Retrieve Process Hierarchies

Endpoint URL: https://sage.cybereason.com/rest/download_v1/process_hierarchy
Endpoint URI: download_v1/process_hierarchy

Action: POST

Returns details on process hierarchy based on the Cybereason threat intelligence service. This is used by the Cybereason platform to identify the expected hierarchy of operating system processes.

Request Headers

You must add an Content-Type:application/json header with the request.

Note

If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.


Request Body

{}

Because this request uses a POST method, you must add a request body. Add only open and closed brackets without parameters between the brackets.


Request Parameters

URL/URI parameters: none

Request Body Parameters: none


Response Status Code

This request can return the following status codes:

  • 200: Success OK or an error message saying why


Response Success Schema

The response contains the following fields:

Field

Type

Description

recordList

Array

An object containing details on the process hierarchy.

key

Array

An object with details on the specific process.

name

String

The name of the process.

value

Array

An object containing specific details on the process’s hierarchy.

parent

String

The parent process of the selected process.

lastUploadTimestamp

Integer

The timestamp (in epoch) when this information was last updated on the Global Threat Intelligence server.


Response Failure Schema

None


Important Response Fields

Important information is found in these fields:

  • name The name of the process for which the Cybereason platform has a process hierarchy.

  • parent: The expected parent process for this process.


Example: Retrieve process hierarchies

Request

curl --request POST \
    --url https://12.34.56.78/rest/classification_v1/process_hierarchy \
    --header 'Content-Type:application/json' \
    --data '{}'

Response

{
    "recordList": [
        {
            "key": {
                "name": "lsass.exe"
            },
            "value": [
                {
                    "parent": "wininit.exe"
                }
            ]
        },
        {
            "key": {
                "name": "svchost.exe"
            },
            "value": [
                {
                    "parent": "services.exe"
                }
            ]
        },
        {
            "key": {
                "name": "smss.exe"
            },
            "value": [
                {
                    "parent": "system"
                },
                {
                    "parent": "smss.exe"
                }
            ]
        },
        {
            "key": {
                "name": "services.exe"
            },
            "value": [
                {
                    "parent": "wininit.exe"
                }
            ]
        },
        {
            "key": {
                "name": "lsm.exe"
            },
            "value": [
                {
                    "parent": "wininit.exe"
                }
            ]
        }
    ],
    "lastUploadTimestamp": 1476350910397
}