Retrieve Domain Reputations

Endpoint URL: https://sage.cybereason.com/rest/download_v1/domain_reputation
Endpoint URI: download_v1/domain_reputation

Action: POST

Returns a list of all domain reputations used by the Cybereason threat intelligence service.

This API is a legacy API and has been deprecated. For the most up-to-date IP address reputation information, use the API to check a specific IP address. For details on this API, see Get a Domain Reputation.

You must add an Content-Type:application/json header with the request.

Note

If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.

{}

Because this request uses a POST method, you must add a request body. Add only open and closed brackets without parameters between the brackets.

URL/URI parameters: none

Request Body Parameters: none

This request can return the following status codes:

200: Success OK or an error message saying why

The response contains the following fields:

Field	Type	Parameter
ttl	Integer	Timestamp representing time the data is live.
domainReputationResponseList	Array	An object containing details on the IP address reputations.
requestKey	String	The specific domain address on which you want data.
aggregatedResult	Array	An object containing the details on the domain reputation.
reputationSource	Enum	The source for the reputation classification.
reputationScore	Enum	The reputation score assigned to the domain.

None

Important information is found in these fields:

domainReputationResponseList object: This object contains the list of all domains you requested. Check to ensure that there are the same number of results in this object as domains about which you requested threat intelligence information.
requestKey: The name of the domain about which you want threat intelligence.
reputationSource: The source for the threat intelligence classification.
reputationScore: The reputation classification for the domain.

Request

curl --request POST \
    --url https://sage.cybereason.com/rest/download_v1/domain_reputation \
    --header 'Content-Type:application/json' \
    --data '{}'

Response

Note

This is a partial response, shortened to show the key fields. Your actual response will be much longer and contain all product classifications.

{
    "requestKey": null,
    "ttl": 0,
    "domainReputationResponseList": [
        {
            "requestKey": "jrgs.sfcorporation.com",
            "ttl": 86400000,
            "aggregatedResult": {
                "reputationSource": "Cybereason blocklist",
                "reputationScore": "Malicious"
            }
        },
        {
            "requestKey": "notped.com",
            "ttl": 86400000,
            "aggregatedResult": {
                "reputationSource": "Cybereason blocklist",
                "reputationScore": "Malicious"
            }
        }
    ]
}

Request

Use this request body:

{}

Response

Note

This is a partial response, shortened to show the key fields. Your actual response will be much longer and contain all product classifications.

{
    "requestKey": null,
    "ttl": 0,
    "domainReputationResponseList": [
        {
            "requestKey": "jrgs.sfcorporation.com",
            "ttl": 86400000,
            "aggregatedResult": {
                "reputationSource": "Cybereason blocklist",
                "reputationScore": "Malicious"
            }
        },
        {
            "requestKey": "notped.com",
            "ttl": 86400000,
            "aggregatedResult": {
                "reputationSource": "Cybereason blocklist",
                "reputationScore": "Malicious"
            }
        }
    ]
}

Request

Download Python script

Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.

import requests
import json

session = requests.session()

# Request URL

sage_url = "https://sage.cybereason.com"

endpoint_url = "/rest/download_v1/domain_reputation"

api_url = sage_url + endpoint_url

query = '{}'

api_headers = {'Content-Type':'application/json'}

api_response = session.request("POST", api_url, data=query, headers=api_headers)

your_response = json.loads(api_response.content)

print(json.dumps(your_response, indent=4, sort_keys=True))

Response

Note

This is a partial response, shortened to show the key fields. Your actual response will be much longer and contain all product classifications.

{
    "requestKey": null,
    "ttl": 0,
    "domainReputationResponseList": [
        {
            "requestKey": "jrgs.sfcorporation.com",
            "ttl": 86400000,
            "aggregatedResult": {
                "reputationSource": "Cybereason blocklist",
                "reputationScore": "Malicious"
            }
        },
        {
            "requestKey": "notped.com",
            "ttl": 86400000,
            "aggregatedResult": {
                "reputationSource": "Cybereason blocklist",
                "reputationScore": "Malicious"
            }
        }
    ]
}