Retrieve a List of Users
Endpoint URL: https://<your server/rest/users
Endpoint URI: users
Action: GET
Retrieves a list of users.
Note
Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.
Request Headers
You must add an Content-Type:application/json header with the request.
Note
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
None
Request Parameters
None
Response Status Codes
This request can return the following status codes:
200: Success OK with details on the operation
Response Success Schema
The response contains the following fields:
Field |
Type |
Description |
|---|---|---|
lastUpdateTime |
Integer |
The timestamp (in milliseconds) when the user’s details were last updated. |
totpEnabled |
Boolean |
Indicates whether two-factor authentication is enabled for this user. |
isDailyNotifications |
Boolean |
Indicates whether the user will receive a daily summary of activity from their environment. |
totpSid |
String |
The TFA key for this user to help set up TFA. |
investigationViewConfig |
Array |
A collection of the columns defined for the user. |
roles |
Array |
The assigned roles for the user. Possible values include:
The Sensor viewer role is disabled by default. Open a Technical Support case to enable this role. |
userClassification |
String |
Special characters associated with the user to help auditing of user activities. The user classification feature is not generally available. Contact your Customer Success Manager to gain access to this feature. |
allowedLoginMethod |
Enum |
The way in which the user can log in. Possible values include:
In order to use the SSO option, you must enable SSO in your environment. For details on SSO authentication, see SSO Authentication in the Cybereason product documentation. |
creationTime |
Integer |
The timestamp (in milliseconds) when the user was created. |
groups |
String |
A collection of the groups to which the user has privileges to view information. This field returns a list of names only if the user has been assigned the local_analyst_l1, local_analyst_l2, or local_responder roles.** |
changePasswordOnNextLogin |
Boolean |
Indicates whether the user will be required to update their password the next time they log in. |
locked |
Boolean |
Indicates whether this user is locked. |
creationTime |
Integer |
The timestamp (in milliseconds) when the user was created. |
locale |
String |
The locale for the user reported by the operating system. |
username |
String |
The email address for the user. |
Response Failure
None
Important Response Fields
Important information is found in these fields:
username: The user name for the user. This is the address they use to log in to the Cybereason console.
totpEnabled: Whether or not two-factor authentication (TFA) is enabled for the user. If TFA is enabled, this user will need to set up a TOTP password in an authentication program or app.
totpSid: Thhe TFA secret key for the user. This key is required to set up the TOTP authentication code.
allowedLoginMethod: The type of authentication for the user.
roles: The list of roles assigned to this user.
Example: Retrieve a list of users
Request
curl --request POST \
--url https://12.34.56.78/rest/users \
--header 'Content-Type:application/json' \
Response
This response has been shortened to show a single example of the fields for a user. A real response would contain many more users than this response.
[
{
"lastUpdateTime":1660648272768,
"totpEnabled":false,
"isDailyNotifications":false,
"totpSid":null,
"investigationViewConfig":null,
"roles":["executive","user_admin","policies_admin","sys_admin","analyst_l3","responder"],
"userClassification":null,
"allowedLoginMethod":"PASSWORD",
"groups":[],
"changePasswordOnNextLogin":false,
"locked":false,
"creationTime":1660648272768,
"locale":null,
"username":"[email protected]"
}
]
Request
Response
[
{
"lastUpdateTime":1660648272768,
"totpEnabled":false,
"isDailyNotifications":false,
"totpSid":null,
"investigationViewConfig":null,
"roles":["executive","user_admin","policies_admin","sys_admin","analyst_l3","responder"],
"userClassification":null,
"allowedLoginMethod":"PASSWORD",
"groups":[],
"changePasswordOnNextLogin":false,
"locked":false,
"creationTime":1660648272768,
"locale":null,
"username":"[email protected]"
}
]
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
endpoint_url = "/rest/users"
api_url = base_url + endpoint_url
api_response = session.request("GET", api_url, headers=headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
[
{
"lastUpdateTime":1660648272768,
"totpEnabled":false,
"isDailyNotifications":false,
"totpSid":null,
"investigationViewConfig":null,
"roles":["executive","user_admin","policies_admin","sys_admin","analyst_l3","responder"],
"userClassification":null,
"allowedLoginMethod":"PASSWORD",
"groups":[],
"changePasswordOnNextLogin":false,
"locked":false,
"creationTime":1660648272768,
"locale":null,
"username":"[email protected]"
}
]