Get Remediation Statuses

Endpoint URL: https://<your server>/rest/remediate/status/:malopId
Endpoint URI: remediate/status/:malopId

Action: GET

Retrieves details about remediation actions performed on a particular Malop.

Note

Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.

Request Headers

You must add an Content-Type:application/json header with the request.

Note

If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.


Request Body

None


Request Parameters

URL/URI parameters: You must provide the Required malopId as part of the request URL. This ID is found when you retrieve the list of Malops. For details on getting this ID, see, Retrieve All MalOps.

Request Body Parameters: None


Response Status Codes

This request can return the following status codes:

  • 200: Success OK or an error message saying why


Response Success Schema

The response includes the following fields:

Field

Type

Description

malopID

Float

The numerical identifier of the Malop assigned by Cybereason.

remediationID

Float

The numerical identifier of the remediation operation assigned by Cybereason.

start

Timestamp

The time (in epoch) that the remediation operation began.

end

Timestamp

The time (in epoch) the the remediation operation ended.

initiatingUser

String

The Cybereason user name of the user initiating the remediation.

statusLog

Array

An object containing information about the remediation.

machineID

Float

The unique ID for the machine or machines on which the remediation was performed.

targetID

String

The unique identifier for the target item for the remediation operation.

status

String

The status of the remediation request. Possible values include:

  • SUCCESS

  • PENDING

  • IN_PROGRESS

actionType

String

The type of action you attempted to perform.

timestamp

Integer

The time (in epoch) of the status report for the remediation request.

Response Failure Schema

The response includes the following fields:

Field

Type

Description

malopID

Float

The numerical identifier of the Malop assigned by Cybereason.

remediationID

Float

The numerical identifier the Cybereason platform uses for the remediation operation.

start

Timestamp

The time (in epoch) that the remediation operation began.

end

Timestamp

The time (in epoch) the the remediation operation ended.

initiatingUser

String

The Cybereason user name of the user initiating the remediation.

statusLog

Array

An object containing information about the remediation.

machineID

Float

The unique ID for the machine or machines on which the remediation was performed.

targetID

String

Reports a null value.

status

Enum

The status of the remediation request. Possible values include:

  • FAILURE

  • ABORTED

actionType

String

The type of action you attempted to perform.

timestamp

Integer

The time (in epoch) of the status report for the remediation request.

error

Array

An object containing details of the error.

message

String

A description of the error.

errorType

Enum

The type of error. Possible values include:

  • PROBE_DISCONNECTED: The Sensor is offline.

  • TIMED_OUT_WAITING_FOR_PROBE: The remediation request timed out while waiting for the Sensor to come online.

  • GENERAL_PROBE_FAILURE: There was an unknown error on the Sensor.

  • UNSUPPORTED_VERSION: The Sensor version does not support this remediation action.

  • PROBE_FILE_NOT_FOUND: The Sensor could not find the file for the remediation action.

  • PROBE_ACCESS_IS_DENIED: The Sensor cannot access the requested file for remediation.

  • PROBE_INVALID_PARAMETER: An invalid argument was sent to the Sensor.

  • PROBE_TIMEOUT: There was a Sensor timeout when the Sensor went offline.

  • PROBE_NOT_ENOUGH_SPACE: The Sensor does not have enough space to perform the selected remediation action.

  • PROBE_READ_ONLY_FILE: The file for remediation is a read-only file.

  • PROBE_HELD_BY_ANOTHER_PROCESS: The file for remediation is currently in use by another process.

  • INVALID_ARGUMENT: There is an error in your request.

  • BROADCAST_FAILURE: There was an error reaching the server or the same Sensor ID is found on multiple servers.

  • SERVER_ERROR: There was a general server error.

Important Response Fields

Important information is found in these fields:

  • remediationId: This value represents the unique identifier the Cybereason platform uses to identify the remediation operation. You may need this identifier in future requests to check the status of the remediation.

    For the specific Malop about which you are requesting the remediation status, you may have multiple remediation ID fields if you have performed multiple remediation operations on items in this Malop.

  • machineId: The unique identifier the Cybereason platform uses for the machine to which this remediation operation was sent.

  • actionType: The type of remediation action requested.

  • status: This field shows the current status of the remediation operation.

  • timestamp: This time value (in epoch) displays when the remediation operation was performed or failed.


Example: Get the remediation status of a Malop

Request

curl --request GET \
    --url https://12.34.56.78/rest/remediate/status/11.2718161727221199870 \
    --header 'Content-Type:application/json' \

Response

{
    "malopId": "11.2718161727221199870",
    "remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
    "start": 1518604850656,
    "end": 1518604850744,
    "initiatingUser": "[email protected]",
    "statusLog": [
        {
            "machineId": "-1632138521.1198775089551518743",
            "targetId": null,
            "status": "SUCCESS",
            "actionType": "KILL_PROCESS",
            "timestamp": 1518604850714
        }
    ]
}

Example: Check remediation status failure

Request

curl --request GET \
        --url https://12.34.56.78/rest/remediate/status/11.2718161727221199870 \
        --header 'Content-Type:application/json' \

Response

{
    "malopId": 11.2718161727221199870,
    "remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
    "start": 1518604850656,
    "end": 1518604850744,
    "initiatingUser": "[email protected]",
    "malopId": null,
    "statusLog": [
        {
            "machineId": "laptop-demo-sales",
            "targetId": null,
            "status": "FAILURE",
            "actionType": "KILL_PROCESS",
            "error": {
                "message": "Server error",
                "errorType": "INVALID_ARGUMENT"
            },
            "timestamp": 1560795947237
        }
    ]
}

Example: Check remediation progress failure due to offline Sensor

Request

curl --request GET \
        --url https://12.34.56.78/rest/remediate/status/11.2718161727221199870 \
        --header 'Content-Type:application/json' \

Response

{
    "malopId": 11.2718161727221199870,
    "remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
    "start": 1518604850656,
    "end": 1518604850744,
    "initiatingUser": "[email protected]",
    "malopId": null,
    "statusLog": [
        {
            "machineId": "laptop-demo-sales",
            "targetId": null,
            "status": "FAILURE",
            "actionType": "KILL_PROCESS",
            "error": {
                "message": "Server error",
                "errorType": "PROBE_DISCONNECTED"
            },
            "timestamp": 1560795947237
        }
    ]
}