Get Threat Intel

As part of its correlation and detection of malicious items, the Cybereason platform has a global threat intelligence database on file hashes, IP addresses, and domains.

Using the Cybereason Threat Intel API, you can learn more about the threat intelligence classifications for file hashes, IP addresses, or domain names.

Tasks

All APIs assume a URL prefix of https://sage.cybereason.com/rest.

Note

Click on any URI path to view more detailed information on a specific API request.

Task

Endpoint

Method

Returns

Get a file reputation

classification_v1/file_batch

POST

File reputation from threat intel

Get reputation for a domain

classification_v1/domain_batch

POST

Domain reputation from threat intel

Get reputation for an IP address

classification_v1/ip_batch

POST

IP Address reputation from threat intel

Retrieve product classification information

download_v1/productClassifications

POST

List of product classifications

Retrieve process classification information

download_v1/process_classifications

POST

List of process classifications

Retrieve process hierarchy information

download_v1/process_hierarchy

POST

List of process hierarchy

Retrieve file extension information

download_v1/file_extension

POST

List of file extensions used by the Cybereason platform

Retrieve port information

download_v1/port

POST

List of port details used by the Cybereason platform

Retrieve collection information

download_v1/const

POST

List of collections used by the Cybereason platform

Retrieve a list of IP address reputations

download_v1/ip_reputation

POST

List of IP address reputations used by the Cybereason platform

Retrieve a list of domain reputations

download_v1/domain_reputation

POST

List of domain reputations used by the Cybereason platform

Check for database updates

download_v1/:API name/service

POST

Timestamp details for updates