Retrieve Product Classifications

Endpoint URL: https://sage.cybereason.com/rest/download_v1/productClassifications
Endpoint URI: download_v1/productClassifications

Action: POST

Returns details on product classifications based on the Cybereason threat intelligence service. This information is used by the Cybereason platform to identify the application type based on the product name and process image file signature.

Request Headers

You must add an Content-Type:application/json header with the request.

Note

If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.


Request Body

{}

Because this request uses a POST method, you must add a request body. Add only open and closed brackets without parameters between the brackets.


Request Parameters

URL/URI parameters: none

Request Body Parameters: none


Response Status Code

This request can return the following status codes:

  • 200: Success OK or an error message saying why


Response Success Schema

The response contains the following fields:

Field

Type

Description

recordList

Array

An object containing details on the product classifications.

key

Array

An object with details on the specific product.

name

String

The name of the product.

value

Array

An object containing specific details on the product.

signer

String

The name of the company that produces the product.

type

Enum

The type of product, as classified by the Cybereason threat intelligence service. Possible values include:

  • BROWSER

  • MAIL

  • TOR

  • SHARING

  • P2P

  • REMOTE_DESKTOP_CONTROL

  • VPN

  • SVCHOST

  • LSASS

  • EXPLORER

  • ANTI_VIRUS

  • MS_OFFICE

  • ADOBE

  • SHELL

  • WSMPROVHOST

  • RUNDLL

  • SCHEDULED_TASK

  • OS_PROCESS

  • VIRTUALIZATION

  • SECURITY_TOOL

  • UNRECOGNIZED

  • NONE

  • RUNAS

  • WININIT

title

String

The title of the product.

lastUploadTimestamp

Integer

A timestamp (in epoch) when the information was last updated on the Threat Intel Server.


Response Failure Schema

None


Important Response Fields

Important information is found in these fields:

  • recordList object: An object containing details on all the processes for which the Cybereason platform has a classification.

  • name: The process name.

  • signer: The company that signed the image file for this process.

  • type: The type of process used by the Cybereason platform to classify this process.

  • title: The name of the process presented to users on the machine.


Example: Retrieve product classifications

Request

curl --request POST \
    --url https://12.34.56.78/rest/download_v1/productClassifications \
    --header 'Content-Type:application/json' \
    --data '{}'

Response

Note

This is a partial response, shortened to show the key fields for a single product classification. Your actual response will be much longer and contain details on multiple product classifications.

{
    "recordList": [
        {
            "key": {
                "name": "chrome.exe"
            },
            "value": {
                "signer": [
                    "Google LLC",
                    "Google Inc"
                ],
                "type": "BROWSER",
                "title": "Google Chrome"
            }
        },
        {
            "key": {
                "name": "microsoftedge.exe"
            },
            "value": {
                "signer": [
                    "Microsoft Corporation",
                    "Microsoft Windows"
                ],
                "type": "BROWSER",
                "title": "Microsoft Edge"
            }
        }
    ]
}