Update MalOp Status

Endpoint URL: https://<your server/rest/crimes/status
Endpoint URI: crimes/status

Action: POST

Updates a MalOps’s status.

This request is supported for updating the MalOp status if your Cybereason platform does not use the Cybereason platform’s newer data infrastructure. If you use the newer data infrastructure and the Malops manageement screen for your Malop management, you cannot currently use the API to update a Malop’s status.

Note

Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.

Request Headers

You must add an Content-Type:application/json header with the request.

Note

If you are using CURL, specify the authorization credentials or location of the cookie file with every request.


Request Body

Input: JSON

Download JSON syntax file

Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.

{
              "<malopID>": "<malop status>"
            }

Request Parameters

URL/URI parameters: none

Request Body Parameters: You must provide the following REQUIRED parameters:

  • MalopID: The unique GUID for the MalOp. This number is found in the Malop Inbox when the MalOp details view is opened or using the API GET request to return all MalOp details. For details on the API request, see Retrieve All MalOps.

  • malop status: A string value. The status to apply to the MalOp. Possible values include: TODO, CLOSED, UNREAD, FP, or OPEN.


Response Success Schema

The response contains full details on the selected MalOp, including all the details about Suspicions, Evidence, and so forth. For details on all the fields, see Get Details on a Specific AI Hunt Malop.

To see the result of the status update, view the following fields at the end of the response:

  • managementStatus: The status of the MalOp.

  • status: The current status of the MalOp status update.


Response Failure Schema

If the request fails, the status field will report one of the following messages:

  • FAILURE

  • PARTIAL_SUCCESS

  • NO_SERVERS_CONFIGURED

  • QUERY_LIMIT_CROSSED

  • TIMEOUT_ERROR


Important Response Fields

Important information is found in these fields:

  • managementStatus: The status of the MalOp. Ensure that this value matches the value sent in the request.

  • status: The status of the update. To ensure that the status update succeeded, make sure this value is SUCCESS.


Example: Update a MalOp’s status

Request

curl --request POST \
    --url https://12.34.56.78/rest/crimes/status \
    --header 'Content-Type:application/json' \
    --data '{
                "11.3053227225402057795": "TODO"
            }'

Response

{
  "data": {
    "11.8504680670420182250": {
      "simpleValues": {
        "remediationType": {
          "totalValues": 1,
          "values": [
            "MALICIOUS_BEHAVIOR"
          ]
        },
        "hasSuspicions": {
          "totalValues": 1,
          "values": [
            "false"
          ]
        },
        "rootCauseElementCompanyProduct": {
          "totalValues": 1,
          "values": [
            "CentOS : "
          ]
        },
        "decisionFeature": {
          "totalValues": 1,
          "values": [
            "Process.maliciousSignatureVerificationFailure(Malop decision)"
          ]
        },
        "detectionType": {
          "totalValues": 1,
          "values": [
            "MALICIOUS_PROCESS"
          ]
        },
        "malopActivityTypes": {
          "totalValues": 1,
          "values": [
            "MALICIOUS_INFECTION"
          ]
        },
        "elementDisplayName": {
          "totalValues": 1,
          "values": [
            "MALICIOUS_INFECTION"
          ]
        },
        "creationTime": {
          "totalValues": 1,
          "values": [
            "1512230036955"
          ]
        },
        "isBlocked": {
          "totalValues": 1,
          "values": [
            "false"
          ]
        },
        "primaryMalopType": {
          "totalValues": 1,
          "values": [
            "MALICIOUS_INFECTION"
          ]
        },
        "hasRansomwareSuspendedProcesses": {
          "totalValues": 1,
          "values": [
            "false"
          ]
        },
        "rootCauseElementTypes": {
          "totalValues": 1,
          "values": [
            "File"
          ]
        },
        "malopStartTime": {
          "totalValues": 1,
          "values": [
            "1509990787000"
          ]
        },
        "rootCauseElementNames": {
          "totalValues": 1,
          "values": [
            "chkconfig"
          ]
        },
        "malopDetectionTypes": {
          "totalValues": 1,
          "values": null
        },
        "malopLastUpdateTime": {
          "totalValues": 1,
          "values": [
            "1512230036970"
          ]
        },
        "allRansomwareProcessesSuspended": {
          "totalValues": 1,
          "values": [
            "false"
          ]
        },
        "rootCauseElementHashes": {
          "totalValues": 1,
          "values": [
            "0484b5e61527beafb19eea5755971051f888fbf3"
          ]
        },
        "managementStatus": {
          "totalValues": 1,
          "values": [
            "TODO"
          ]
        },
        "closeTime": {
          "totalValues": 1,
          "values": [
            null
          ]
        },
        "closerName": {
          "totalValues": 1,
          "values": [
            null
          ]
        },
        "customClassification": {
          "totalValues": 1,
          "values": [
            "None"
          ]
        },
        "comments": {
          "totalValues": 1,
          "values": [
            {
              "commentId": "be859ed4-acc9-45d0-bdf5-27d690b56836",
              "username": "[email protected]",
              "message": "Check this.",
              "timestamp": 1512305378137
            }
          ]
        }
      },
      "elementValues": {
        "suspectsHostProcesses": {
          "totalValues": 4,
          "elementValues": [
            {
              "elementType": "Process",
              "guid": "2008666417.-1578431512819985076",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.7402900454903167931",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-5764934515600209564",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-3473093736160051312",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            }
          ],
          "totalSuspicious": 4,
          "totalMalicious": 4
        },
        "affectedMachines": {
          "totalValues": 1,
          "elementValues": [
            {
              "elementType": "Machine",
              "guid": "2008666417.1198775089551518743",
              "name": "guyQA-Centos6",
              "hasSuspicions": false,
              "hasMalops": false
            }
          ],
          "totalSuspicious": 0,
          "totalMalicious": 0
        },
        "suspectsWithNoTid": {
          "totalValues": 4,
          "elementValues": [
            {
              "elementType": "Process",
              "guid": "2008666417.-1578431512819985076",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.7402900454903167931",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-5764934515600209564",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-3473093736160051312",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            }
          ],
          "totalSuspicious": 4,
          "totalMalicious": 4
        },
        "primaryRootCauseElements": {
          "totalValues": 1,
          "elementValues": [
            {
              "elementType": "File",
              "guid": "2008666417.-5234933168794814552",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": false
            }
          ],
          "totalSuspicious": 1,
          "totalMalicious": 0
        },
        "suspectsInjectingProcesses": {
          "totalValues": 0,
          "elementValues": null,
          "totalSuspicious": 0,
          "totalMalicious": 0
        },
        "registryKeysToRemediate": {
          "totalValues": 0,
          "elementValues": null,
          "totalSuspicious": 0,
          "totalMalicious": 0
        },
        "suspects": {
          "totalValues": 4,
          "elementValues": [
            {
              "elementType": "Process",
              "guid": "2008666417.-1578431512819985076",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.7402900454903167931",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-5764934515600209564",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-3473093736160051312",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            }
          ],
          "totalSuspicious": 4,
          "totalMalicious": 4
        },
        "suspectsProcesses": {
          "totalValues": 4,
          "elementValues": [
            {
              "elementType": "Process",
              "guid": "2008666417.-1578431512819985076",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.7402900454903167931",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-5764934515600209564",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-3473093736160051312",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            }
          ],
          "totalSuspicious": 4,
          "totalMalicious": 4
        },
        "affectedUsers": {
          "totalValues": 1,
          "elementValues": [
            {
              "elementType": "User",
              "guid": "0.8755380527291090081",
              "name": "user-centos6\\root",
              "hasSuspicions": false,
              "hasMalops": false
            }
          ],
          "totalSuspicious": 0,
          "totalMalicious": 0
        },
        "self": {
          "totalValues": 1,
          "elementValues": [
            {
              "elementType": "MalopProcess",
              "guid": "11.8504680670420182250",
              "name": "MALICIOUS_INFECTION",
              "hasSuspicions": false,
              "hasMalops": false
            }
          ],
          "totalSuspicious": 0,
          "totalMalicious": 0
        },
        "rootCauseElements": {
          "totalValues": 1,
          "elementValues": [
            {
              "elementType": "File",
              "guid": "2008666417.-5234933168794814552",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": false
            }
          ],
          "totalSuspicious": 1,
          "totalMalicious": 0
        },
        "suspectsFeatureCollection": {
          "totalValues": 4,
          "elementValues": [
            {
              "elementType": "Process",
              "guid": "2008666417.-1578431512819985076",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.7402900454903167931",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-5764934515600209564",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-3473093736160051312",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            }
          ],
          "totalSuspicious": 4,
          "totalMalicious": 4
        },
        "filesToRemediate": {
          "totalValues": 0,
          "elementValues": null,
          "totalSuspicious": 0,
          "totalMalicious": 0
        },
        "processesToRemediate": {
          "totalValues": 0,
          "elementValues": null,
          "totalSuspicious": 0,
          "totalMalicious": 0
        }
      },
      "suspicions": null,
      "filterData": {
        "sortInGroupValue": "11.8504680670420182250",
        "groupByValue": "MalopProcessRuntime:11.8504680670420182250 "
      },
      "isMalicious": false,
      "suspicionCount": 0,
      "guidString": "11.8504680670420182250",
      "labelsIds": [
        86
      ],
      "malopPriority": "MEDIUM"
    }
  },
  "status": "SUCCESS",
  "message": ""
}

Example: Failure to update a MalOp’s status due to a server timeout

Request

curl --request GET \
    --url https://12.34.56.78/rest/crimes/status \
    --header 'Content-Type:application/json' \
    --data '{
                "11.3053227225402057795": "TODO"
            }'


    **Response**
{
  "data": {
    "11.8504680670420182250": {
      "simpleValues": {
        "remediationType": {
          "totalValues": 1,
          "values": [
            "MALICIOUS_BEHAVIOR"
          ]
        },
        "hasSuspicions": {
          "totalValues": 1,
          "values": [
            "false"
          ]
        },
        "rootCauseElementCompanyProduct": {
          "totalValues": 1,
          "values": [
            "CentOS : "
          ]
        },
        "decisionFeature": {
          "totalValues": 1,
          "values": [
            "Process.maliciousSignatureVerificationFailure(Malop decision)"
          ]
        },
        "detectionType": {
          "totalValues": 1,
          "values": [
            "MALICIOUS_PROCESS"
          ]
        },
        "malopActivityTypes": {
          "totalValues": 1,
          "values": [
            "MALICIOUS_INFECTION"
          ]
        },
        "elementDisplayName": {
          "totalValues": 1,
          "values": [
            "MALICIOUS_INFECTION"
          ]
        },
        "creationTime": {
          "totalValues": 1,
          "values": [
            "1512230036955"
          ]
        },
        "isBlocked": {
          "totalValues": 1,
          "values": [
            "false"
          ]
        },
        "primaryMalopType": {
          "totalValues": 1,
          "values": [
            "MALICIOUS_INFECTION"
          ]
        },
        "hasRansomwareSuspendedProcesses": {
          "totalValues": 1,
          "values": [
            "false"
          ]
        },
        "rootCauseElementTypes": {
          "totalValues": 1,
          "values": [
            "File"
          ]
        },
        "malopStartTime": {
          "totalValues": 1,
          "values": [
            "1509990787000"
          ]
        },
        "rootCauseElementNames": {
          "totalValues": 1,
          "values": [
            "chkconfig"
          ]
        },
        "malopDetectionTypes": {
          "totalValues": 1,
          "values": null
        },
        "malopLastUpdateTime": {
          "totalValues": 1,
          "values": [
            "1512230036970"
          ]
        },
        "allRansomwareProcessesSuspended": {
          "totalValues": 1,
          "values": [
            "false"
          ]
        },
        "rootCauseElementHashes": {
          "totalValues": 1,
          "values": [
            "0484b5e61527beafb19eea5755971051f888fbf3"
          ]
        },
        "managementStatus": {
          "totalValues": 1,
          "values": [
            "TODO"
          ]
        },
        "closeTime": {
          "totalValues": 1,
          "values": [
            null
          ]
        },
        "closerName": {
          "totalValues": 1,
          "values": [
            null
          ]
        },
        "customClassification": {
          "totalValues": 1,
          "values": [
            "None"
          ]
        },
        "comments": {
          "totalValues": 1,
          "values": [
            {
              "commentId": "be859ed4-acc9-45d0-bdf5-27d690b56836",
              "username": "[email protected]",
              "message": "Check this.",
              "timestamp": 1512305378137
            }
          ]
        }
      },
      "elementValues": {
        "suspectsHostProcesses": {
          "totalValues": 4,
          "elementValues": [
            {
              "elementType": "Process",
              "guid": "2008666417.-1578431512819985076",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.7402900454903167931",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-5764934515600209564",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-3473093736160051312",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            }
          ],
          "totalSuspicious": 4,
          "totalMalicious": 4
        },
        "affectedMachines": {
          "totalValues": 1,
          "elementValues": [
            {
              "elementType": "Machine",
              "guid": "2008666417.1198775089551518743",
              "name": "guyQA-Centos6",
              "hasSuspicions": false,
              "hasMalops": false
            }
          ],
          "totalSuspicious": 0,
          "totalMalicious": 0
        },
        "suspectsWithNoTid": {
          "totalValues": 4,
          "elementValues": [
            {
              "elementType": "Process",
              "guid": "2008666417.-1578431512819985076",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.7402900454903167931",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-5764934515600209564",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-3473093736160051312",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            }
          ],
          "totalSuspicious": 4,
          "totalMalicious": 4
        },
        "primaryRootCauseElements": {
          "totalValues": 1,
          "elementValues": [
            {
              "elementType": "File",
              "guid": "2008666417.-5234933168794814552",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": false
            }
          ],
          "totalSuspicious": 1,
          "totalMalicious": 0
        },
        "suspectsInjectingProcesses": {
          "totalValues": 0,
          "elementValues": null,
          "totalSuspicious": 0,
          "totalMalicious": 0
        },
        "registryKeysToRemediate": {
          "totalValues": 0,
          "elementValues": null,
          "totalSuspicious": 0,
          "totalMalicious": 0
        },
        "suspects": {
          "totalValues": 4,
          "elementValues": [
            {
              "elementType": "Process",
              "guid": "2008666417.-1578431512819985076",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.7402900454903167931",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-5764934515600209564",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-3473093736160051312",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            }
          ],
          "totalSuspicious": 4,
          "totalMalicious": 4
        },
        "suspectsProcesses": {
          "totalValues": 4,
          "elementValues": [
            {
              "elementType": "Process",
              "guid": "2008666417.-1578431512819985076",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.7402900454903167931",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-5764934515600209564",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-3473093736160051312",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            }
          ],
          "totalSuspicious": 4,
          "totalMalicious": 4
        },
        "affectedUsers": {
          "totalValues": 1,
          "elementValues": [
            {
              "elementType": "User",
              "guid": "0.8755380527291090081",
              "name": "user-centos6\\root",
              "hasSuspicions": false,
              "hasMalops": false
            }
          ],
          "totalSuspicious": 0,
          "totalMalicious": 0
        },
        "self": {
          "totalValues": 1,
          "elementValues": [
            {
              "elementType": "MalopProcess",
              "guid": "11.8504680670420182250",
              "name": "MALICIOUS_INFECTION",
              "hasSuspicions": false,
              "hasMalops": false
            }
          ],
          "totalSuspicious": 0,
          "totalMalicious": 0
        },
        "rootCauseElements": {
          "totalValues": 1,
          "elementValues": [
            {
              "elementType": "File",
              "guid": "2008666417.-5234933168794814552",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": false
            }
          ],
          "totalSuspicious": 1,
          "totalMalicious": 0
        },
        "suspectsFeatureCollection": {
          "totalValues": 4,
          "elementValues": [
            {
              "elementType": "Process",
              "guid": "2008666417.-1578431512819985076",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.7402900454903167931",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-5764934515600209564",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            },
            {
              "elementType": "Process",
              "guid": "2008666417.-3473093736160051312",
              "name": "chkconfig",
              "hasSuspicions": true,
              "hasMalops": true
            }
          ],
          "totalSuspicious": 4,
          "totalMalicious": 4
        },
        "filesToRemediate": {
          "totalValues": 0,
          "elementValues": null,
          "totalSuspicious": 0,
          "totalMalicious": 0
        },
        "processesToRemediate": {
          "totalValues": 0,
          "elementValues": null,
          "totalSuspicious": 0,
          "totalMalicious": 0
        }
      },
      "suspicions": null,
      "filterData": {
        "sortInGroupValue": "11.8504680670420182250",
        "groupByValue": "MalopProcessRuntime:11.8504680670420182250 "
      },
      "isMalicious": false,
      "suspicionCount": 0,
      "guidString": "11.8504680670420182250",
      "labelsIds": [
        86
      ],
      "malopPriority": "MEDIUM"
    }
  },
  "status": "TIMEOUT_ERROR",
  "message": ""
}