Get Malware Counts
Endpoint URL: https://<your server>/rest/malware/counts
Endpoint URI: malware/counts
Action: POST
Returns a count of each type of malware.
Note
Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.
Request Headers
You must add an Content-Type:application/json header with the request.
Note
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
Input: JSON
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
{
"compoundQueryFilters": [
{
"filters":[
{
"fieldName":"needsAttention",
"operator":"Is",
"values":[true]
}
],
"filterName":"needsAttention"
},
{
"filters":[
{
"fieldName":"type",
"operator":"Equals",
"values":["KnownMalware"]
},
{
"fieldName":"needsAttention",
"operator":"Is",
"values":[false]
}
],
"filterName":"KnownMalware"
},
{
"filters":[
{
"fieldName":"type",
"operator":"Equals",
"values":["UnknownMalware"]
},
{
"fieldName":"needsAttention",
"operator":"Is",
"values":[false]
}
],
"filterName":"UnknownMalware"
},
{
"filters":[
{
"fieldName":"type",
"operator":"Equals",
"values":["FilelessMalware"]
},
{
"fieldName":"needsAttention",
"operator":"Is",
"values":[false]
}
],
"filterName":"FilelessMalware"
},
{
"filters":[
{
"fieldName":"type",
"operator":"Equals",
"values":["ApplicationControlMalware"]
},
{
"fieldName":"needsAttention",
"operator":"Is",
"values":[false]
}
],
"filterName":"ApplicationControlMalware"
}
]
}
Note
When sending this request, there may be a delay in returning a response, depending on how much data and activity is in your system. Ensure you do not send this request multiple times while waiting for response as this may cause unexpected results and performance issues in your environment.
If you want to return fewer types of malware, you can remove the necessary filters object from the template above.
In addition, if you are trying to retrieve types of malware other than the Needs Attention type, you must add multiple objects in the filters object as seen above.
Request Parameters
URL/URI parameters: none
Body Parameters: Use the following fields in the request. Required parameters are noted in bold.
Parameter |
Type |
Description |
|---|---|---|
compoundQueryFilters |
Array |
Object containing data on the Malware. For details, see the description of the fields below. |
filters |
Array |
A description of the filter for the Malware type. |
fieldName |
String |
The type of Malware for which to retrieve data. Possible values include:
|
operator |
Enum |
The operator to use for the field. Use these values:
|
values |
String |
Indicates the value to use with the fieldName parameter. The values differ depending on the type of malware:
|
filterName |
String |
The name of the specific filter. Use needsAttention for the Needs Attention Malware, and the same name as the value field for other types of Malware. |
Response Status Codes
This request can return the following status codes:
200: Success OK
Response Success Schema
The response contains the following fields:
Field |
Type |
Description |
|---|---|---|
data |
Array |
An object containing the data about the malwares. |
malwareCountFilters |
Array |
An object containing the details of the individual filters. |
filter |
String |
The name of the filter specified in the filterName field in the request. |
count |
Integer |
The number of malware items returned for this filter. |
totalCount |
Integer |
The total number of malware instances returned. |
status |
Enum |
The status of the query. |
message |
String |
Any message attached to the query. |
Important Response Fields
Important information is found in these fields:
filter parameter: The type of malware. Each type of malware should have a filter parameter.
count parameter: The number of instances of malware for that type.
Example: Return counts of different types of malware
Request
curl --request POST \
--url https://12.34.56.78/rest/malware/counts \
--header 'Content-Type:application/json' \
--data '{
"compoundQueryFilters": [
{
"filters":[
{
"fieldName":"needsAttention",
"operator":"Is",
"values":[true]
}
],
"filterName":"needsAttention"
},
{
"filters":[
{
"fieldName":"type",
"operator":"Equals",
"values":["KnownMalware"]
},
{
"fieldName":"needsAttention",
"operator":"Is",
"values":[false]
}
]
"filterName":"KnownMalware"
},
{
"filters":[
{
"fieldName":"type",
"operator":"Equals",
"values":["UnknownMalware"]
},
{
"fieldName":"needsAttention",
"operator":"Is",
"values":[false]
}
],
"filterName":"UnknownMalware"
},
{
"filters":[
{
"fieldName":"type",
"operator":"Equals",
"values":["FilelessMalware"]
},
{
"fieldName":"needsAttention",
"operator":"Is",
"values":[false]
}
],
"filterName":"FilelessMalware"
},
{
"filters":[
{
"fieldName":"type",
"operator":"Equals",
"values":["ApplicationControlMalware"]
},
{
"fieldName":"needsAttention",
"operator":"Is",
"values":[false]
}
],
"filterName":"ApplicationControlMalware"
}
]
}'
Response
{
"data": {
"malwareCountFilters": [
{
"filter": "needsAttention",
"count": 0
},
{
"filter": "KnownMalware",
"count": 528
},
{
"filter": "UnknownMalware",
"count": 1975
},
{
"filter": "FilelessMalware",
"count": 3043
},
{
"filter": "ApplicationControlMalware",
"count": 0
}
],
"totalCount": 5546
},
"status": "SUCCESS",
"message": ""
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
Use this request body:
{
"compoundQueryFilters": [
{
"filters":[
{
"fieldName":"needsAttention",
"operator":"Is",
"values":[true]
}
],
"filterName":"needsAttention"
},
{
"filters":[
{
"fieldName":"type",
"operator":"Equals",
"values":["KnownMalware"]
},
{
"fieldName":"needsAttention",
"operator":"Is",
"values":[false]
}
],
"filterName":"KnownMalware"
},
{
"filters":[
{
"fieldName":"type",
"operator":"Equals",
"values":["UnknownMalware"]
},
{
"fieldName":"needsAttention",
"operator":"Is",
"values":[false]
}
],
"filterName":"UnknownMalware"
},
{
"filters":[
{
"fieldName":"type",
"operator":"Equals",
"values":["FilelessMalware"]
},
{
"fieldName":"needsAttention",
"operator":"Is",
"values":[false]
}
],
"filterName":"FilelessMalware"
},
{
"filters":[
{
"fieldName":"type",
"operator":"Equals",
"values":["ApplicationControlMalware"]
},
{
"fieldName":"needsAttention",
"operator":"Is",
"values":[false]
}
],
"filterName":"ApplicationControlMalware"
}
]
}
Response
{
"data": {
"malwareCountFilters": [
{
"filter": "needsAttention",
"count": 0
},
{
"filter": "KnownMalware",
"count": 528
},
{
"filter": "UnknownMalware",
"count": 1975
},
{
"filter": "FilelessMalware",
"count": 3043
},
{
"filter": "ApplicationControlMalware",
"count": 0
}
],
"totalCount": 5546
},
"status": "SUCCESS",
"message": ""
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login informations
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
endpoint_url = "/rest/malware/counts"
api_url = base_url + endpoint_url
query = json.dumps({"compoundQueryFilters":[{"filters":[{"fieldName":"needsAttention","operator":"Is","values":[True]}],"filterName":"needsAttention"},{"filters":[{"fieldName":"type","operator":"Equals","values":["KnownMalware"]},{"fieldName":"needsAttention","operator":"Is","values":[False]}],"filterName":"KnownMalware"},{"filters":[{"fieldName":"type","operator":"Equals","values":["UnknownMalware"]},{"fieldName":"needsAttention","operator":"Is","values":[False]}],"filterName":"UnknownMalware"},{"filters":[{"fieldName":"type","operator":"Equals","values":["FilelessMalware"]},{"fieldName":"needsAttention","operator":"Is","values":[False]}],"filterName":"FilelessMalware"},{"filters":[{"fieldName":"type","operator":"Equals","values":["ApplicationControlMalware"]}],"filterName":"ApplicationControlMalware"}]})
api_headers = {'Content-Type':'application/json'}
api_response = session.request("POST", api_url, data=query, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"data": {
"malwareCountFilters": [
{
"filter": "needsAttention",
"count": 0
},
{
"filter": "KnownMalware",
"count": 528
},
{
"filter": "UnknownMalware",
"count": 1975
},
{
"filter": "FilelessMalware",
"count": 3043
},
{
"filter": "ApplicationControlMalware",
"count": 0
}
],
"totalCount": 5546
},
"status": "SUCCESS",
"message": ""
}