Check Reputation Updates
Endpoint URL: https://sage.cybereason.com/rest/download_v1/:reputation API/service
Endpoint URI: download_v1/:reputation API/service
Action: POST
Check the threat intelligence server to see if it has been updated recently. The Cybereason platform uses the retrieved timestamp to check if the data set has been updated and will send a request for the specific service if the data set is newer than the current data.
Request Headers
You must add an Content-Type:application/json header with the request.
Note
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
{}
Because this request uses a POST method, you must add a request body. Add only open and closed brackets without parameters between the brackets.
Request Parameters
URL/URI parameters: Add the specific resource API you want to check. Possible values include:
ip_reputation
domain_reputation
process_classification
file_extension
process_hierarchy
product_classification
const
Request Body Parameters: none
Response Status Code
This request can return the following status codes:
200: Success OK or an error message saying why
Response Success Schema
The response contains the following fields:
lastFlushCacheTime: A timestamp (in epoch) with the last update.
isFullDownloadSupported: A boolean value that indicates whether the data in this resource is available for download.
Response Failure Schema
None
Important Response Fields
Important information is found in these fields:
lastFlushCacheTime: This value represents the most recent update time (in epoch) for the global threat intel database update. Check this time to see if any recent updates have been made.
Example: Check to see if the process classification database is updated
Request
curl --request POST \
--url https://sage.cybereason.com/rest/download_v1/process_classification/service \
--header 'Content-Type:application/json' \
--data '{}'
Response
{
"lastFlushCacheTime": 1481795012450,
"isFullDownloadSupported": true
}
Request
Use this request body:
{}
Response
Note
This is a partial response, shortened to show the key fields. Your actual response will be much longer and contain all product classifications.
{
"lastFlushCacheTime": 1481795012450,
"isFullDownloadSupported": true
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
session = requests.session()
# Request URL
sage_url = "https://sage.cybereason.com"
endpoint_url = "/rest/download_v1/ip_reputation"
api_url = sage_url + endpoint_url
query = '{}'
api_headers = {'Content-Type':'application/json'}
api_response = session.request("POST", api_url, data=query, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
Note
This is a partial response, shortened to show the key fields. Your actual response will be much longer and contain all product classifications.
{
"lastFlushCacheTime": 1481795012450,
"isFullDownloadSupported": true
}