Check Remediation Progress

Endpoint URL: https://<your server>/rest/remediate/progress/:username/:malopId/:remediationId
Endpoint URI: remediate/progress/:username/:malopId/:remediationId

Action: GET

Returns details on the progress of a specific remediation operation.

Note

Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.

You must add a Content-Type:application/json header with the request.

Note

If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.

None

URL/URI parameters: You must provide the following as part of the request URL:

username: The Cybereason user name of the user performing the remediation operation.
malopId: The unique Malop ID for the Malop for which you are performing remediation.
remediation ID: The remediation ID returned in a previous remediation request. For details on finding this remediation ID, see Remediate Items.

Request Body Parameters: none

This request can return the following status codes:

200: Success OK

Field	Type	Description
malopId	String	The unique ID
remediationID	Integer	The unique ID assigned by Cybereason to the remediation operation.
start	Integer	The UTC time (in epoch) when the remediation operation began.
end	Integer	The UTC time (in epoch) when the remediation operation ended.
statusLog	Array	An object containing details about the remediation.
machineId	String	The unique machine GUID for the machine in the remediation operation.
targetId	String	The unique GUID for the item at which the remediation is directed.
status	Enum	The status of the remediation operation. Possible values include: SUCCESS PENDING IN_PROGRESS
actionType	Enum	The remediation action. Possible values include: KILL_PROCESS QUARANTINE_FILE DELETE_REGISTRY_KEY BLOCK_FILE KILL_PREVENT_UNSUSPEND UNSUSPEND_PROCESS ISOLATE_MACHINE UNISOLATE_MACHINE
error	Array	An object containing details about any possible error.
message	String	A message string explaining the error.
errorType	Enum	The type of error that occurred. Possible values include: PROBE_DISCONNECTED: The machine requested does not have a Sensor online. TIMED_OUT_WAITING_FOR_PROBE: The remediation request timed out while waiting for the Sensor to come online. GENERAL_PROBE_FAILURE: There was an error with the Sensor. UNSUPPORTED_VERSION: The server or Sensor version does not support this remediation operation. PROBE_FILE_NOT_FOUND: The Sensor could not find the requested file for remediation. PROBE_ACCESS_IS_DENIED: The Sensor cannot access the relevant item for remediation. PROBE_INVALID_PARAMETER: An invalid parameter was sent to the Sensor. PROBE_TIMEOUT: The Sensor has timed out and gone offline. PROBE_NOT_ENOUGH_SPACE: The Sensor does not have enough free disk space to perform the remediation action. PROBE_READ_ONLY_FILE: The Sensor detected that the file for the remediation action is read-only. PROBE_HELD_BY_ANOTHER_PROCESS: The Sensor detected that the file for the remediation action is currently being used by another process. INVALID_ARGUMENT: One of the parameters in your request is not valid. BROADCAST_FAILURE: The Detection server is not available or same Sensor ID exists on multiple Detection servers. SERVER_ERROR: There was a server error.
timestamp	Integer	The time (in epoch) when the status was reported.

The response includes the following fields:

Field	Type	Description
malopID	Float	The numerical identifier of the Malop assigned by Cybereason.
remediationID	Float	The numerical identifier the Cybereason platform uses for the remediation operation.
start	Timestamp	The time (in epoch) that the remediation operation began.
end	Timestamp	The time (in epoch) the the remediation operation ended.
initiatingUser	String	The Cybereason user name of the user initiating the remediation.
statusLog	Array	An object containing information about the remediation.
machineID	Float	The unique ID for the machine or machines on which the remediation was performed.
targetID	String	Reports a null value.
status	Enum	The status of the remediation request. Possible values include: FAILURE ABORTED
actionType	String	The type of action you attempted to perform.
timestamp	Integer	The time (in epoch) of the status report for the remediation request.
error	Array	An object containing details of the error.
message	String	A description of the error.
errorType	Enum	The type of error. Possible values include: PROBE_DISCONNECTED: The Sensor is offline. TIMED_OUT_WAITING_FOR_PROBE: The remediation request timed out while waiting for the Sensor to come online. GENERAL_PROBE_FAILURE: There was an unknown error on the Sensor. UNSUPPORTED_VERSION: The Sensor version does not support this remediation action. PROBE_FILE_NOT_FOUND: The Sensor could not find the file for the remediation action. PROBE_ACCESS_IS_DENIED: The Sensor cannot access the requested file for remediation. PROBE_INVALID_PARAMETER: An invalid argument was sent to the Sensor. PROBE_TIMEOUT: There was a Sensor timeout when the Sensor went offline. PROBE_NOT_ENOUGH_SPACE: The Sensor does not have enough space to perform the selected remediation action. PROBE_READ_ONLY_FILE: The file for remediation is a read-only file. PROBE_HELD_BY_ANOTHER_PROCESS: The file for remediation is currently in use by another process. INVALID_ARGUMENT: There is an error in your request. BROADCAST_FAILURE: There was an error reaching the server or the same Sensor ID is found on multiple servers. SERVER_ERROR: There was a general server error.

Important information is found in these fields:

machineId parameter: The unique identifier used by the Cybereason platform for the machine to which this remediation operation was sent.
actionType parameter: The type of remediation action requested.
status parameter: This field shows the current status of the remediation operation.
timestamp parameter: This time value (in epoch) displays when the remediation operation was performed or failed.

Request

curl --request GET \
        --url https://12.34.56.78/rest/remediate/progress/[email protected]/11.2718161727221199870/86f3faa1-bac0-4a17-9192-9d106b734664 \
        --header 'Content-Type:application/json' \

Response

{
    "malopId": 11.2718161727221199870,
    "remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
    "start": 1518604850656,
    "end": 1518604850744,
    "initiatingUser": "[email protected]",
    "statusLog": [
                    {
                        "machineId": "-1632138521.1198775089551518743",
                        "targetId": null,
                        "status": "SUCCESS",
                        "actionType": "KILL_PROCESS",
                        "timestamp": 1518604850714
                    }
                  ]
}

Request

Response

{
    "malopId": 11.2718161727221199870,
    "remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
    "start": 1518604850656,
    "end": 1518604850744,
    "initiatingUser": "[email protected]",
    "statusLog": [
                    {
                        "machineId": "-1632138521.1198775089551518743",
                        "targetId": null,
                        "status": "SUCCESS",
                        "actionType": "KILL_PROCESS",
                        "timestamp": 1518604850714
                    }
                  ]
}

Request

Download Python script

Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.

import requests
import json

# Login information

username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"

data = {
    "username": username,
    "password": password
}

headers = {"Content-Type": "application/json"}

base_url = "https://" + server + ":" + port

login_url = base_url + "/login.html"

session = requests.session()

login_response = session.post(login_url, data=data, verify=True)

print (login_response.status_code)
print (session.cookies.items())

# Request URL

malop_id = 11.2718161727221199870
remediation_id = "86f3faa1-bac0-4a17-9192-9d106b734664"

endpoint_url = "/rest/remediate/progress/"

api_url = base_url + endpoint_url + str(malop_id) + remediation_id

api_headers = {'Content-Type':'application/json'}

api_response = session.request("GET", api_url, headers=api_headers)

your_response = json.loads(api_response.content)

print(json.dumps(your_response, indent=4, sort_keys=True))

Response

{
    "malopId": 11.2718161727221199870,
    "remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
    "start": 1518604850656,
    "end": 1518604850744,
    "initiatingUser": "[email protected]",
    "statusLog": [
                    {
                        "machineId": "-1632138521.1198775089551518743",
                        "targetId": null,
                        "status": "SUCCESS",
                        "actionType": "KILL_PROCESS",
                        "timestamp": 1518604850714
                    }
                  ]
}

Request

curl --request GET \
        --url https://12.34.56.78/rest/remediate/progress/[email protected]/11.2718161727221199870/86f3faa1-bac0-4a17-9192-9d106b734664 \
        --header 'Content-Type:application/json' \

Response

{
    "malopId": 11.2718161727221199870,
    "remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
    "start": 1518604850656,
    "end": 1518604850744,
    "initiatingUser": "[email protected]",
    "malopId": null,
    "statusLog": [
        {
            "machineId": "laptop-demo-sales",
            "targetId": null,
            "status": "FAILURE",
            "actionType": "KILL_PROCESS",
            "error": {
                "message": "Server error",
                "errorType": "INVALID_ARGUMENT"
            },
            "timestamp": 1560795947237
        }
    ]
}

Request

Response

{
    "malopId": 11.2718161727221199870,
    "remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
    "start": 1518604850656,
    "end": 1518604850744,
    "initiatingUser": "[email protected]",
    "malopId": null,
    "statusLog": [
        {
            "machineId": "laptop-demo-sales",
            "targetId": null,
            "status": "FAILURE",
            "actionType": "KILL_PROCESS",
            "error": {
                "message": "Server error",
                "errorType": "INVALID_ARGUMENT"
            },
            "timestamp": 1560795947237
        }
    ]
}

Request

Download Python script

Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.

import requests
import json

# Login information

username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"

data = {
    "username": username,
    "password": password
}

headers = {"Content-Type": "application/json"}

base_url = "https://" + server + ":" + port

login_url = base_url + "/login.html"

session = requests.session()

login_response = session.post(login_url, data=data, verify=True)

print (login_response.status_code)
print (session.cookies.items())

# Request URL

malop_id = 11.2718161727221199870
remediation_id = "86f3faa1-bac0-4a17-9192-9d106b734664"

endpoint_url = "/rest/remediate/progress/"

api_url = base_url + endpoint_url + str(malop_id) + remediation_id

api_headers = {'Content-Type':'application/json'}

api_response = session.request("GET", api_url, headers=api_headers)

your_response = json.loads(api_response.content)

print(json.dumps(your_response, indent=4, sort_keys=True))

Response

{
    "malopId": null,
    "remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
    "start": 1518604850656,
    "end": 1518604850744,
    "initiatingUser": "[email protected]",
    "statusLog": [
        {
            "machineId": "laptop-demo-sales",
            "targetId": null,
            "status": "FAILURE",
            "actionType": "KILL_PROCESS",
            "error": {
                "message": "Server error",
                "errorType": "INVALID_ARGUMENT"
            },
            "timestamp": 1560795947237
        }
    ]
}

Request

curl --request GET \
        --url https://12.34.56.78/rest/remediate/progress/[email protected]/11.2718161727221199870/86f3faa1-bac0-4a17-9192-9d106b734664 \
        --header 'Content-Type:application/json' \

Response

{
    "malopId": 11.2718161727221199870,
    "remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
    "start": 1518604850656,
    "end": 1518604850744,
    "initiatingUser": "[email protected]",
    "malopId": null,
    "statusLog": [
        {
            "machineId": "laptop-demo-sales",
            "targetId": null,
            "status": "FAILURE",
            "actionType": "KILL_PROCESS",
            "error": {
                "message": "Server error",
                "errorType": "PROBE_DISCONNECTED"
            },
            "timestamp": 1560795947237
        }
    ]
}

Request

Response

{
    "malopId": 11.2718161727221199870,
    "remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
    "start": 1518604850656,
    "end": 1518604850744,
    "initiatingUser": "[email protected]",
    "malopId": null,
    "statusLog": [
        {
            "machineId": "laptop-demo-sales",
            "targetId": null,
            "status": "FAILURE",
            "actionType": "KILL_PROCESS",
            "error": {
                "message": "Server error",
                "errorType": "PROBE_DISCONNECTED"
            },
            "timestamp": 1560795947237
        }
    ]
}

Request

Download Python script

Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.

# Login information

username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"

data = {
    "username": username,
    "password": password
}

headers = {"Content-Type": "application/json"}

base_url = "https://" + server + ":" + port

login_url = base_url + "/login.html"

session = requests.session()

login_response = session.post(login_url, data=data, verify=True)

print (login_response.status_code)
print (session.cookies.items())

# Request URL

malop_id = 11.2718161727221199870
remediation_id = "86f3faa1-bac0-4a17-9192-9d106b734664"

endpoint_url = "/rest/remediate/progress/"

api_url = base_url + endpoint_url + str(malop_id) + remediation_id

api_headers = {'Content-Type':'application/json'}

api_response = session.request("GET", api_url, headers=api_headers)

your_response = json.loads(api_response.content)

print(json.dumps(your_response, indent=4, sort_keys=True))

Response

{
    "malopId": null,
    "remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
    "start": 1518604850656,
    "end": 1518604850744,
    "initiatingUser": "[email protected]",
    "statusLog": [
        {
            "machineId": "laptop-demo-sales",
            "targetId": null,
            "status": "FAILURE",
            "actionType": "KILL_PROCESS",
            "error": {
                "message": "Server error",
                "errorType": "PROBE_DISCONNECTED"
            },
            "timestamp": 1560795947237
        }
    ]
}