Abort an Operation
Endpoint URL: https://<your server>/rest/sensors/abort/:batchID
Endpoint URI: sensors/abort/:batchID
Action: GET
Aborts an operation on a sensor or group of sensors.
This request only aborts actions that have not been sent to the sensor. Actions already complete are not aborted.
You must be assigned the System Admin role and Sensor Admin L1 role (if your Cybereason environment uses sensor grouping) to send requests to this endpoint URL.
Note
Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.
Request Headers
You must add an Content-Type:application/json header with the request.
Note
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
None
Request Parameters
URL/URI parameters: You must provide the REQUIRED batchID parameter in the URL of the request. This batch ID is found in the response of a request sent to a sensor or sensors. These requests include operations like changing the Anti-Malware mode, Anti-Ransomware mode, and so forth.
Request Body Parameters: none
Response Status Codes
This request can return the following status codes:
200: Success OK or an error message saying why
400: Error with Bad Request UNKNOWN BATCH
Response Success Schema
The response includes:
Field |
Type |
Description |
|---|---|---|
batchID |
Integer |
The ID for the operation. You may need this number for other operations with the API. |
actionType |
Enum |
The action taken on the sensor. Possible values include:
|
actionArguments |
String |
The arguments passed for the operation. |
globalStats |
Array |
Collection of items about the operation. For details about this object, see globalStatsObject. |
finalState |
Boolean |
Indicates whether the sensor is in the state indicated by the operation. |
totalNumberOfProbes |
Integer |
How many sensors were affected by the current operation |
initiatorUser |
String |
The user name of the user who performed this operation. |
startTime |
Timestamp |
The start time of the operation. |
aborterUser |
String |
The user name of the user who aborted the operation. This field only exists if the operation was aborted. |
abortTime |
Timestamp |
The time (in epoch) when the operation was aborted. This field only exists if the operation was aborted. |
abortTimeout |
Boolean |
Indicates whether there is a timeout value for timing out the request to abort. |
abortHttpStatusCode |
String |
The code sent by the server to abort the operation. This field only exists if the operation was aborted. |
Response Failure Schema
Failure: 400 - Bad Request UNKNOWN BATCH
Important Response Fields
Important information is found in these fields:
batchID: The operation identifier for the sensor operation.
actionType: The type of sensor operation. For this request to abort a sensor operation, this should report Abort.
stats object: This object contains details on the final result of the operation for the sensors included in the batch. View the different fields available in this object and the number of sensors to which this status applied.
totalNumberOfProbes:* The total number of sensors to which this operation applied.
Example: Abort an in-progress operation on a group of sensors
Request
curl --request GET \
--url https://12.34.56.78/rest/sensors/abort/854089583 \
--header 'Content-Type:application/json' \
Response
{
"batchId": 854089583,
"actionType": "Abort",
"actionArguments": null,
"globalStats": {
"stats": {
"UnknownProbe": 0,
"partialResponse": 0,
"EndedWithUnknownError": 0,
"Pending": 0,
"ProbeRemoved": 0,
"None": 1,
"Disconnected": 0,
"InvalidState": 0,
"EndedWithSensorTimeout": 0,
"InProgress": 0,
"Timeout": 0,
"Succeeded": 0,
"UnauthorizedUser": 0,
"Primed": 0,
"NotSupported": 0,
"EndedWithTooManySearches": 0,
"Started": 0,
"GettingChunks": 0,
"MsiFileCorrupted": 0,
"AlreadyUpdated": 0,
"AbortTimeout": 0,
"Aborted": 0,
"EndedWithTooManyResults": 0,
"SendingMsi": 0,
"FailedSending": 0,
"ChunksRequired": 0,
"FailedSendingToServer": 0,
"EndedWithInvalidParam": 0,
"TimeoutSending": 0,
"NewerInstalled": 0,
"Failed": 0,
"MsiSendFail": 0
}
},
"finalState": false,
"totalNumberOfProbes": 1,
"initiatorUser": "[email protected]",
"startTime": 1523875125179,
"aborterUser": null,
"abortTime": 0,
"abortTimeout": false,
"abortHttpStatusCode": null
}
Response
{
"batchId": 854089583,
"actionType": "Abort",
"actionArguments": null,
"globalStats": {
"stats": {
"UnknownProbe": 0,
"partialResponse": 0,
"EndedWithUnknownError": 0,
"Pending": 0,
"ProbeRemoved": 0,
"None": 1,
"Disconnected": 0,
"InvalidState": 0,
"EndedWithSensorTimeout": 0,
"InProgress": 0,
"Timeout": 0,
"Succeeded": 0,
"UnauthorizedUser": 0,
"Primed": 0,
"NotSupported": 0,
"EndedWithTooManySearches": 0,
"Started": 0,
"GettingChunks": 0,
"MsiFileCorrupted": 0,
"AlreadyUpdated": 0,
"AbortTimeout": 0,
"Aborted": 0,
"EndedWithTooManyResults": 0,
"SendingMsi": 0,
"FailedSending": 0,
"ChunksRequired": 0,
"FailedSendingToServer": 0,
"EndedWithInvalidParam": 0,
"TimeoutSending": 0,
"NewerInstalled": 0,
"Failed": 0,
"MsiSendFail": 0
}
},
"finalState": false,
"totalNumberOfProbes": 1,
"initiatorUser": "[email protected]",
"startTime": 1523875125179,
"aborterUser": null,
"abortTime": 0,
"abortTimeout": false,
"abortHttpStatusCode": null
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
sensor_operation_batch_id = 854089583
endpoint_url = "/rest/sensors/abort/"
api_url = base_url + endpoint_url + str(sensor_operation_batch_id)
api_headers = {'Content-Type':'application/json'}
api_response = session.request("POST", api_url, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{ "batchId": 854089583, "actionType": "Abort", "actionArguments": null, "globalStats": { "stats": { "UnknownProbe": 0, "partialResponse": 0, "EndedWithUnknownError": 0, "Pending": 0, "ProbeRemoved": 0, "None": 1, "Disconnected": 0, "InvalidState": 0, "EndedWithSensorTimeout": 0, "InProgress": 0, "Timeout": 0, "Succeeded": 0, "UnauthorizedUser": 0, "Primed": 0, "NotSupported": 0, "EndedWithTooManySearches": 0, "Started": 0, "GettingChunks": 0, "MsiFileCorrupted": 0, "AlreadyUpdated": 0, "AbortTimeout": 0, "Aborted": 0, "EndedWithTooManyResults": 0, "SendingMsi": 0, "FailedSending": 0, "ChunksRequired": 0, "FailedSendingToServer": 0, "EndedWithInvalidParam": 0, "TimeoutSending": 0, "NewerInstalled": 0, "Failed": 0, "MsiSendFail": 0 } }, "finalState": false, "totalNumberOfProbes": 1, "initiatorUser": "[email protected]", "startTime": 1523875125179, "aborterUser": null, "abortTime": 0, "abortTimeout": false, "abortHttpStatusCode": null }