Get Threat Intel
As part of its correlation and detection of malicious items, the Cybereason platform has a global threat intelligence database on file hashes, IP addresses, and domains.
Using the Cybereason Threat Intel API, you can learn more about the threat intelligence classifications for file hashes, IP addresses, or domain names.
Tasks
All APIs assume a URL prefix of https://sage.cybereason.com/rest.
Note
Click on any URI path to view more detailed information on a specific API request.
Task |
Endpoint |
Method |
Returns |
---|---|---|---|
Get a file reputation |
POST |
File reputation from threat intel |
|
Get reputation for a domain |
POST |
Domain reputation from threat intel |
|
Get reputation for an IP address |
POST |
IP Address reputation from threat intel |
|
Retrieve product classification information |
POST |
List of product classifications |
|
Retrieve process classification information |
POST |
List of process classifications |
|
Retrieve process hierarchy information |
POST |
List of process hierarchy |
|
Retrieve file extension information |
POST |
List of file extensions used by the Cybereason platform |
|
Retrieve port information |
POST |
List of port details used by the Cybereason platform |
|
Retrieve collection information |
POST |
List of collections used by the Cybereason platform |
|
Retrieve a list of IP address reputations |
POST |
List of IP address reputations used by the Cybereason platform |
|
Retrieve a list of domain reputations |
POST |
List of domain reputations used by the Cybereason platform |
|
Check for database updates |
POST |
Timestamp details for updates |