Retrieve Product Classifications

Endpoint URL: https://sage.cybereason.com/rest/download_v1/productClassifications
Endpoint URI: download_v1/productClassifications

Action: POST

Returns details on product classifications based on the Cybereason threat intelligence service. This information is used by the Cybereason platform to identify the application type based on the product name and process image file signature.

You must add an Content-Type:application/json header with the request.

Note

If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.

{}

Because this request uses a POST method, you must add a request body. Add only open and closed brackets without parameters between the brackets.

URL/URI parameters: none

Request Body Parameters: none

This request can return the following status codes:

200: Success OK or an error message saying why

The response contains the following fields:

Field	Type	Description
recordList	Array	An object containing details on the product classifications.
key	Array	An object with details on the specific product.
name	String	The name of the product.
value	Array	An object containing specific details on the product.
signer	String	The name of the company that produces the product.
type	Enum	The type of product, as classified by the Cybereason threat intelligence service. Possible values include: BROWSER MAIL TOR SHARING P2P REMOTE_DESKTOP_CONTROL VPN SVCHOST LSASS EXPLORER ANTI_VIRUS MS_OFFICE ADOBE SHELL WSMPROVHOST RUNDLL SCHEDULED_TASK OS_PROCESS VIRTUALIZATION SECURITY_TOOL UNRECOGNIZED NONE RUNAS WININIT
title	String	The title of the product.
lastUploadTimestamp	Integer	A timestamp (in epoch) when the information was last updated on the Threat Intel Server.

None

Important information is found in these fields:

recordList object: An object containing details on all the processes for which the Cybereason platform has a classification.
name: The process name.
signer: The company that signed the image file for this process.
type: The type of process used by the Cybereason platform to classify this process.
title: The name of the process presented to users on the machine.

Request

curl --request POST \
    --url https://12.34.56.78/rest/download_v1/productClassifications \
    --header 'Content-Type:application/json' \
    --data '{}'

Response

Note

This is a partial response, shortened to show the key fields for a single product classification. Your actual response will be much longer and contain details on multiple product classifications.

{
    "recordList": [
        {
            "key": {
                "name": "chrome.exe"
            },
            "value": {
                "signer": [
                    "Google LLC",
                    "Google Inc"
                ],
                "type": "BROWSER",
                "title": "Google Chrome"
            }
        },
        {
            "key": {
                "name": "microsoftedge.exe"
            },
            "value": {
                "signer": [
                    "Microsoft Corporation",
                    "Microsoft Windows"
                ],
                "type": "BROWSER",
                "title": "Microsoft Edge"
            }
        }
    ]
}

Use this request body:

Request

{}

Response

Note

This is a partial response, shortened to show the key fields for a single product classification. Your actual response will be much longer and contain details on multiple product classifications.

{
    "recordList": [
        {
            "key": {
                "name": "chrome.exe"
            },
            "value": {
                "signer": [
                    "Google LLC",
                    "Google Inc"
                ],
                "type": "BROWSER",
                "title": "Google Chrome"
            }
        },
        {
            "key": {
                "name": "microsoftedge.exe"
            },
            "value": {
                "signer": [
                    "Microsoft Corporation",
                    "Microsoft Windows"
                ],
                "type": "BROWSER",
                "title": "Microsoft Edge"
            }
        }
    ]
}

Request

Download Python script

Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.

import requests
import json

session = requests.session()

# Request URL

sage_url = "https://sage.cybereason.com"

endpoint_url = "/rest/download_v1/productClassifications"

api_url = sage_url + endpoint_url

query = '{}'

api_headers = {'Content-Type':'application/json'}

api_response = session.request("POST", api_url, data=query, headers=api_headers)

your_response = json.loads(api_response.content)

print(json.dumps(your_response, indent=4, sort_keys=True))

Response

Note

This is a partial response, shortened to show the key fields for a single product classification. Your actual response will be much longer and contain details on multiple product classifications.

{
    "recordList": [
        {
            "key": {
                "name": "chrome.exe"
            },
            "value": {
                "signer": [
                    "Google LLC",
                    "Google Inc"
                ],
                "type": "BROWSER",
                "title": "Google Chrome"
            }
        },
        {
            "key": {
                "name": "microsoftedge.exe"
            },
            "value": {
                "signer": [
                    "Microsoft Corporation",
                    "Microsoft Windows"
                ],
                "type": "BROWSER",
                "title": "Microsoft Edge"
            }
        }
    ]
}