Retrieve Port Details

Endpoint URL: https://sage.cybereason.com/rest/download_v1/port
Endpoint URI: download_v1/port

Action: POST

Returns details on ports based on the Cybereason threat intelligence service. This information is used by the Cybereason platform to classify communications based on the port of the connection.

Request Headers

You must add an Content-Type:application/json header with the request.

Note

If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.


Request Body

{}

Because this request uses a POST method, you must add a request body. Add only open and closed brackets without parameters between the brackets.


Request Parameters

URL/URI parameters: none

Request Body Parameters: none


Response Status Codes

This request can return the following status codes:

  • 200: Success OK or an error message saying why


Response Success Schema

The response contains the following fields:

Field

Type

Parameter

recordList

Array

An object containing details on the port classifications.

key

Array

An object with details on the specific port.

port

Integer

The numeric port number.

protocol

Enum

The protocol used by the port for communication.

value

Array

An object containing specific details on the port.

sources

Array

An object containing the list of sources for this classification.

type

Enum

The type of port. Possible values include:

  • SERVICE_MAIL

  • SERVICE_HTTP

  • SERVICE_WINDOWS

  • SERVICE_FTP

  • SERVICE_TOR

  • SERVICE_IRC

  • SERVICE

  • MALWARE

  • NONE

shortDescription

String

A brief description of the port.

longDescription

String

The full description of the port.

lastUploadTimestamp

Integer

A timestamp (in epoch) when the information was last updated on the Threat Intel Server.


Response Failure Schema

None


Important Response Fields

Important information is found in these fields:

  • recordList object: An object containing all the ports for which there is a classification by the Cybereason platform.

  • port: The port number.

  • protocol: The protocol type used by the port.

  • sources: The source used by the Cybereason platform to classify the port.

  • type: The purpose for which the port is used.


Example: Retrieve port classification information

Request

curl --request POST \
    --url https://12.34.56.78/rest/download_v1/port \
    --header 'Content-Type:application/json' \
    --data '{}'

Response

Note

This is a partial response, shortened to show the key fields for a single port. Your actual response will be much longer and contain all port details.

{
    "recordList": [
        {
            "key": {
                "port": 0,
                "protocol": "TCP"
            },
            "value": [
                {
                    "sources": [
                        "IANA"
                    ],
                    "type": "NONE",
                    "shortDescription": "Reserved",
                    "longDescription": ""
                }
            ]
        },
        {
            "key": {
                "port": 1,
                "protocol": "UDP"
            },
            "value": [
                {
                    "sources": [
                        "Other"
                    ],
                    "type": "MALWARE",
                    "shortDescription": "Sockets des Troie",
                    "longDescription": ""
                },
                {
                    "sources": [
                        "Wikipedia"
                    ],
                    "type": "SERVICE",
                    "shortDescription": "TCP Port Service Multiplexer",
                    "longDescription": "This service is almost never used in practice"
                }
            ]
        }
    ]
}