Set Reputation
Endpoint URL: https://<your server>/rest/classification/update
Endpoint URI: classification/update
Action: POST
Sets a custom, organization-specific reputation (whitelist or blacklist) for a file, IP address, or domain name.
Note
Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.
Request Headers
You must add an Content-Type:application/json header with the request.
Note
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
Input: JSON
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
[
{
"keys": [
"<item key>"
],
"reputationType":"<item type>",
"maliciousType": "<classification>",
"prevent": "<boolean>",
"remove": "<boolean>",
"comment":"<comment",
"expiration":1643608800000,
}
]
Request Parameters
URL/URI parameters: none
Request Body Parameters: Use the following parameters. Required parameters are noted in bold.
Parameter |
Type |
Description |
|---|---|---|
keys |
String |
The file hash value (either MD5 or SHA1), IP address, or domain name for which to set a custom reputation. |
reputationType |
Enum |
The type of item for which you are setting a reputation. Possible values include:
This field is supported in versions 21.2.101 and later. |
maliciousType |
Enum |
The reputation to set. Possible values include:
|
prevent |
Boolean |
Indicates whether to prevent the file’s execution with Application Control. Note this option is applicable for the File type. If your request includes IP addresses or domain names to update, you must set this parameter to false. |
remove |
Boolean |
Instructs Cybereason to add or remove a reputation. Set the value to true to remove the current reputation or false to add a reputation. |
comment |
String |
A comment to add with a custom reputation. This field is supported in versions 21.2.101 and later. |
expiration |
Long |
The expiration date for the custom reputation. This field is supported in versions 21.2.101 and later. |
Response Status Codes
This request can return the following status codes:
200: OK with an accompanying success or failure message.
Response Success Schema
The response includes the following fields:
outcome: A string value. The status of the reputation update. If the update was successful, the status is success.
data: String value. Indicates whether the data set was correct.
Response Failure Schema
The response includes these possible fields:
Parameter |
Type |
Description |
|---|---|---|
outcome |
Enum |
An object containing the status of the response. Possible values include:
|
data |
Boolean |
Describes whether the data was updated successfully. If the update was successful this value is true. If the update failed, this value is null. |
Important Response Fields
Important information is found in these fields:
outcome parameter: The update status for the reputation. Ensure that it reports success to see if your reputation update succeeded.
Example: Set the reputation for a specific file
Request
curl --request POST \
--url http://12.34.56.78/rest/classification/update \
--header 'Content-Type:application/json' \
--data '{
[
{
"keys": [
"0aae5873aa0e9f80d3fa41524bef6825723b9e87"
],
"maliciousType": "whitelist",
"prevent": "true",
"remove": "false"
}
]
}'
Response
{
"outcome":"success",
"data":true
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
Use this request body:
[
{
"keys": [
"0aae5873aa0e9f80d3fa41524bef6825723b9e87"
],
"maliciousType": "whitelist",
"prevent": "true",
"remove": "false"
}
]
Response
{
"outcome":"success",
"data":true
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
endpoint_url = "/rest/classification/update"
api_url = base_url + endpoint_url
# These are the variables that represent different fields in the request.
reputation_item = "0aae5873aa0e9f80d3fa41524bef6825723b9e87"
custom_reputation = "whitelist"
reputation = json.dumps([{"keys":[reputation_item],"maliciousType":custom_reputation,"prevent":False,"remove":False}])
api_headers = {'Content-Type':'application/json'}
api_response = session.request("POST", api_url, data=reputation, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"outcome":"success",
"data":true
}
Example: Set the reputation for a specific IP address
Request
curl --request POST \
--url http://12.34.56.78/rest/classification/update \
--header 'Content-Type:application/json' \
--data '{
[
{
"keys": [
"11.11.11.11"
],
"maliciousType": "whitelist",
"prevent": "false",
"remove": "false"
}
]
}'
Response
{
"outcome":"success",
"data":true
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
Use this request body:
[
{
"keys": [
"11.11.11.11"
],
"maliciousType": "whitelist",
"prevent": "false",
"remove": "false"
}
]
Response
{
"outcome":"success",
"data":true
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
endpoint_url = "/rest/classification/update"
api_url = base_url + endpoint_url
# These are the variables that represent different fields in the request.
reputation_item = "11.11.11.11"
custom_reputation = "whitelist"
reputation = json.dumps([{"keys":[reputation_item],"maliciousType":custom_reputation,"prevent":False,"remove":False}])
api_headers = {'Content-Type':'application/json'}
api_response = session.request("POST", api_url, data=reputation, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"outcome":"success",
"data":true
}
Example: Set the reputation for a specific domain
Request
curl --request POST \
--url http://12.34.56.78/rest/classification/update \
--header 'Content-Type:application/json' \
--data '{
[
{
"keys": [
"mydomain.com"
],
"maliciousType": "whitelist",
"prevent": "false",
"remove": "false"
}
]
}'
Response
{
"outcome":"success",
"data":true
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
Use this request body:
[
{
"keys": [
"mydomain.com"
],
"maliciousType": "whitelist",
"prevent": "false",
"remove": "false"
}
]
Response
{
"outcome":"success",
"data":true
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
endpoint_url = "/rest/classification/update"
api_url = base_url + endpoint_url
# These are the variables that represent different fields in the request.
reputation_item = "mydomain.com"
custom_reputation = "whitelist"
reputation = json.dumps([{"keys":[reputation_item],"maliciousType":custom_reputation,"prevent":False,"remove":False}])
api_headers = {'Content-Type':'application/json'}
api_response = session.request("POST", api_url, data=reputation, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"outcome":"success",
"data":true
}
Example: Set the reputation for a multiple items
Request
curl --request POST \
--url http://12.34.56.78/rest/classification/update \
--header 'Content-Type:application/json' \
--data '{
[
{
"keys": [
"0aae5873aa0e9f80d3fa41524bef6825723b9e87",
"11.11.11.11",
"mydomain.com"
],
"maliciousType": "whitelist",
"prevent": "false",
"remove": "false"
}
]
}'
Response
{
"outcome":"success",
"data":true
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
Use this request body:
[
{
"keys": [
"0aae5873aa0e9f80d3fa41524bef6825723b9e87",
"11.11.11.11",
"mydomain.com"
],
"maliciousType": "whitelist",
"prevent": "false",
"remove": "false"
}
]
Response
{
"outcome":"success",
"data":true
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
endpoint_url = "/rest/classification/update"
api_url = base_url + endpoint_url
# These are the variables that represent different fields in the request.
reputation_item_1 = "0aae5873aa0e9f80d3fa41524bef6825723b9e87"
reputation_item_2 = "11.11.11.11"
reputation_item_3 = "mydomain.com"
custom_reputation = "whitelist"
reputation = json.dumps([{"keys":[reputation_item_1,reputation_item_2,reputation_item_3],"maliciousType":custom_reputation,"prevent":False,"remove":False}])
api_headers = {'Content-Type':'application/json'}
api_response = session.request("POST", api_url, data=reputation, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"outcome":"success",
"data":true
}
Example: Update failure for a reputation update due to incorrect values
Request
curl --request POST \
--url http://12.34.56.78/rest/classification/update \
--header 'Content-Type:application/json' \
--data '{
[
{
"keys": [
"0aae5873aa0e9f80d3fa41524bef6825723b9e87"
],
"maliciousType": "malware",
"prevent": "true",
"remove": "false"
}
]
}'
Response
{
"outcome": "failed",
"data": {
"1562689458066": "invalidFileEntry_badReputation"
}
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
Use this request body:
[
{
"keys": [
"0aae5873aa0e9f80d3fa41524bef6825723b9e87"
],
"maliciousType": "malware",
"prevent":"true",
"remove": "false"
}
]
Response
{
"outcome": "failed",
"data": {
"1562689458066": "invalidFileEntry_badReputation"
}
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Login information
endpoint_url = "/rest/classification/update"
api_url = base_url + endpoint_url
# These are the variables that represent different fields in the request.
reputation_item = "0aae5873aa0e9f80d3fa41524bef6825723b9e87"
custom_reputation = "malware"
reputation = json.dumps({[{"keys":[reputation_item],"maliciousType":custom_reputation,"prevent":True,"remove":False}]})
api_headers = {'Content-Type':'application/json'}
api_response = session.request("POST", api_url, data=reputation, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"outcome": "failed",
"data": {
"1562689458066": "invalidFileEntry_badReputation"
}
}
Example: Update failure for a reputation update due to incorrect values for prevention
Request
curl --request POST \
--url http://12.34.56.78/rest/classification/update \
--header 'Content-Type:application/json' \
--data '{
[
{
"keys": [
"0aae5873aa0e9f80d3fa41524bef6825723b9e87",
"11.11.11.11",
"mydomain.com"
],
"maliciousType": "whitelist",
"prevent": "false",
"remove": "false"
}
]
}'
Response
{
"outcome": "failed",
"data": {
"1562692248058": "invalidFileEntry_failedToPreventWithWhitelist"
}
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
Use this request body:
[
{
"keys": [
"0aae5873aa0e9f80d3fa41524bef6825723b9e87",
"11.11.11.11",
"mydomain.com"
],
"maliciousType": "whitelist",
"prevent": "false",
"remove": "false"
}
]
Response
{
"outcome": "failed",
"data": {
"1562692248058": "invalidFileEntry_failedToPreventWithWhitelist"
}
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "myserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
endpoint_url = "/rest/classification/update"
api_url = base_url + endpoint_url
# These are the variables that represent different fields in the request.
reputation_item_1 = "0aae5873aa0e9f80d3fa41524bef6825723b9e87"
reputation_item_2 = "11.11.11.11"
reputation_item_3 = "mydomain.com"
custom_reputation = "whitelist"
reputation = json.dumps([{"keys":[reputation_item_1,reputation_item_2,reputation_item_3],"maliciousType":custom_reputation,"prevent":False,"remove":False}])
api_headers = {'Content-Type':'application/json'}
api_response = session.request("POST", api_url, data=reputation, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"outcome": "failed",
"data": {
"1562692248058": "invalidFileEntry_failedToPreventWithWhitelist"
}
}
Example: Set the reputation for a specific domain (versions 21.2.103 and later)
Request
curl --request POST \
--url http://12.34.56.78/rest/classification/update \
--header 'Content-Type:application/json' \
--data '{
[
{
"keys":["mytestdomain.com"],
"reputationType":"DOMAIN",
"maliciousType":"blacklist",
"prevent":false
"remove":false,
"comment":"Sample domain",
"expiration":1643608800000
}
]
}'
Response
{
"outcome":"success",
"data":true
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
Use this request body:
[
{
"keys":["mytestdomain.com"],
"reputationType":"DOMAIN",
"maliciousType":"blacklist",
"prevent":false,
"remove":false,
"comment":"Sample domain",
"expiration":1643608800000
}
]
Response
{
"outcome":"success",
"data":true
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
endpoint_url = "/rest/classification/update"
api_url = base_url + endpoint_url
# These are the variables that represent different fields in the request.
reputation_item = "mytestdomain.com"
item_type = "DOMAIN"
custom_reputation = "whitelist"
comment = "Sample domain"
expiration_date = 1643608800000
reputation = json.dumps([{"keys":[reputation_item],"reputationType":item_type,"maliciousType":custom_reputation,"prevent":False,"remove":False,"comment":comment,"expiration":expiration_date}])
api_headers = {'Content-Type':'application/json'}
api_response = session.request("POST", api_url, data=reputation, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"outcome":"success",
"data":true
}