Get Remediation Statuses
Endpoint URL: https://<your server>/rest/remediate/status/:malopId
Endpoint URI: remediate/status/:malopId
Action: GET
Retrieves details about remediation actions performed on a particular Malop.
Note
Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.
Request Headers
You must add an Content-Type:application/json header with the request.
Note
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
None
Request Parameters
URL/URI parameters: You must provide the Required malopId as part of the request URL. This ID is found when you retrieve the list of Malops. For details on getting this ID, see, Retrieve All MalOps.
Request Body Parameters: None
Response Status Codes
This request can return the following status codes:
200: Success OK or an error message saying why
Response Success Schema
The response includes the following fields:
Field |
Type |
Description |
---|---|---|
malopID |
Float |
The numerical identifier of the Malop assigned by Cybereason. |
remediationID |
Float |
The numerical identifier of the remediation operation assigned by Cybereason. |
start |
Timestamp |
The time (in epoch) that the remediation operation began. |
end |
Timestamp |
The time (in epoch) the the remediation operation ended. |
initiatingUser |
String |
The Cybereason user name of the user initiating the remediation. |
statusLog |
Array |
An object containing information about the remediation. |
machineID |
Float |
The unique ID for the machine or machines on which the remediation was performed. |
targetID |
String |
The unique identifier for the target item for the remediation operation. |
status |
String |
The status of the remediation request. Possible values include:
|
actionType |
String |
The type of action you attempted to perform. |
timestamp |
Integer |
The time (in epoch) of the status report for the remediation request. |
Response Failure Schema
The response includes the following fields:
Field |
Type |
Description |
---|---|---|
malopID |
Float |
The numerical identifier of the Malop assigned by Cybereason. |
remediationID |
Float |
The numerical identifier the Cybereason platform uses for the remediation operation. |
start |
Timestamp |
The time (in epoch) that the remediation operation began. |
end |
Timestamp |
The time (in epoch) the the remediation operation ended. |
initiatingUser |
String |
The Cybereason user name of the user initiating the remediation. |
statusLog |
Array |
An object containing information about the remediation. |
machineID |
Float |
The unique ID for the machine or machines on which the remediation was performed. |
targetID |
String |
Reports a null value. |
status |
Enum |
The status of the remediation request. Possible values include:
|
actionType |
String |
The type of action you attempted to perform. |
timestamp |
Integer |
The time (in epoch) of the status report for the remediation request. |
error |
Array |
An object containing details of the error. |
message |
String |
A description of the error. |
errorType |
Enum |
The type of error. Possible values include:
|
Important Response Fields
Important information is found in these fields:
remediationId: This value represents the unique identifier the Cybereason platform uses to identify the remediation operation. You may need this identifier in future requests to check the status of the remediation.
For the specific Malop about which you are requesting the remediation status, you may have multiple remediation ID fields if you have performed multiple remediation operations on items in this Malop.
machineId: The unique identifier the Cybereason platform uses for the machine to which this remediation operation was sent.
actionType: The type of remediation action requested.
status: This field shows the current status of the remediation operation.
timestamp: This time value (in epoch) displays when the remediation operation was performed or failed.
Example: Get the remediation status of a Malop
Request
curl --request GET \
--url https://12.34.56.78/rest/remediate/status/11.2718161727221199870 \
--header 'Content-Type:application/json' \
Response
{
"malopId": "11.2718161727221199870",
"remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
"start": 1518604850656,
"end": 1518604850744,
"initiatingUser": "[email protected]",
"statusLog": [
{
"machineId": "-1632138521.1198775089551518743",
"targetId": null,
"status": "SUCCESS",
"actionType": "KILL_PROCESS",
"timestamp": 1518604850714
}
]
}
{
"malopId": "11.2718161727221199870",
"remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
"start": 1518604850656,
"end": 1518604850744,
"initiatingUser": "[email protected]",
"statusLog": [
{
"machineId": "-1632138521.1198775089551518743",
"targetId": null,
"status": "SUCCESS",
"actionType": "KILL_PROCESS",
"timestamp": 1518604850714
}
]
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
malop_id = 11.2718161727221199870
endpoint_url = "/rest/remediate/status/"
api_url = base_url + endpoint_url + str(malop_id)
api_headers = {'Content-Type':'application/json'}
api_response = session.request("GET", api_url, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"malopId": "11.2718161727221199870",
"remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
"start": 1518604850656,
"end": 1518604850744,
"initiatingUser": "[email protected]",
"statusLog": [
{
"machineId": "-1632138521.1198775089551518743",
"targetId": null,
"status": "SUCCESS",
"actionType": "KILL_PROCESS",
"timestamp": 1518604850714
}
]
}
Example: Check remediation status failure
Request
curl --request GET \
--url https://12.34.56.78/rest/remediate/status/11.2718161727221199870 \
--header 'Content-Type:application/json' \
Response
{
"malopId": 11.2718161727221199870,
"remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
"start": 1518604850656,
"end": 1518604850744,
"initiatingUser": "[email protected]",
"malopId": null,
"statusLog": [
{
"machineId": "laptop-demo-sales",
"targetId": null,
"status": "FAILURE",
"actionType": "KILL_PROCESS",
"error": {
"message": "Server error",
"errorType": "INVALID_ARGUMENT"
},
"timestamp": 1560795947237
}
]
}
Request
Response
{
"malopId": 11.2718161727221199870,
"remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
"start": 1518604850656,
"end": 1518604850744,
"initiatingUser": "[email protected]",
"malopId": null,
"statusLog": [
{
"machineId": "laptop-demo-sales",
"targetId": null,
"status": "FAILURE",
"actionType": "KILL_PROCESS",
"error": {
"message": "Server error",
"errorType": "INVALID_ARGUMENT"
},
"timestamp": 1560795947237
}
]
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
malop_id = 11.2718161727221199870
endpoint_url = "/rest/remediate/status/"
api_url = base_url + endpoint_url + str(malop_id)
api_headers = {'Content-Type':'application/json'}
api_response = session.request("GET", api_url, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{ "malopId": null, "remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664", "start": 1518604850656, "end": 1518604850744, "initiatingUser": "[email protected]", "statusLog": [ { "machineId": "laptop-demo-sales", "targetId": null, "status": "FAILURE", "actionType": "KILL_PROCESS", "error": { "message": "Server error", "errorType": "INVALID_ARGUMENT" }, "timestamp": 1560795947237 } ] }
Example: Check remediation progress failure due to offline Sensor
Request
curl --request GET \
--url https://12.34.56.78/rest/remediate/status/11.2718161727221199870 \
--header 'Content-Type:application/json' \
Response
{
"malopId": 11.2718161727221199870,
"remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
"start": 1518604850656,
"end": 1518604850744,
"initiatingUser": "[email protected]",
"malopId": null,
"statusLog": [
{
"machineId": "laptop-demo-sales",
"targetId": null,
"status": "FAILURE",
"actionType": "KILL_PROCESS",
"error": {
"message": "Server error",
"errorType": "PROBE_DISCONNECTED"
},
"timestamp": 1560795947237
}
]
}
Request
Response
{
"malopId": 11.2718161727221199870,
"remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
"start": 1518604850656,
"end": 1518604850744,
"initiatingUser": "[email protected]",
"malopId": null,
"statusLog": [
{
"machineId": "laptop-demo-sales",
"targetId": null,
"status": "FAILURE",
"actionType": "KILL_PROCESS",
"error": {
"message": "Server error",
"errorType": "PROBE_DISCONNECTED"
},
"timestamp": 1560795947237
}
]
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
malop_id = 11.2718161727221199870
endpoint_url = "/rest/remediate/status/"
api_url = base_url + endpoint_url + str(malop_id)
api_headers = {'Content-Type':'application/json'}
api_response = session.request("GET", api_url, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"malopId": null,
"remediationId": "86f3faa1-bac0-4a17-9192-9d106b734664",
"start": 1518604850656,
"end": 1518604850744,
"initiatingUser": "[email protected]",
"statusLog": [
{
"machineId": "laptop-demo-sales",
"targetId": null,
"status": "FAILURE",
"actionType": "KILL_PROCESS",
"error": {
"message": "Server error",
"errorType": "PROBE_DISCONNECTED"
},
"timestamp": 1560795947237
}
]
}