Example Script Downloads
This page contains links to download all the example scripts found on API reference pages. Use any of the following files or scripts as examples to run directly in your own environment. Note that you may need to modify some of the values, such as the server address, to enable these scripts to run in your own environment.
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
All Python examples are formatted for Python version 3.0 and higher, up to the latest Python version. If you are using versions of Python earlier than 3.0, ensure you manually remove parentheses for the print statements in this sample. For example, the print (response.content) statement updates to print response.content.
In this topic:
Hunting and Investigation API
Endpoint |
Download Links |
---|---|
visualsearch/query/simple |
|
sensors/action/fileSearch |
|
sensors/action/fileSearch/:batch ID |
|
sensors/action/fileSearch/csv/:batch ID |
|
sensors/action/fileSearchRequests |
|
sensors/action/fileSearchRequestsAll |
Malop Management API
Endpoint |
Download Links |
---|---|
crimes/unified |
|
detection/inbox |
|
detection/details |
|
detection/exclude |
|
monitor/global/commands/isolate |
|
monitor/global/commands/un-isolate |
|
crimes/status |
|
crimes/comment/:malopID |
|
detection/labels |
|
detection/add-label |
|
detection/delete-label |
|
detection/update-label |
|
settings/configuration (GET) |
|
settings/configuration (POST) |
Remediation API
Endpoint |
Download Links |
---|---|
remediate |
|
remediate/progress/:username/:malopId/:remediationId |
|
remediate/abort/:malopId/:remediationId |
|
remediate/status/:malopId |
Malware Management API
Endpoint |
Download Links |
---|---|
malware/counts |
|
malware/query |
Custom Rules API
Endpoint |
Download Links |
---|---|
customRules/decisionFeature/live |
|
customRules/decisionFeature/deleted |
|
customRules/rootCauses |
|
customRules/getMalopDetectionTypes |
|
customRules/decisionFeature/create |
|
customRules/decisionFeature/create |
|
customRules/decisionFeature/create |
|
customRules/decisionFeature/update |
|
customRules/decisionFeature/update |
|
customRules/history/:rule id |
Reputation Management API
Endpoint |
Download Links |
---|---|
classification/download |
|
classification/classify/:item key |
|
classification/reputations/list |
|
classification/update |
Threat Intel API
Endpoint |
Download Links |
---|---|
classification_v1/file_batch |
|
classification_v1/domain_batch |
|
classification_v1/ip_batch |
|
download_v1/productClassifications |
|
download_v1/process_classifications |
|
download_v1/process_hierarchy |
|
download_v1/file_extension |
|
download_v1/port |
|
download_v1/ip_reputation |
|
download_v1/domain_reputation |
|
download_v1/:API name/service |
Sensor Management API
Endpoint |
Download Links |
---|---|
sensors/query |
|
sensors/allActions |
|
sensors/action/setRansomwareMode |
|
sensors/action/setPreventionMode |
|
sensors/action/set-antimalware-status |
|
sensors/action/set-PowershellProtection-status |
|
sensors/action/startCollection |
|
sensors/action/stopCollection |
|
sensors/action/delete |
|
sensors/action/purgeSensors |
|
sensors/action/revertPurgedSensors |
|
sensors/action/restart |
|
sensors/action/fetchLogs |
|
sensors/action/download-logs/:batchID |
|
sensors/download/csv |
|
sensors/action/upgrade |
|
sensors/abort/:batchID |
|
sensors/action/archive |
|
sensors/action/unarchive |
|
tagging/process_tags |
|
sensors/tagging/:machineName |
|
groups (GET) |
|
groups (POST) |
|
groups/:group ID |
|
sensors/action/addToGroup |
|
sensors/action/removeFromGroup |
|
groups/:group ID |
|
policies (POST) |
|
policies (GET) |
Machine Isolation Rules API
Endpoint |
Download Links |
---|---|
settings/isolation-rule |
|
settings/isolation-rule/delete |
Incident Response API
Endpoint |
Download Links |
---|---|
irtools/upload |
|
irtools/packages |
|
irtools/credentials |
|
sensors/action/getPackagesDeployment |
|
sensors/action/runIRTool |
|
sensors/actions/getRunIRToolStatus?:batchID |
|
sensors/action/getIRToolResults |
|
irtools/delete |
|
forensics/forensicsTools |
|
forensics/uploadForensicTool |
|
forensics/getForensicToolDeploymentStatus |
|
forensics/runForensicTool |
|
forensics/runForensicToolWithInputFile |
|
forensics/getForensicToolRunStatus/:batchId |
|
forensics/deleteForensicTool |
User Management API
Endpoint |
Download Links |
---|---|
/users |
|
/users/:username (POST) |
|
/users/:username (PUT) |
|
/users/:username (DELETE) |
Query API Examples
Example Type |
Download Links |
---|---|
Actions on a Target |
|
Asset Mapping |
|
Credential Theft |
|
Data Theft |
|
DMG files |
|
Foothold |
|
Generic Queries |
|
Infection |
|
Lateral Movement |
|
Malicious Communication |
|
Malicious processes |
|
MITRE queries |
|
Narrow Queries |
|
Penetration Vectors |
|
Privilege Escalation |
|
Reconnaissance |
|
Scanning |
|
WMI-based Queries |