Retrieve File Extension Details

Endpoint URL: https://sage.cybereason.com/rest/download_v1/file_extension
Endpoint URI: download_v1/file_extension

Action: POST

Returns details on file extensions based on the Cybereason threat intelligence service. This information is used by the Cybereason platform to classify files and processes based on the extension of the file.

You must add an Content-Type:application/json header with the request.

Note

If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.

{}

Because this request uses a POST method, you must add a request body. Add only open and closed brackets without parameters between the brackets.

URL/URI parameters: none

Request Body Parameters: none

This request can return the following status codes:

200: Success OK or an error message saying why

The response contains the following fields:

Field	Type	Description
recordList	Array	An object containing details on the file extensions.
key	Array	An object with details on the specific file extensions.
extension	String	The file extension.
value	Array	An object containing specific details on the file extension.
sources	Array	An object containing the list of sources for this classification.
description	String	A description of the purpose of the extension.
type	Enum	The type of file. Possible values include: DATABASE DOCUMENT DOCUMENT_VIDEO DOCUMENT_TEXT DOCUMENT_DEVELOPER DOCUMENT_AUDIO DOCUMENT_IMAGE DOCUMENT_MAIL DOCUMENT_PERSONALINFORMATION DOCUMENT_WEB EXECUTABLE EXECUTABLE_WINDOWS EXECUTABLE_PLUGIN EXECUTABLE_WEB EXECUTABLE_SCRIPT EXECUTABLE_INSTALLER ARCHIVE ARCHIVE_COMPRESSED ARCHIVE_DISKIMAGE CERTIFICATE SYSTEM SYSTEM_WINDOWS APPLICATION APPLICATION_DATA APPLICATION_CONFIG NONE
lastUploadTimestamp	Integer	A timestamp (in epoch) when the information was last updated on the Threat Intel Server.

None

Important information is found in these fields:

recordList object: This object contains the list of all file extensions classified by the Cybereason platform.
extension: The type of file extension.
sources: The source for the threat intelligence classification.
description: A description of the purpose of the file extension.
type: The classification the Cybereason platform uses for the file extension throughout the various parts of the Cybereason platform.

Request

curl --request POST \
    --url https://sage.cybereason.com/rest/classification_v1/file_extension \
    --header 'Content-Type:application/json' \
    --data '{}'

Response

Note

This is a partial response, shortened to show the key fields for a single file extension. Your actual response will be much longer and contain details on all file extensions.

{
    "recordList": [
        {
            "key": {
                "extension": "3g2"
            },
            "value": {
                "sources": [
                    "dotwhat.net"
                ],
                "description": "3GPP2 Multimedia",
                "type": "DOCUMENT_VIDEO"
            }
        },
        {
            "key": {
                "extension": "3ga"
            },
            "value": {
                "sources": [
                    "dotwhat.net"
                ],
                "description": "3GPP Audio",
                "type": "DOCUMENT_AUDIO"
            }
        }
    ]
}

Request

Use this request body:

{}

Response

Note

This is a partial response, shortened to show the key fields for a single file extension. Your actual response will be much longer and contain details on all file extensions.

{
    "recordList": [
        {
            "key": {
                "extension": "3g2"
            },
            "value": {
                "sources": [
                    "dotwhat.net"
                ],
                "description": "3GPP2 Multimedia",
                "type": "DOCUMENT_VIDEO"
            }
        },
        {
            "key": {
                "extension": "3ga"
            },
            "value": {
                "sources": [
                    "dotwhat.net"
                ],
                "description": "3GPP Audio",
                "type": "DOCUMENT_AUDIO"
            }
        }
    ]
}

Request

Download Python script

Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.

import requests
import json

session = requests.session()

# Request URL

sage_url = "https://sage.cybereason.com"

endpoint_url = "/rest/download_v1/file_extension"

api_url = sage_url + endpoint_url

query = '{}'

api_headers = {'Content-Type':'application/json'}

api_response = session.request("POST", api_url, data=query, headers=api_headers)

your_response = json.loads(api_response.content)

print(json.dumps(your_response, indent=4, sort_keys=True))

Response

Note

This is a partial response, shortened to show the key fields for a single file extension. Your actual response will be much longer and contain details on all file extensions.

{
    "recordList": [
        {
            "key": {
                "extension": "3g2"
            },
            "value": {
                "sources": [
                    "dotwhat.net"
                ],
                "description": "3GPP2 Multimedia",
                "type": "DOCUMENT_VIDEO"
            }
        },
        {
            "key": {
                "extension": "3ga"
            },
            "value": {
                "sources": [
                    "dotwhat.net"
                ],
                "description": "3GPP Audio",
                "type": "DOCUMENT_AUDIO"
            }
        }
    ]
}