Download Sensor Logs
Endpoint URL: https://<your server>/rest/sensors/action/download-logs/:batchID
Endpoint URI: sensors/action/download-logs
Action: GET
Download sensor logs retrieved in a previous API request to the machine on which the API request was sent. For details on how to retrieve the logs, see Retrieve Sensor Logs.
Depending on the manner in which you send the request, you must perform additional actions to save the file appropriately.
You must be assigned the System Admin role and Sensor Admin L1 role (if your Cybereason environment uses sensor grouping) to send requests to this endpoint URL.
Note
Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.
Request Headers
You must add an Content-Type:application/json header with the request.
Note
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
None
Request Parameters
URL/URI parameters: You must provide the batchID parameter from the previous retrieval request.
Request Body Parameters: none
Response Status Codes
This request can return the following status codes:
200: Success OK or an error message saying why.
404: The provided Batch ID was not found.
Response Success Schema
Logs download to the machine.
Response Failure Schema
None
Example: Retrieve the logs from a sensor
Request
curl --request GET \
--url https://12.34.56.78/rest/sensors/action/download-logs/1268429474 \
--header 'Content-Type:application/json' \
Response
Logs are downloaded
Request
Response
The response in your client displays as jumbled characters or binary code. You will need to save the response as a file. For example, in Postman, you can use the Send and download option.
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
endpoint_url = "/rest/sensors/download-logs/1268429474"
api_url = base_url + endpoint_url
api_response = session.request("GET", url, headers=headers)
cwd = os.getcwd()
outputDir = cwd + "\\sensorlogs"
logs = zipfile.ZipFile(io.BytesIO(api_response.content))
logs.extractall(outputDir)
Response
This example contains lines of code to save the zip file returned in the response to a specific location.
The logs are downloaded to the specified location.