5-27d690b56836", "username": "[email protected]", "message": "Check this.", "timestamp": 1512305378137 } ] } }, "elementValues": { "suspectsHostProcesses": { "totalValues": 4, "elementValues": [ { "elementType": "Process", "guid": "2008666417.-1578431512819985076", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.7402900454903167931", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-5764934515600209564", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-3473093736160051312", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true } ], "totalSuspicious": 4, "totalMalicious": 4 }, "affectedMachines": { "totalValues": 1, "elementValues": [ { "elementType": "Machine", "guid": "2008666417.1198775089551518743", "name": "guyQA-Centos6", "hasSuspicions": false, "hasMalops": false } ], "totalSuspicious": 0, "totalMalicious": 0 }, "suspectsWithNoTid": { "totalValues": 4, "elementValues": [ { "elementType": "Process", "guid": "2008666417.-1578431512819985076", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.7402900454903167931", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-5764934515600209564", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-3473093736160051312", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true } ], "totalSuspicious": 4, "totalMalicious": 4 }, "primaryRootCauseElements": { "totalValues": 1, "elementValues": [ { "elementType": "File", "guid": "2008666417.-5234933168794814552", "name": "chkconfig", "hasSuspicions": true, "hasMalops": false } ], "totalSuspicious": 1, "totalMalicious": 0 }, "suspectsInjectingProcesses": { "totalValues": 0, "elementValues": null, "totalSuspicious": 0, "totalMalicious": 0 }, "registryKeysToRemediate": { "totalValues": 0, "elementValues": null, "totalSuspicious": 0, "totalMalicious": 0 }, "suspects": { "totalValues": 4, "elementValues": [ { "elementType": "Process", "guid": "2008666417.-1578431512819985076", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.7402900454903167931", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-5764934515600209564", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-3473093736160051312", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true } ], "totalSuspicious": 4, "totalMalicious": 4 }, "suspectsProcesses": { "totalValues": 4, "elementValues": [ { "elementType": "Process", "guid": "2008666417.-1578431512819985076", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.7402900454903167931", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-5764934515600209564", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-3473093736160051312", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true } ], "totalSuspicious": 4, "totalMalicious": 4 }, "affectedUsers": { "totalValues": 1, "elementValues": [ { "elementType": "User", "guid": "0.8755380527291090081", "name": "user-centos6\\root", "hasSuspicions": false, "hasMalops": false } ], "totalSuspicious": 0, "totalMalicious": 0 }, "self": { "totalValues": 1, "elementValues": [ { "elementType": "MalopProcess", "guid": "11.8504680670420182250", "name": "MALICIOUS_INFECTION", "hasSuspicions": false, "hasMalops": false } ], "totalSuspicious": 0, "totalMalicious": 0 }, "rootCauseElements": { "totalValues": 1, "elementValues": [ { "elementType": "File", "guid": "2008666417.-5234933168794814552", "name": "chkconfig", "hasSuspicions": true, "hasMalops": false } ], "totalSuspicious": 1, "totalMalicious": 0 }, "suspectsFeatureCollection": { "totalValues": 4, "elementValues": [ { "elementType": "Process", "guid": "2008666417.-1578431512819985076", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.7402900454903167931", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-5764934515600209564", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-3473093736160051312", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true } ], "totalSuspicious": 4, "totalMalicious": 4 }, "filesToRemediate": { "totalValues": 0, "elementValues": null, "totalSuspicious": 0, "totalMalicious": 0 }, "processesToRemediate": { "totalValues": 0, "elementValues": null, "totalSuspicious": 0, "totalMalicious": 0 } }, "suspicions": null, "filterData": { "sortInGroupValue": "11.8504680670420182250", "groupByValue": "MalopProcessRuntime:11.8504680670420182250 " }, "isMalicious": false, "suspicionCount": 0, "guidString": "11.8504680670420182250", "labelsIds": [ 86 ], "malopPriority": "MEDIUM" } }, "status": "SUCCESS", "message": "" }
Example: Failure to update a MalOp’s status due to a server timeout
Request
curl --request GET \
--url https://12.34.56.78/rest/crimes/status \
--header 'Content-Type:application/json' \
--data '{
"11.3053227225402057795": "TODO"
}'
**Response**
{
"data": {
"11.8504680670420182250": {
"simpleValues": {
"remediationType": {
"totalValues": 1,
"values": [
"MALICIOUS_BEHAVIOR"
]
},
"hasSuspicions": {
"totalValues": 1,
"values": [
"false"
]
},
"rootCauseElementCompanyProduct": {
"totalValues": 1,
"values": [
"CentOS : "
]
},
"decisionFeature": {
"totalValues": 1,
"values": [
"Process.maliciousSignatureVerificationFailure(Malop decision)"
]
},
"detectionType": {
"totalValues": 1,
"values": [
"MALICIOUS_PROCESS"
]
},
"malopActivityTypes": {
"totalValues": 1,
"values": [
"MALICIOUS_INFECTION"
]
},
"elementDisplayName": {
"totalValues": 1,
"values": [
"MALICIOUS_INFECTION"
]
},
"creationTime": {
"totalValues": 1,
"values": [
"1512230036955"
]
},
"isBlocked": {
"totalValues": 1,
"values": [
"false"
]
},
"primaryMalopType": {
"totalValues": 1,
"values": [
"MALICIOUS_INFECTION"
]
},
"hasRansomwareSuspendedProcesses": {
"totalValues": 1,
"values": [
"false"
]
},
"rootCauseElementTypes": {
"totalValues": 1,
"values": [
"File"
]
},
"malopStartTime": {
"totalValues": 1,
"values": [
"1509990787000"
]
},
"rootCauseElementNames": {
"totalValues": 1,
"values": [
"chkconfig"
]
},
"malopDetectionTypes": {
"totalValues": 1,
"values": null
},
"malopLastUpdateTime": {
"totalValues": 1,
"values": [
"1512230036970"
]
},
"allRansomwareProcessesSuspended": {
"totalValues": 1,
"values": [
"false"
]
},
"rootCauseElementHashes": {
"totalValues": 1,
"values": [
"0484b5e61527beafb19eea5755971051f888fbf3"
]
},
"managementStatus": {
"totalValues": 1,
"values": [
"TODO"
]
},
"closeTime": {
"totalValues": 1,
"values": [
null
]
},
"closerName": {
"totalValues": 1,
"values": [
null
]
},
"customClassification": {
"totalValues": 1,
"values": [
"None"
]
},
"comments": {
"totalValues": 1,
"values": [
{
"commentId": "be859ed4-acc9-45d0-bdf5-27d690b56836",
"username": "[email protected]",
"message": "Check this.",
"timestamp": 1512305378137
}
]
}
},
"elementValues": {
"suspectsHostProcesses": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"affectedMachines": {
"totalValues": 1,
"elementValues": [
{
"elementType": "Machine",
"guid": "2008666417.1198775089551518743",
"name": "guyQA-Centos6",
"hasSuspicions": false,
"hasMalops": false
}
],
"totalSuspicious": 0,
"totalMalicious": 0
},
"suspectsWithNoTid": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"primaryRootCauseElements": {
"totalValues": 1,
"elementValues": [
{
"elementType": "File",
"guid": "2008666417.-5234933168794814552",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": false
}
],
"totalSuspicious": 1,
"totalMalicious": 0
},
"suspectsInjectingProcesses": {
"totalValues": 0,
"elementValues": null,
"totalSuspicious": 0,
"totalMalicious": 0
},
"registryKeysToRemediate": {
"totalValues": 0,
"elementValues": null,
"totalSuspicious": 0,
"totalMalicious": 0
},
"suspects": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"suspectsProcesses": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"affectedUsers": {
"totalValues": 1,
"elementValues": [
{
"elementType": "User",
"guid": "0.8755380527291090081",
"name": "user-centos6\\root",
"hasSuspicions": false,
"hasMalops": false
}
],
"totalSuspicious": 0,
"totalMalicious": 0
},
"self": {
"totalValues": 1,
"elementValues": [
{
"elementType": "MalopProcess",
"guid": "11.8504680670420182250",
"name": "MALICIOUS_INFECTION",
"hasSuspicions": false,
"hasMalops": false
}
],
"totalSuspicious": 0,
"totalMalicious": 0
},
"rootCauseElements": {
"totalValues": 1,
"elementValues": [
{
"elementType": "File",
"guid": "2008666417.-5234933168794814552",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": false
}
],
"totalSuspicious": 1,
"totalMalicious": 0
},
"suspectsFeatureCollection": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"filesToRemediate": {
"totalValues": 0,
"elementValues": null,
"totalSuspicious": 0,
"totalMalicious": 0
},
"processesToRemediate": {
"totalValues": 0,
"elementValues": null,
"totalSuspicious": 0,
"totalMalicious": 0
}
},
"suspicions": null,
"filterData": {
"sortInGroupValue": "11.8504680670420182250",
"groupByValue": "MalopProcessRuntime:11.8504680670420182250 "
},
"isMalicious": false,
"suspicionCount": 0,
"guidString": "11.8504680670420182250",
"labelsIds": [
86
],
"malopPriority": "MEDIUM"
}
},
"status": "TIMEOUT_ERROR",
"message": ""
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
Use this request body:
{
"11.3053227225402057795": "TODO"
}
Response
{
"data": {
"11.8504680670420182250": {
"simpleValues": {
"remediationType": {
"totalValues": 1,
"values": [
"MALICIOUS_BEHAVIOR"
]
},
"hasSuspicions": {
"totalValues": 1,
"values": [
"false"
]
},
"rootCauseElementCompanyProduct": {
"totalValues": 1,
"values": [
"CentOS : "
]
},
"decisionFeature": {
"totalValues": 1,
"values": [
"Process.maliciousSignatureVerificationFailure(Malop decision)"
]
},
"detectionType": {
"totalValues": 1,
"values": [
"MALICIOUS_PROCESS"
]
},
"malopActivityTypes": {
"totalValues": 1,
"values": [
"MALICIOUS_INFECTION"
]
},
"elementDisplayName": {
"totalValues": 1,
"values": [
"MALICIOUS_INFECTION"
]
},
"creationTime": {
"totalValues": 1,
"values": [
"1512230036955"
]
},
"isBlocked": {
"totalValues": 1,
"values": [
"false"
]
},
"primaryMalopType": {
"totalValues": 1,
"values": [
"MALICIOUS_INFECTION"
]
},
"hasRansomwareSuspendedProcesses": {
"totalValues": 1,
"values": [
"false"
]
},
"rootCauseElementTypes": {
"totalValues": 1,
"values": [
"File"
]
},
"malopStartTime": {
"totalValues": 1,
"values": [
"1509990787000"
]
},
"rootCauseElementNames": {
"totalValues": 1,
"values": [
"chkconfig"
]
},
"malopDetectionTypes": {
"totalValues": 1,
"values": null
},
"malopLastUpdateTime": {
"totalValues": 1,
"values": [
"1512230036970"
]
},
"allRansomwareProcessesSuspended": {
"totalValues": 1,
"values": [
"false"
]
},
"rootCauseElementHashes": {
"totalValues": 1,
"values": [
"0484b5e61527beafb19eea5755971051f888fbf3"
]
},
"managementStatus": {
"totalValues": 1,
"values": [
"TODO"
]
},
"closeTime": {
"totalValues": 1,
"values": [
null
]
},
"closerName": {
"totalValues": 1,
"values": [
null
]
},
"customClassification": {
"totalValues": 1,
"values": [
"None"
]
},
"comments": {
"totalValues": 1,
"values": [
{
"commentId": "be859ed4-acc9-45d0-bdf5-27d690b56836",
"username": "[email protected]",
"message": "Check this.",
"timestamp": 1512305378137
}
]
}
},
"elementValues": {
"suspectsHostProcesses": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"affectedMachines": {
"totalValues": 1,
"elementValues": [
{
"elementType": "Machine",
"guid": "2008666417.1198775089551518743",
"name": "guyQA-Centos6",
"hasSuspicions": false,
"hasMalops": false
}
],
"totalSuspicious": 0,
"totalMalicious": 0
},
"suspectsWithNoTid": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"primaryRootCauseElements": {
"totalValues": 1,
"elementValues": [
{
"elementType": "File",
"guid": "2008666417.-5234933168794814552",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": false
}
],
"totalSuspicious": 1,
"totalMalicious": 0
},
"suspectsInjectingProcesses": {
"totalValues": 0,
"elementValues": null,
"totalSuspicious": 0,
"totalMalicious": 0
},
"registryKeysToRemediate": {
"totalValues": 0,
"elementValues": null,
"totalSuspicious": 0,
"totalMalicious": 0
},
"suspects": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"suspectsProcesses": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"affectedUsers": {
"totalValues": 1,
"elementValues": [
{
"elementType": "User",
"guid": "0.8755380527291090081",
"name": "user-centos6\\root",
"hasSuspicions": false,
"hasMalops": false
}
],
"totalSuspicious": 0,
"totalMalicious": 0
},
"self": {
"totalValues": 1,
"elementValues": [
{
"elementType": "MalopProcess",
"guid": "11.8504680670420182250",
"name": "MALICIOUS_INFECTION",
"hasSuspicions": false,
"hasMalops": false
}
],
"totalSuspicious": 0,
"totalMalicious": 0
},
"rootCauseElements": {
"totalValues": 1,
"elementValues": [
{
"elementType": "File",
"guid": "2008666417.-5234933168794814552",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": false
}
],
"totalSuspicious": 1,
"totalMalicious": 0
},
"suspectsFeatureCollection": {
"totalValues": 4,
"elementValues": [
{
"elementType": "Process",
"guid": "2008666417.-1578431512819985076",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.7402900454903167931",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-5764934515600209564",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
},
{
"elementType": "Process",
"guid": "2008666417.-3473093736160051312",
"name": "chkconfig",
"hasSuspicions": true,
"hasMalops": true
}
],
"totalSuspicious": 4,
"totalMalicious": 4
},
"filesToRemediate": {
"totalValues": 0,
"elementValues": null,
"totalSuspicious": 0,
"totalMalicious": 0
},
"processesToRemediate": {
"totalValues": 0,
"elementValues": null,
"totalSuspicious": 0,
"totalMalicious": 0
}
},
"suspicions": null,
"filterData": {
"sortInGroupValue": "11.8504680670420182250",
"groupByValue": "MalopProcessRuntime:11.8504680670420182250 "
},
"isMalicious": false,
"suspicionCount": 0,
"guidString": "11.8504680670420182250",
"labelsIds": [
86
],
"malopPriority": "MEDIUM"
}
},
"status": "TIMEOUT_ERROR",
"message": ""
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
endpoint_url = "/rest/crimes/status"
api_url = base_url + endpoint_url
# These are the variables that represent different fields in the request.
malop_id = "11.3053227225402057795"
status = "TODO"
query = json.dumps({malop_id:status})
api_headers = {'Content-Type':'application/json'}
api_response = session.request("POST", api_url, data=query, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{ "data": { "11.8504680670420182250": { "simpleValues": { "remediationType": { "totalValues": 1, "values": [ "MALICIOUS_BEHAVIOR" ] }, "hasSuspicions": { "totalValues": 1, "values": [ "false" ] }, "rootCauseElementCompanyProduct": { "totalValues": 1, "values": [ "CentOS : " ] }, "decisionFeature": { "totalValues": 1, "values": [ "Process.maliciousSignatureVerificationFailure(Malop decision)" ] }, "detectionType": { "totalValues": 1, "values": [ "MALICIOUS_PROCESS" ] }, "malopActivityTypes": { "totalValues": 1, "values": [ "MALICIOUS_INFECTION" ] }, "elementDisplayName": { "totalValues": 1, "values": [ "MALICIOUS_INFECTION" ] }, "creationTime": { "totalValues": 1, "values": [ "1512230036955" ] }, "isBlocked": { "totalValues": 1, "values": [ "false" ] }, "primaryMalopType": { "totalValues": 1, "values": [ "MALICIOUS_INFECTION" ] }, "hasRansomwareSuspendedProcesses": { "totalValues": 1, "values": [ "false" ] }, "rootCauseElementTypes": { "totalValues": 1, "values": [ "File" ] }, "malopStartTime": { "totalValues": 1, "values": [ "1509990787000" ] }, "rootCauseElementNames": { "totalValues": 1, "values": [ "chkconfig" ] }, "malopDetectionTypes": { "totalValues": 1, "values": null }, "malopLastUpdateTime": { "totalValues": 1, "values": [ "1512230036970" ] }, "allRansomwareProcessesSuspended": { "totalValues": 1, "values": [ "false" ] }, "rootCauseElementHashes": { "totalValues": 1, "values": [ "0484b5e61527beafb19eea5755971051f888fbf3" ] }, "managementStatus": { "totalValues": 1, "values": [ "TODO" ] }, "closeTime": { "totalValues": 1, "values": [ null ] }, "closerName": { "totalValues": 1, "values": [ null ] }, "customClassification": { "totalValues": 1, "values": [ "None" ] }, "comments": { "totalValues": 1, "values": [ { "commentId": "be859ed4-acc9-45d0-bdf5-27d690b56836", "username": "[email protected]", "message": "Check this.", "timestamp": 1512305378137 } ] } }, "elementValues": { "suspectsHostProcesses": { "totalValues": 4, "elementValues": [ { "elementType": "Process", "guid": "2008666417.-1578431512819985076", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.7402900454903167931", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-5764934515600209564", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-3473093736160051312", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true } ], "totalSuspicious": 4, "totalMalicious": 4 }, "affectedMachines": { "totalValues": 1, "elementValues": [ { "elementType": "Machine", "guid": "2008666417.1198775089551518743", "name": "guyQA-Centos6", "hasSuspicions": false, "hasMalops": false } ], "totalSuspicious": 0, "totalMalicious": 0 }, "suspectsWithNoTid": { "totalValues": 4, "elementValues": [ { "elementType": "Process", "guid": "2008666417.-1578431512819985076", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.7402900454903167931", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-5764934515600209564", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-3473093736160051312", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true } ], "totalSuspicious": 4, "totalMalicious": 4 }, "primaryRootCauseElements": { "totalValues": 1, "elementValues": [ { "elementType": "File", "guid": "2008666417.-5234933168794814552", "name": "chkconfig", "hasSuspicions": true, "hasMalops": false } ], "totalSuspicious": 1, "totalMalicious": 0 }, "suspectsInjectingProcesses": { "totalValues": 0, "elementValues": null, "totalSuspicious": 0, "totalMalicious": 0 }, "registryKeysToRemediate": { "totalValues": 0, "elementValues": null, "totalSuspicious": 0, "totalMalicious": 0 }, "suspects": { "totalValues": 4, "elementValues": [ { "elementType": "Process", "guid": "2008666417.-1578431512819985076", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.7402900454903167931", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-5764934515600209564", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-3473093736160051312", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true } ], "totalSuspicious": 4, "totalMalicious": 4 }, "suspectsProcesses": { "totalValues": 4, "elementValues": [ { "elementType": "Process", "guid": "2008666417.-1578431512819985076", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.7402900454903167931", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-5764934515600209564", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-3473093736160051312", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true } ], "totalSuspicious": 4, "totalMalicious": 4 }, "affectedUsers": { "totalValues": 1, "elementValues": [ { "elementType": "User", "guid": "0.8755380527291090081", "name": "user-centos6\\root", "hasSuspicions": false, "hasMalops": false } ], "totalSuspicious": 0, "totalMalicious": 0 }, "self": { "totalValues": 1, "elementValues": [ { "elementType": "MalopProcess", "guid": "11.8504680670420182250", "name": "MALICIOUS_INFECTION", "hasSuspicions": false, "hasMalops": false } ], "totalSuspicious": 0, "totalMalicious": 0 }, "rootCauseElements": { "totalValues": 1, "elementValues": [ { "elementType": "File", "guid": "2008666417.-5234933168794814552", "name": "chkconfig", "hasSuspicions": true, "hasMalops": false } ], "totalSuspicious": 1, "totalMalicious": 0 }, "suspectsFeatureCollection": { "totalValues": 4, "elementValues": [ { "elementType": "Process", "guid": "2008666417.-1578431512819985076", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.7402900454903167931", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-5764934515600209564", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true }, { "elementType": "Process", "guid": "2008666417.-3473093736160051312", "name": "chkconfig", "hasSuspicions": true, "hasMalops": true } ], "totalSuspicious": 4, "totalMalicious": 4 }, "filesToRemediate": { "totalValues": 0, "elementValues": null, "totalSuspicious": 0, "totalMalicious": 0 }, "processesToRemediate": { "totalValues": 0, "elementValues": null, "totalSuspicious": 0, "totalMalicious": 0 } }, "suspicions": null, "filterData": { "sortInGroupValue": "11.8504680670420182250", "groupByValue": "MalopProcessRuntime:11.8504680670420182250 " }, "isMalicious": false, "suspicionCount": 0, "guidString": "11.8504680670420182250", "labelsIds": [ 86 ], "malopPriority": "MEDIUM" } }, "status": "TIMEOUT_ERROR", "message": "" }