Endpoints
The Cybereason API contains a number of different endpoints for each group of tasks within the API.
All APIs assume a URL prefix of https://<your server>/rest.
Note
Click on any URI path to view more detailed information on a specific API request.
Group |
Endpoint |
Method |
Description |
---|---|---|---|
Hunt and Investigate |
POST |
Run investigative queries to find different suspicious or malicious behaviors in your environment. |
|
Hunt and Investigate |
POST |
Search for files on machines in your environments |
|
Hunt and Investigate |
GET |
Get the results of a specific previously performed file search |
|
Hunt and Investigate |
GET |
Get results of a previous file search and export to CSV |
|
Hunt and Investigate |
GET |
Return a list of all previously performed file searches for you. |
|
Hunt and Investigate |
GET |
Return a list of all previously performed file searches for all users |
|
Hunt and Investigate |
POST |
Start the download of a file from the Element Details screen |
|
Hunt and Investigate |
GET |
Return a list of all files waiting for download |
|
Hunt and Investigate |
GET |
Download the file to your machine |
|
Hunt and Investigate |
GET |
Abort a file download operation. |
|
MalOps |
POST |
Returns details on a specific AI Hunt MalOp. |
|
MalOps |
POST |
Return a list of all MalOps of all types. |
|
MalOps |
POST |
Return details on a specific MalOp (Endpoint Protection MalOps only) |
|
MalOps |
POST |
Perform a selected or all possible response actions for a MalOp. |
|
MalOps |
POST |
Exclude a behavior that caused a MalOp from causing future MalOps. |
|
.” |
|||
MalOps |
POST |
Isolate a specific machine involved in a MalOp. |
|
MalOps |
POST |
Remove a specific machine involved in a MalOp from isolation. |
|
MalOps |
POST |
Update a MalOp’s status. |
|
MalOps |
POST |
Add a comment to a MalOp. |
|
MalOps |
POST |
Return a list of all MalOp labels. |
|
MalOps |
POST |
Add a MalOp label to the list of MalOp labels. |
|
MalOps |
POST |
Delete a MalOp label from the list of MalOp labels. |
|
MalOps |
POST |
Update a MalOp label from the list of MalOp labels. |
|
MalOps |
GET |
Get details on settings us including MalOp notification settings. |
|
MalOps |
POST |
Update details on MalOp notification settings. |
|
Remediation |
POST |
Remediate an item. |
|
Remediation |
GET |
Check the status of a particular remediation operation. |
|
Remediation |
POST |
Abort a remediation operation. |
|
Remediation |
GET |
Get a list of remediations for a particular MalOp. |
|
Malware |
POST |
Get a count of all Malware per type |
|
Malware |
POST |
Returns details on malware currently in your environment |
|
Custom Rules |
GET |
Retrieve a list of custom detection rules currently active |
|
Custom Rules |
GET |
Retrieve a list of custom detection rules currently disabled |
|
Custom Rules |
GET |
Retrieve a list of all available root causes |
|
Custom Rules |
GET |
Retrieve a list of all available MalOp detection types for generated MalOps |
|
Custom Rules |
GET |
Retrieve a list of all available MalOp activity types for generated MalOps |
|
Custom Rules |
POST |
Create a custom detection rule |
|
Custom Rules |
POST |
Update an existing custom detection rule |
|
Custom Rules |
GET |
Get a list of modifications to the custom rule |
|
Reputations |
GET |
Download a CSV list of reputations. |
|
Reputations |
GET |
Retrieve platform threat intelligence for an item. |
|
Reputations |
POST |
Retrieve private threat intelligence for an item. |
|
Reputations |
POST |
Add or update a custom reputation for an item. |
|
Threat Intel |
POST |
Get Threat Intel information for a file. |
|
Threat Intel |
POST |
Get Threat Intel information for a domain. |
|
Threat Intel |
POST |
Get Threat Intel information for an IP address. |
|
Threat Intel |
POST |
Retrieve a list of product classifications used by the Cybereason platform. |
|
Threat Intel |
POST |
Retrieve a list of process classifications used by the Cybereason platform. |
|
Threat Intel |
POST |
Retrieve a list of process hierarchy used by the Cybereason platform. |
|
Threat Intel |
POST |
Retrieve a list of file extensions used by the Cybereason platform. |
|
Threat Intel |
POST |
Retrieve a list of port details used by the Cybereason platform. |
|
Threat Intel |
POST |
Retrieve a list of collections used by the Cybereason platform. |
|
Threat Intel |
POST |
Retrieve a list of IP address reputations used by the Cybereason platform. |
|
Threat Intel |
POST |
Retrieve a list of domain reputations used by the Cybereason platform. |
|
Threat Intel |
POST |
Check for reputation database updates. |
|
Sensors |
POST |
Get a list of all sensors. |
|
Sensors |
GET |
Retrieve a list of all current or queued actions on sensors. |
|
Sensors |
POST |
Set the Anti-Ransomware mode for a sensor. |
|
Sensors |
POST |
Set the Application Control mode for a sensor. |
|
Sensors |
POST |
Set the Anti-Malware status for a sensor. |
|
Sensors |
POST |
Set the Powershell protection mode for a sensor. |
|
Sensors |
POST |
Start collection on a sensor. |
|
Sensors |
POST |
Stop collection on a sensor. |
|
Sensors |
POST |
Delete a sensor. |
|
Sensors |
POST |
Remove a sensor from the Sensors list. |
|
Sensors |
POST |
Restore a sensor that was removed from the Sensors list. |
|
Sensors |
POST |
Restarts a sensor. |
|
Sensors |
POST |
Retrieve logs from a Sensor and download them to the machine on which the sensor is installed. |
|
Sensors |
GET |
Downloads logs to your machine |
|
Sensors |
GET |
Download a CSV list of sensors. |
|
Sensors |
POST |
Upgrade the sensor to the latest version. |
|
Sensors |
POST |
Abort any in-progress operations for given batch ID. |
|
Sensors |
POST |
Archive a sensor |
|
Sensors |
POST |
Remove a sensor previously archived from the archive. |
|
Sensors |
POST |
Create, update, or remove sensor tags |
|
Sensors |
GET |
Retrieve a list of Sensor tags for a specific sensor. |
|
Sensors |
GET |
Retrieve a list of all sensor groups |
|
Sensors |
POST |
Create a sensor group |
|
Sensors |
PUT |
Edit a sensor group |
|
Sensors |
POST |
Add a sensor to a sensor group |
|
Sensors |
POST |
Remove a sensor from a sensor group |
|
Sensors |
DELETE |
Delete a sensor group |
|
Sensors |
POST |
Start or end a full or quick scan on a sensor. |
|
Sensors |
POST |
Create a sensor policy |
|
Sensors |
GET |
Retrieve a list of sensor policies. |
|
Sensors |
GET |
Retrieve details on a single sensor policy. |
|
Isolation |
GET |
Retrieve a list of all isolation rules. |
|
Isolation |
POST |
Create an isolation rule. |
|
Isolation |
PUT |
Update an existing isolation rule. |
|
Isolation |
POST |
Delete an existing isolation rule. |
|
Incident Response |
POST |
Upload a incident response package to your environment and deploy it to machines. |
|
Incident Response |
POST |
Check the status of an incident response tool deployment on a machine. |
|
Incident Response |
GET |
Retrieve a list of packages uploaded to your environment. |
|
Incident Response |
POST |
Run an incident response tool on a machine. |
|
Incident Response |
GET |
Check the status of an incident response tool execution. |
|
Incident Response |
POST |
Retrieve results from an incident response tool execution on a machine. |
|
Incident Response |
POST |
Delete an incident response tool package and remove the package from endpoint machines. |
|
Incident Response |
GET |
Retrieve credentials for a GCP bucket containing your results. |
|
Incident Response |
GET |
Retrieve a list of supported forensics tool packages. |
|
Incident Response |
POST |
Deploy a forensic tool package |
|
Incident Response |
POST |
Check the deployment status of a forensic tool package |
|
Incident Response |
POST |
Run a forensic tool package |
|
Incident Response |
POST |
Run a forensic tool package on sensors from a CSV list |
|
Incident Response |
POST |
Check the execution status of a forensic tool package |
|
Incident Response |
POST |
Remove a forensic tool package from your platform and endpoints |
|
User Management |
GET |
Retrieve a list of all users |
|
User Management |
POST |
Create a user |
|
User Management |
PUT |
Update user details |
|
User Management |
DELETE |
Delete a user |