Get a Custom Reputation
Endpoint URL: https://<your server>/rest/classification/reputations/list
Endpoint URI: classification/reputations/list
Action: POST
Returns details on custom reputations for all or a specific item from your organization’s private threat intelligence.
This endpoint is supported for Cybereason versions 21.2.103 and later.
This feature is not available by default. Contact Technical Support to enable this feature.
Note
Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.
Request Headers
You must add an Content-Type:application/json header with the request.
Note
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
Input: JSON
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
{
"filter": {
"key": "<item key>",
"reputationType": "<item type>",
"isBlocking": true,
"maliciousType": "<whitelist or blacklist>",
"includeExpired": true,
"comment": "<text contained within a comment>",
"owningUser": "<user that created the reputation>",
"text": "<partial key or partial comment string>"
},
"column": "<value by which to sort>",
"order": "<sort order>",
"page": 0,
"size": 20
}
Request Parameters
URL/URI parameters: none
Request Body Parameters: Use the following parameters. Required parameters are noted in bold.
Key |
Type |
Description |
---|---|---|
filter |
Object |
An object containing details on the value by which to filter. Ensure you use only one of the possible filter values |
key |
String |
The item key by which to search. You can enter a file hash value, IP address, or domain name. |
reputationType |
Enum |
The type of item for which to search. Possible values include:
|
isBlocking |
Boolean |
Indicates whether the reputation has been marked to have the Cybereason platform block execution of the item when the platform detects this item. |
maliciousType |
Enum |
The type of reputation. Enter either whitelist or blacklist. |
includeExpired |
Boolean |
Indicates whether to include items for which the custom reputation is expired. |
comment |
String |
Text of a comment added with the custom reputation. |
owningUser |
String |
The Cybereason username for the user that added the custom reputation. |
text |
String |
Any text associated with a custom reputation. For example, if you enter cybereason.com, the results include any item that has the string cybereason.com in the reputation key, the username for the user that added the reputation, and so forth. |
column |
Enum |
The value by which to sort the results. Possible values include:
|
order |
Enum |
The order in which to sort the values. Enter either asc for ascending order or desc for descending order. |
page |
Integer |
The position in which to start returning the results. Unless you have a specific reason to start at a specific place in the results, leave this value as 0. |
size |
Integer |
The number of items to return. |
Response Status Codes
This request can return the following status codes:
200: Success OK or an error message saying why
Response Success Schema
The response contains these fields:
Key |
Type |
Description |
---|---|---|
reputations |
Array |
An object containing details on the individual reputation. |
key |
String |
The key for the item. This will be a file hash value, IP address, or domain name. |
isBlocking |
Boolean |
Indicates whether the item was marked to have the Cybereason platform block execution of the item. |
maliciousType |
Enum |
The reputation for the item. This value is to allow (whitelist) or block (blacklist). |
comment |
String |
Comment added when the reputation was added. |
expiration |
Long |
The expiration date for the reputation. |
owningUser |
String |
The Cybereason username for the user that added the reputation. |
firstSeen |
Long |
The timestamp when the reputation was first added. |
lastUpdate |
Long |
The timestamp when the reputation was last updated. |
total |
Integer |
The total number of results returned. |
Response Failure Schema
None
Example: Return all custom reputations
Request
curl --request GET \
--url https://12.34.56.78/rest/classification/reputations/list \
--header 'Content-Type:application/json' \
--data '{"page":0,"size":1000,"filter":{"includeExpired":false}}'
Response
{
"outcome":"success",
"data": {
"reputations":
[
{
"key":"4df4308dd3c36cfee0fe11cfa4856165",
"reputationType":"FILE",
"isBlocking":true,
"maliciousType":"blacklist",
"comment":"registed by SOC",
"expiration":1648674000000,
"owningUser":"[email protected]",
"firstSeen":1641378554120,
"lastUpdated":1641487058169
},
{
"key":"0f3491280f5492cd028eb9e6b8b1b930",
"reputationType":"FILE",
"isBlocking":true,
"maliciousType":"blacklist",
"comment":"registed by SOC",
"expiration":-1,
"owningUser":"[email protected]",
"firstSeen":1641378554120,
"lastUpdated":1641378554120
},
{
"key":"db8a4847285b41d09aa90ecbd4290526",
"reputationType":"FILE",
"isBlocking":true,
"maliciousType":"blacklist",
"comment":"registed by SOC",
"expiration":-1,
"owningUser":"[email protected]"
"firstSeen":1641378554120,
"lastUpdated":1641487820991
}
],
"total":760
}
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
{
"page":0,
"size":1000,
"filter":{
"includeExpired":false
}
}
Response
{
"outcome":"success",
"data": {
"reputations":
[
{
"key":"4df4308dd3c36cfee0fe11cfa4856165",
"reputationType":"FILE",
"isBlocking":true,
"maliciousType":"blacklist",
"comment":"registed by SOC",
"expiration":1648674000000,
"owningUser":"[email protected]",
"firstSeen":1641378554120,
"lastUpdated":1641487058169
},
{
"key":"0f3491280f5492cd028eb9e6b8b1b930",
"reputationType":"FILE",
"isBlocking":true,
"maliciousType":"blacklist",
"comment":"registed by SOC",
"expiration":-1,
"owningUser":"[email protected]",
"firstSeen":1641378554120,
"lastUpdated":1641378554120
},
{
"key":"db8a4847285b41d09aa90ecbd4290526",
"reputationType":"FILE",
"isBlocking":true,
"maliciousType":"blacklist",
"comment":"registed by SOC",
"expiration":-1,
"owningUser":"[email protected]"
"firstSeen":1641378554120,
"lastUpdated":1641487820991
}
],
"total":760
}
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
endpoint_url = "/rest/classification/reputations/list"
api_url = base_url + endpoint_url
reputation = json.dumps({"page":0,"size":1000,"filter":{"includeExpired":False}})
api_response = session.request("POST", api_url, data=reputation, headers=headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"outcome":"success",
"data": {
"reputations":
[
{
"key":"4df4308dd3c36cfee0fe11cfa4856165",
"reputationType":"FILE",
"isBlocking":true,
"maliciousType":"blacklist",
"comment":"registed by SOC",
"expiration":1648674000000,
"owningUser":"[email protected]",
"firstSeen":1641378554120,
"lastUpdated":1641487058169
},
{
"key":"0f3491280f5492cd028eb9e6b8b1b930",
"reputationType":"FILE",
"isBlocking":true,
"maliciousType":"blacklist",
"comment":"registed by SOC",
"expiration":-1,
"owningUser":"[email protected]",
"firstSeen":1641378554120,
"lastUpdated":1641378554120
},
{
"key":"db8a4847285b41d09aa90ecbd4290526",
"reputationType":"FILE",
"isBlocking":true,
"maliciousType":"blacklist",
"comment":"registed by SOC",
"expiration":-1,
"owningUser":"[email protected]"
"firstSeen":1641378554120,
"lastUpdated":1641487820991
}
],
"total":760
}
}
Example: Return custom reputations for a specific item
Request
curl --request GET \
--url https://12.34.56.78/rest/classification/reputations/list \
--header 'Content-Type:application/json' \
--data '{"page":0,"size":20, filter: {"text":"mydomain.com", includeExpired: false}}'
Response
{
"outcome":"success",
"data": {
"reputations": [
{
"key":"mydomain.com",
"reputationType":"DOMAIN",
"isBlocking":false,
"maliciousType":"whitelist",
"comment":"null",
"expiration":-1,
"owningUser":"[email protected]",
"firstSeen":1641378554503,
"lastUpdated":1641378554503}],"total":1
}
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
{
"page":0,
"size":20,
"filter": {
"text":"mydomain.com",
"includeExpired": false
}
}
Response
{
"outcome":"success",
"data": {
"reputations": [
{
"key":"mydomain.com",
"reputationType":"DOMAIN",
"isBlocking":false,
"maliciousType":"whitelist",
"comment":"null",
"expiration":-1,
"owningUser":"[email protected]",
"firstSeen":1641378554503,
"lastUpdated":1641378554503}],"total":1
}
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
endpoint_url = "/rest/classification/reputations/list"
api_url = base_url + endpoint_url
reputation = json.dumps({"page":0,"size":1000,"filter":{"includeExpired":False}})
api_response = session.request("POST", api_url, data=reputation, headers=headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"outcome":"success",
"data": {
"reputations": [
{
"key":"mydomain.com",
"reputationType":"DOMAIN",
"isBlocking":false,
"maliciousType":"whitelist",
"comment":"null",
"expiration":-1,
"owningUser":"[email protected]",
"firstSeen":1641378554503,
"lastUpdated":1641378554503}],"total":1
}
}