Download a List of Sensors
Endpoint URL: https://<your server>/rest/sensors/download/csv
Endpoint URI: sensors/download/csv
Action: GET
Returns a list of all sensors in comma delimited (CSV) format. This list includes online, offline, and stale sensors in the same list. You can then take this list and save it to an external file as needed.
You must be assigned the System Admin role and Sensor Admin L1 role (if your Cybereason environment uses sensor grouping) to send requests to this endpoint URL.
Note
Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.
Request Headers
You must add an Content-Type:application/json header with the request.
Note
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
None
Request Parameters
URL/URI parameters: none
Request Body Parameters: none
Response Status Codes
This request can return the following status codes:
200: Success OK
Response Schema
If there is available data, you receive a list of sensors in comma delimited format (CSV) and details about the sensors. This list includes online, offline, or stale sensors in the same list.
This list has each of the following:
Field |
Type |
Description |
---|---|---|
Actions in progress |
Integer |
The number of actions in progress or pending (i.e. Not Resolved) on the machine with the sensor. |
AI detect mode |
Enum |
The setting for the AI (Artificial Intelligence) Detect mode. Possible values include:
|
AI detect mode origin |
Enum |
The source of the Anti-Malware > Artificial Intelligence detect mode. Possible values include:
|
AI prevent mode |
Enum |
The setting for the AI Prevent mode. Possible values include:
|
AI prevent mode origin |
Enum |
The source for the Anti-Malware > AI prevent mode. Possible values include:
|
Anti-Malware mode |
Enum |
The Anti-Malware Prevention mode for the sensor. Possible values include:
|
Anti-Malware mode origin |
Enum |
The source for the Anti-Malware mode. Possible values include:
|
Anti-Ransomware mode |
Enum |
The Anti-Ransomware mode. Possible values include:
|
App Control mode |
Enum |
The Application Control mode. Possible values include:
|
Archived or unarchived comment |
String |
The comment added when a sensor was archived or unarchived. |
Console version |
Decimal |
The version of the console running for the server to which the sensor is connected. |
collectionStatus |
Enum |
States whether the machine has data collection enabled. Valid values include ENABLED, DISABLED, or SUSPENDED. |
Data collection |
Enum |
The status of the data collection features on the machine. Possible values include:
|
CPU usage |
Float |
The amount of CPU used by the machine (expressed as a percentage). |
Disconnection time |
Timestamp |
The time (in epoch) when the sensor machine was disconnected. Returns 0 if this is the first connection time. After the first connection, this is the time is was last connected. |
Last exit reason |
String |
The last sensor failure status. |
External IP address |
String |
The sensor machine’s external IP address. |
First seen |
Timestamp |
The first time the machine is recognized. Timestamp values are returned in epoch. |
FQDN |
String |
The fully qualified domain name (fqdn) for the machine on which the sensor is installed. |
GUID |
String |
The globally unique sensor identifier. |
Last status action |
Enum |
The last action taken that changed the sensor status. Possible values include:
|
Last upgrade result |
sensor action |
The result of the last upgrade process. |
lastUpgradeStep |
Upgrade step |
Last step taken in the upgrade process. |
Internal IP address |
String |
The sensor machine’s internal IP address. |
Isolated |
Boolean |
States whether the sensor machine is isolated. Returns true if the the machine is isolated. |
Machine Name |
String |
The name of the machine on which the sensor is installed. |
Memory usage |
Long |
The amount of RAM on the hosting computer used by the sensor. |
Organization |
String |
The organization name for the machine on which the sensor is installed. |
OS |
Enum |
The operating system running on the machine. Possible values include:
|
OS version |
Enum |
Version of operating system for the machine. Possible values include:
|
Outdated |
Boolean |
States whether the machine is out of date or not. |
Pending actions |
Array |
A list of actions pending to run on the sensor. |
PowerShell mode |
Enum |
The Powershell Prevention mode. Possible values include:
|
Last prevention error |
String |
The error received for prevention by the sensor. |
Proxy address |
String |
The address for the Proxy server used by this sensor. |
PylumID |
String |
The unique identifier assigned by Cybereason to the Sensor. |
sensor ID |
String |
The unique identifier for a sensor. This ID is a concatenation of the Detection server ID and sensor PylumID. |
Sensor archived by user |
String |
The Cybereason user name for the user who archived the selected sensor. |
Sensor status |
Enum |
The online status of the machine on which the sensors are located. Possible values include Online, Offline, Stale, or Archived. |
Sensor version |
String |
The sensor version number. |
Server ID |
String |
The unique identifier for the Detection Server to which the sensor is connected. |
Server ip |
Decimal |
The IP address of the Detection Server to which the sensor is connected. |
Server name |
String |
The name of the server for the sensor. |
Signature mode |
Enum |
The Anti-Malware signatures mode. Possible values include:
|
Signature mode origin |
Enum |
The source of the Anti-Malware signatures mode. Possible values include:
|
Site |
String |
The name of the site for the sensor. |
Site ID |
Long |
The identifier for the sensor’s site. |
Uptime |
Long |
The time the sensor has been online. |
Example: Download a list of sensors
Request
curl --request GET \
--url https://12.34.56.78/rest/sensors/download/csv \
--header 'Content-Type:application/json' \
Response
"Sensor ID","PylumID","GUID","FQDN","Machine name","Internal IP address","External IP address","Site","Site ID","Anti-Ransomware mode","App Control mode","Isolated","Disconnection time","Sensor status","Last status action","Archived or unarchived comment","Sensor archived by user","Server name","Server ID","Server ip","OS","OS version","Data collection","Sensor version","Console version","First seen","Uptime","CPU usage","Memory usage","Outdated","Signature mode","Signature mode origin","PowerShell mode","Anti-Malware mode","Anti-Malware mode origin","Organization","Proxy address","Last prevention error","Last exit reason","Actions in progress","Pending actions","Last upgrade result","AI detect mode","AI detect mode origin","AI prevent mode","AI prevent mode origin"
"5b87de51e4b0feb044cfd3cc:PYLUMCLIENT_INTERNAL_WIN10-X32_0050568A1D3B","PYLUMCLIENT_INTERNAL_WIN10-X32_0050568A1D3B","322709545.1198775089551518743","win10-x32","WIN10-X32","172.16.50.222","12.345.56.723","Default","0","Disabled","Not installed","false","2018-09-25 06:52:58.000","Offline","None","","","12.235.90.111","5b87de51e4b0feb044cfd3cc","","Windows","Windows 10","","17.5.0","","2018-09-05 14:26:33.000","D12 06:08:53.000","0.0","0","false","Disabled","Set by Policy","Disabled","Disabled","Set by Policy","Internal","myserver.net","","Stop request received from pylum","0","null","","Disabled","Set by Policy","Disabled","Set by Policy"
"Sensor ID","PylumID","GUID","FQDN","Machine name","Internal IP address","External IP address","Site","Site ID","Anti-Ransomware mode","App Control mode","Isolated","Disconnection time","Sensor status","Last status action","Archived or unarchived comment","Sensor archived by user","Server name","Server ID","Server ip","OS","OS version","Data collection","Sensor version","Console version","First seen","Uptime","CPU usage","Memory usage","Outdated","Signature mode","Signature mode origin","PowerShell mode","Anti-Malware mode","Anti-Malware mode origin","Organization","Proxy address","Last prevention error","Last exit reason","Actions in progress","Pending actions","Last upgrade result","AI detect mode","AI detect mode origin","AI prevent mode","AI prevent mode origin"
"5b87de51e4b0feb044cfd3cc:PYLUMCLIENT_INTERNAL_WIN10-X32_0050568A1D3B","PYLUMCLIENT_INTERNAL_WIN10-X32_0050568A1D3B","322709545.1198775089551518743","win10-x32","WIN10-X32","172.16.50.222","12.345.56.723","Default","0","Disabled","Not installed","false","2018-09-25 06:52:58.000","Offline","None","","","12.235.90.111","5b87de51e4b0feb044cfd3cc","","Windows","Windows 10","","17.5.0","","2018-09-05 14:26:33.000","D12 06:08:53.000","0.0","0","false","Disabled","Set by Policy","Disabled","Disabled","Set by Policy","Internal","myserver.net","","Stop request received from pylum","0","null","","Disabled","Set by Policy","Disabled","Set by Policy"
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
url = "https://<your server address>/rest/sensors/download/csv"
headers = {'Content-Type': 'application/json'}
session = requests.session()
response = session.request("GET", url, headers=headers)
print (response.content)
Response
"Sensor ID","PylumID","GUID","FQDN","Machine name","Internal IP address","External IP address","Site","Site ID","Anti-Ransomware mode","App Control mode","Isolated","Disconnection time","Sensor status","Last status action","Archived or unarchived comment","Sensor archived by user","Server name","Server ID","Server ip","OS","OS version","Data collection","Sensor version","Console version","First seen","Uptime","CPU usage","Memory usage","Outdated","Signature mode","Signature mode origin","PowerShell mode","Anti-Malware mode","Anti-Malware mode origin","Organization","Proxy address","Last prevention error","Last exit reason","Actions in progress","Pending actions","Last upgrade result","AI detect mode","AI detect mode origin","AI prevent mode","AI prevent mode origin"
"5b87de51e4b0feb044cfd3cc:PYLUMCLIENT_INTERNAL_WIN10-X32_0050568A1D3B","PYLUMCLIENT_INTERNAL_WIN10-X32_0050568A1D3B","322709545.1198775089551518743","win10-x32","WIN10-X32","172.16.50.222","12.345.56.723","Default","0","Disabled","Not installed","false","2018-09-25 06:52:58.000","Offline","None","","","12.235.90.111","5b87de51e4b0feb044cfd3cc","","Windows","Windows 10","","17.5.0","","2018-09-05 14:26:33.000","D12 06:08:53.000","0.0","0","false","Disabled","Set by Policy","Disabled","Disabled","Set by Policy","Internal","myserver.net","","Stop request received from pylum","0","null","","Disabled","Set by Policy","Disabled","Set by Policy"