Download a List of Sensors

Endpoint URL: https://<your server>/rest/sensors/download/csv
Endpoint URI: sensors/download/csv

Action: GET

Returns a list of all sensors in comma delimited (CSV) format. This list includes online, offline, and stale sensors in the same list. You can then take this list and save it to an external file as needed.

You must be assigned the System Admin role and Sensor Admin L1 role (if your Cybereason environment uses sensor grouping) to send requests to this endpoint URL.

Note

Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.

You must add an Content-Type:application/json header with the request.

Note

If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.

None

URL/URI parameters: none

Request Body Parameters: none

This request can return the following status codes:

200: Success OK

If there is available data, you receive a list of sensors in comma delimited format (CSV) and details about the sensors. This list includes online, offline, or stale sensors in the same list.

This list has each of the following:

Field	Type	Description
Actions in progress	Integer	The number of actions in progress or pending (i.e. Not Resolved) on the machine with the sensor.
AI detect mode	Enum	The setting for the AI (Artificial Intelligence) Detect mode. Possible values include: DISABLED CAUTIOUS MODERATE AGGRESSIVE SET_BY_POLICY
AI detect mode origin	Enum	The source of the Anti-Malware > Artificial Intelligence detect mode. Possible values include: DISABLED ENABLED SET_BY_POLICY
AI prevent mode	Enum	The setting for the AI Prevent mode. Possible values include: DISABLED CAUTIOUS MODERATE AGGRESSIVE
AI prevent mode origin	Enum	The source for the Anti-Malware > AI prevent mode. Possible values include: DISABLED ENABLED SET_BY_POLICY
Anti-Malware mode	Enum	The Anti-Malware Prevention mode for the sensor. Possible values include: DISABLED ENABLED SET_BY_POLICY
Anti-Malware mode origin	Enum	The source for the Anti-Malware mode. Possible values include: DISABLED ENABLED SET_BY_POLICY
Anti-Ransomware mode	Enum	The Anti-Ransomware mode. Possible values include: DISABLE DETECTION_ONLY SUSPEND REMEDIATE DEFAULT
App Control mode	Enum	The Application Control mode. Possible values include: ENABLE DISABLE UNINSTALL INSTALL
Archived or unarchived comment	String	The comment added when a sensor was archived or unarchived.
Console version	Decimal	The version of the console running for the server to which the sensor is connected.
collectionStatus	Enum	States whether the machine has data collection enabled. Valid values include ENABLED, DISABLED, or SUSPENDED.
Data collection	Enum	The status of the data collection features on the machine. Possible values include: Enabled Suspended** Disabled
CPU usage	Float	The amount of CPU used by the machine (expressed as a percentage).
Disconnection time	Timestamp	The time (in epoch) when the sensor machine was disconnected. Returns 0 if this is the first connection time. After the first connection, this is the time is was last connected.
Last exit reason	String	The last sensor failure status.
External IP address	String	The sensor machine’s external IP address.
First seen	Timestamp	The first time the machine is recognized. Timestamp values are returned in epoch.
FQDN	String	The fully qualified domain name (fqdn) for the machine on which the sensor is installed.
GUID	String	The globally unique sensor identifier.
Last status action	Enum	The last action taken that changed the sensor status. Possible values include: ARCHIVE UNARCHIVE
Last upgrade result	sensor action	The result of the last upgrade process.
lastUpgradeStep	Upgrade step	Last step taken in the upgrade process.
Internal IP address	String	The sensor machine’s internal IP address.
Isolated	Boolean	States whether the sensor machine is isolated. Returns true if the the machine is isolated.
Machine Name	String	The name of the machine on which the sensor is installed.
Memory usage	Long	The amount of RAM on the hosting computer used by the sensor.
Organization	String	The organization name for the machine on which the sensor is installed.
OS	Enum	The operating system running on the machine. Possible values include: UNKNOWN_OS WINDOWS OSX LINUX
OS version	Enum	Version of operating system for the machine. Possible values include: Windows_8_1 Windows_8 Windows_7 Windows_Vista Windows_XP_Professional_x64_Edition Windows_XP Windows_2000 Windows_Server_2012_R2 Windows_Server_2012 Windows_Server_2008_R2 Windows_Server_2008 Windows_Server_2003_R2 Windows_Home_Server Windows_Server_2003 Windows_Server_2016 Windows_Server_2019 Windows_10 Catalina_10_15 Mojave_10_14 High_Sierra_10_13 Sierra_10_12 El_Capitan_10_11 Yosemite_10_10 Maverick_10_9 Centos_Linux_6 Centos_Linux_7 Red_Hat_Enterprise_Linux_6 Red_Hat_Enterprise_Linux_7 Ubuntu_Linux_12 Ubuntu_Linux_14 Ubuntu_Linux_16 Ubuntu_Linux_17 Ubuntu_Linux_18 Oracle_Linux_6 Oracle_Linux_7 Suse_Linux_12 Amazon_Linux_2011__09 Amazon_Linux_2012__03 Amazon_Linux_2012__09 Amazon_Linux_2013__03 Amazon_Linux_2013__09 Amazon_Linux_2014__03 Amazon_Linux_2014__09 Amazon_Linux_2015__03 Amazon_Linux_2015__09 Amazon_Linux_2016__03 Amazon_Linux_2016__09 Amazon_Linux_2017__03 Debian_Linux_8 Debian_Linux_9
Outdated	Boolean	States whether the machine is out of date or not.
Pending actions	Array	A list of actions pending to run on the sensor.
PowerShell mode	Enum	The Powershell Prevention mode. Possible values include: PS_DISABLED PS_ENABLED PS_DEFAULT
Last prevention error	String	The error received for prevention by the sensor.
Proxy address	String	The address for the Proxy server used by this sensor.
PylumID	String	The unique identifier assigned by Cybereason to the Sensor.
sensor ID	String	The unique identifier for a sensor. This ID is a concatenation of the Detection server ID and sensor PylumID.
Sensor archived by user	String	The Cybereason user name for the user who archived the selected sensor.
Sensor status	Enum	The online status of the machine on which the sensors are located. Possible values include Online, Offline, Stale, or Archived.
Sensor version	String	The sensor version number.
Server ID	String	The unique identifier for the Detection Server to which the sensor is connected.
Server ip	Decimal	The IP address of the Detection Server to which the sensor is connected.
Server name	String	The name of the server for the sensor.
Signature mode	Enum	The Anti-Malware signatures mode. Possible values include: DISABLED DETECT DISINFECT SET_BY_POLICY
Signature mode origin	Enum	The source of the Anti-Malware signatures mode. Possible values include: DISABLED ENABLED SET_BY_POLICY
Site	String	The name of the site for the sensor.
Site ID	Long	The identifier for the sensor’s site.
Uptime	Long	The time the sensor has been online.

Request

curl --request GET \
   --url https://12.34.56.78/rest/sensors/download/csv \
   --header 'Content-Type:application/json' \

Response

"Sensor ID","PylumID","GUID","FQDN","Machine name","Internal IP address","External IP address","Site","Site ID","Anti-Ransomware mode","App Control mode","Isolated","Disconnection time","Sensor status","Last status action","Archived or unarchived comment","Sensor  archived by user","Server name","Server ID","Server ip","OS","OS version","Data collection","Sensor version","Console version","First seen","Uptime","CPU usage","Memory usage","Outdated","Signature mode","Signature mode origin","PowerShell mode","Anti-Malware mode","Anti-Malware mode origin","Organization","Proxy address","Last prevention error","Last exit reason","Actions in progress","Pending actions","Last upgrade result","AI detect mode","AI detect mode origin","AI prevent mode","AI prevent mode origin"
"5b87de51e4b0feb044cfd3cc:PYLUMCLIENT_INTERNAL_WIN10-X32_0050568A1D3B","PYLUMCLIENT_INTERNAL_WIN10-X32_0050568A1D3B","322709545.1198775089551518743","win10-x32","WIN10-X32","172.16.50.222","12.345.56.723","Default","0","Disabled","Not installed","false","2018-09-25 06:52:58.000","Offline","None","","","12.235.90.111","5b87de51e4b0feb044cfd3cc","","Windows","Windows 10","","17.5.0","","2018-09-05 14:26:33.000","D12 06:08:53.000","0.0","0","false","Disabled","Set by Policy","Disabled","Disabled","Set by Policy","Internal","myserver.net","","Stop request received from pylum","0","null","","Disabled","Set by Policy","Disabled","Set by Policy"

Request

Response

"Sensor ID","PylumID","GUID","FQDN","Machine name","Internal IP address","External IP address","Site","Site ID","Anti-Ransomware mode","App Control mode","Isolated","Disconnection time","Sensor status","Last status action","Archived or unarchived comment","Sensor archived by user","Server name","Server ID","Server ip","OS","OS version","Data collection","Sensor version","Console version","First seen","Uptime","CPU usage","Memory usage","Outdated","Signature mode","Signature mode origin","PowerShell mode","Anti-Malware mode","Anti-Malware mode origin","Organization","Proxy address","Last prevention error","Last exit reason","Actions in progress","Pending actions","Last upgrade result","AI detect mode","AI detect mode origin","AI prevent mode","AI prevent mode origin"
"5b87de51e4b0feb044cfd3cc:PYLUMCLIENT_INTERNAL_WIN10-X32_0050568A1D3B","PYLUMCLIENT_INTERNAL_WIN10-X32_0050568A1D3B","322709545.1198775089551518743","win10-x32","WIN10-X32","172.16.50.222","12.345.56.723","Default","0","Disabled","Not installed","false","2018-09-25 06:52:58.000","Offline","None","","","12.235.90.111","5b87de51e4b0feb044cfd3cc","","Windows","Windows 10","","17.5.0","","2018-09-05 14:26:33.000","D12 06:08:53.000","0.0","0","false","Disabled","Set by Policy","Disabled","Disabled","Set by Policy","Internal","myserver.net","","Stop request received from pylum","0","null","","Disabled","Set by Policy","Disabled","Set by Policy"

Request

Download Python script

Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.

import requests

url = "https://<your server address>/rest/sensors/download/csv"

headers = {'Content-Type': 'application/json'}

session = requests.session()

response = session.request("GET", url, headers=headers)

print (response.content)

Response

"Sensor ID","PylumID","GUID","FQDN","Machine name","Internal IP address","External IP address","Site","Site ID","Anti-Ransomware mode","App Control mode","Isolated","Disconnection time","Sensor status","Last status action","Archived or unarchived comment","Sensor archived by user","Server name","Server ID","Server ip","OS","OS version","Data collection","Sensor version","Console version","First seen","Uptime","CPU usage","Memory usage","Outdated","Signature mode","Signature mode origin","PowerShell mode","Anti-Malware mode","Anti-Malware mode origin","Organization","Proxy address","Last prevention error","Last exit reason","Actions in progress","Pending actions","Last upgrade result","AI detect mode","AI detect mode origin","AI prevent mode","AI prevent mode origin"
"5b87de51e4b0feb044cfd3cc:PYLUMCLIENT_INTERNAL_WIN10-X32_0050568A1D3B","PYLUMCLIENT_INTERNAL_WIN10-X32_0050568A1D3B","322709545.1198775089551518743","win10-x32","WIN10-X32","172.16.50.222","12.345.56.723","Default","0","Disabled","Not installed","false","2018-09-25 06:52:58.000","Offline","None","","","12.235.90.111","5b87de51e4b0feb044cfd3cc","","Windows","Windows 10","","17.5.0","","2018-09-05 14:26:33.000","D12 06:08:53.000","0.0","0","false","Disabled","Set by Policy","Disabled","Disabled","Set by Policy","Internal","myserver.net","","Stop request received from pylum","0","null","","Disabled","Set by Policy","Disabled","Set by Policy"