Retrieve Port Details
Endpoint URL: https://sage.cybereason.com/rest/download_v1/port
Endpoint URI: download_v1/port
Action: POST
Returns details on ports based on the Cybereason threat intelligence service. This information is used by the Cybereason platform to classify communications based on the port of the connection.
Request Headers
You must add an Content-Type:application/json header with the request.
Note
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
{}
Because this request uses a POST method, you must add a request body. Add only open and closed brackets without parameters between the brackets.
Request Parameters
URL/URI parameters: none
Request Body Parameters: none
Response Status Codes
This request can return the following status codes:
200: Success OK or an error message saying why
Response Success Schema
The response contains the following fields:
Field |
Type |
Parameter |
|---|---|---|
recordList |
Array |
An object containing details on the port classifications. |
key |
Array |
An object with details on the specific port. |
port |
Integer |
The numeric port number. |
protocol |
Enum |
The protocol used by the port for communication. |
value |
Array |
An object containing specific details on the port. |
sources |
Array |
An object containing the list of sources for this classification. |
type |
Enum |
The type of port. Possible values include:
|
shortDescription |
String |
A brief description of the port. |
longDescription |
String |
The full description of the port. |
lastUploadTimestamp |
Integer |
A timestamp (in epoch) when the information was last updated on the Threat Intel Server. |
Response Failure Schema
None
Important Response Fields
Important information is found in these fields:
recordList object: An object containing all the ports for which there is a classification by the Cybereason platform.
port: The port number.
protocol: The protocol type used by the port.
sources: The source used by the Cybereason platform to classify the port.
type: The purpose for which the port is used.
Example: Retrieve port classification information
Request
curl --request POST \
--url https://12.34.56.78/rest/download_v1/port \
--header 'Content-Type:application/json' \
--data '{}'
Response
Note
This is a partial response, shortened to show the key fields for a single port. Your actual response will be much longer and contain all port details.
{
"recordList": [
{
"key": {
"port": 0,
"protocol": "TCP"
},
"value": [
{
"sources": [
"IANA"
],
"type": "NONE",
"shortDescription": "Reserved",
"longDescription": ""
}
]
},
{
"key": {
"port": 1,
"protocol": "UDP"
},
"value": [
{
"sources": [
"Other"
],
"type": "MALWARE",
"shortDescription": "Sockets des Troie",
"longDescription": ""
},
{
"sources": [
"Wikipedia"
],
"type": "SERVICE",
"shortDescription": "TCP Port Service Multiplexer",
"longDescription": "This service is almost never used in practice"
}
]
}
]
}
Request
Use this request body:
{}
Response
Note
This is a partial response, shortened to show the key fields for a single port. Your actual response will be much longer and contain all port details.
{
"recordList": [
{
"key": {
"port": 0,
"protocol": "TCP"
},
"value": [
{
"sources": [
"IANA"
],
"type": "NONE",
"shortDescription": "Reserved",
"longDescription": ""
}
]
},
{
"key": {
"port": 1,
"protocol": "UDP"
},
"value": [
{
"sources": [
"Other"
],
"type": "MALWARE",
"shortDescription": "Sockets des Troie",
"longDescription": ""
},
{
"sources": [
"Wikipedia"
],
"type": "SERVICE",
"shortDescription": "TCP Port Service Multiplexer",
"longDescription": "This service is almost never used in practice"
}
]
}
]
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
session = requests.session()
# Request URL
sage_url = "https://sage.cybereason.com"
endpoint_url = "/rest/download_v1/port"
api_url = sage_url + endpoint_url
query = '{}'
api_headers = {'Content-Type':'application/json'}
api_response = session.request("POST", api_url, data=query, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
Note
This is a partial response, shortened to show the key fields for a single port. Your actual response will be much longer and contain all port details.
{
"recordList": [
{
"key": {
"port": 0,
"protocol": "TCP"
},
"value": [
{
"sources": [
"IANA"
],
"type": "NONE",
"shortDescription": "Reserved",
"longDescription": ""
}
]
},
{
"key": {
"port": 1,
"protocol": "UDP"
},
"value": [
{
"sources": [
"Other"
],
"type": "MALWARE",
"shortDescription": "Sockets des Troie",
"longDescription": ""
},
{
"sources": [
"Wikipedia"
],
"type": "SERVICE",
"shortDescription": "TCP Port Service Multiplexer",
"longDescription": "This service is almost never used in practice"
}
]
}
]
}