Get a Custom Reputation

Endpoint URL: https://<your server>/rest/classification/reputations/list
Endpoint URI: classification/reputations/list

Action: POST

Returns details on custom reputations for all or a specific item from your organization’s private threat intelligence.

This endpoint is supported for Cybereason versions 21.2.103 and later.

This feature is not available by default. Contact Technical Support to enable this feature.

Note

Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.

Request Headers

You must add an Content-Type:application/json header with the request.

Note

If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.


Request Body

Input: JSON

Download JSON syntax file

Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.

{
  "filter": {
    			"key": "<item key>",
    			"reputationType": "<item type>",
    			"isBlocking": true,
    			"maliciousType": "<whitelist or blacklist>",
    			"includeExpired": true,
    			"comment": "<text contained within a comment>",
    			"owningUser": "<user that created the reputation>",
    			"text": "<partial key or partial comment string>"
  			 },
  "column": "<value by which to sort>", 
  "order": "<sort order>",
  "page": 0,
  "size": 20
}

Request Parameters

URL/URI parameters: none

Request Body Parameters: Use the following parameters. Required parameters are noted in bold.

Key

Type

Description

filter

Object

An object containing details on the value by which to filter. Ensure you use only one of the possible filter values

key

String

The item key by which to search. You can enter a file hash value, IP address, or domain name.

reputationType

Enum

The type of item for which to search. Possible values include:

  • FILE

  • DOMAIN

  • IP

isBlocking

Boolean

Indicates whether the reputation has been marked to have the Cybereason platform block execution of the item when the platform detects this item.

maliciousType

Enum

The type of reputation. Enter either whitelist or blacklist.

includeExpired

Boolean

Indicates whether to include items for which the custom reputation is expired.

comment

String

Text of a comment added with the custom reputation.

owningUser

String

The Cybereason username for the user that added the custom reputation.

text

String

Any text associated with a custom reputation. For example, if you enter cybereason.com, the results include any item that has the string cybereason.com in the reputation key, the username for the user that added the reputation, and so forth.

column

Enum

The value by which to sort the results. Possible values include:

  • KEY

  • FIRST_SEEN

  • LAST_UPDATE

  • EXPIRATION

  • ACTION

  • REPUTATION_TYPE

  • COMMENT

  • OWNING_USER

order

Enum

The order in which to sort the values. Enter either asc for ascending order or desc for descending order.

page

Integer

The position in which to start returning the results. Unless you have a specific reason to start at a specific place in the results, leave this value as 0.

size

Integer

The number of items to return.

Response Status Codes

This request can return the following status codes:

  • 200: Success OK or an error message saying why


Response Success Schema

The response contains these fields:

Key

Type

Description

reputations

Array

An object containing details on the individual reputation.

key

String

The key for the item. This will be a file hash value, IP address, or domain name.

isBlocking

Boolean

Indicates whether the item was marked to have the Cybereason platform block execution of the item.

maliciousType

Enum

The reputation for the item. This value is to allow (whitelist) or block (blacklist).

comment

String

Comment added when the reputation was added.

expiration

Long

The expiration date for the reputation.

owningUser

String

The Cybereason username for the user that added the reputation.

firstSeen

Long

The timestamp when the reputation was first added.

lastUpdate

Long

The timestamp when the reputation was last updated.

total

Integer

The total number of results returned.

Response Failure Schema

None


Example: Return all custom reputations

Request

curl --request GET \
    --url https://12.34.56.78/rest/classification/reputations/list \
    --header 'Content-Type:application/json' \
    --data '{"page":0,"size":1000,"filter":{"includeExpired":false}}'

Response

{
    "outcome":"success",
    "data": {
                "reputations":
                                [
                                    {
                                        "key":"4df4308dd3c36cfee0fe11cfa4856165",
                                        "reputationType":"FILE",
                                        "isBlocking":true,
                                        "maliciousType":"blacklist",
                                        "comment":"registed by SOC",
                                        "expiration":1648674000000,
                                        "owningUser":"[email protected]",
                                        "firstSeen":1641378554120,
                                        "lastUpdated":1641487058169
                                    },
                                    {
                                        "key":"0f3491280f5492cd028eb9e6b8b1b930",
                                        "reputationType":"FILE",
                                        "isBlocking":true,
                                        "maliciousType":"blacklist",
                                        "comment":"registed by SOC",
                                        "expiration":-1,
                                        "owningUser":"[email protected]",
                                        "firstSeen":1641378554120,
                                        "lastUpdated":1641378554120
                                    },
                                    {
                                        "key":"db8a4847285b41d09aa90ecbd4290526",
                                        "reputationType":"FILE",
                                        "isBlocking":true,
                                        "maliciousType":"blacklist",
                                        "comment":"registed by SOC",
                                        "expiration":-1,
                                        "owningUser":"[email protected]"
                                        "firstSeen":1641378554120,
                                        "lastUpdated":1641487820991
                                    }
                                ],
                "total":760
            }
}

Example: Return custom reputations for a specific item

Request

curl --request GET \
    --url https://12.34.56.78/rest/classification/reputations/list \
    --header 'Content-Type:application/json' \
    --data '{"page":0,"size":20, filter: {"text":"mydomain.com", includeExpired: false}}'

Response

{
    "outcome":"success",
    "data": {
                "reputations":  [
                                    {
                                        "key":"mydomain.com",
                                        "reputationType":"DOMAIN",
                                        "isBlocking":false,
                                        "maliciousType":"whitelist",
                                        "comment":"null",
                                        "expiration":-1,
                                        "owningUser":"[email protected]",
                                        "firstSeen":1641378554503,
                                        "lastUpdated":1641378554503}],"total":1
                                    }
}