Requests

In standard REST architecture, requests are a key part of the API. You send a request from your client or program and the server sends a response containing the data.

In the request, you specify where to send the request (the URL and URI) and what to send (the data in the JSON request body).

You use the following components:

Component

Description

Request URL

This is the prefix for the location to which to send the request.

In the Cybereason API. this URL is always https://<your server>/rest.

Endpoint URI

The specific endpoint within the REST hierarchy to send the request. For a full list of endpoints, see API Endpoints.

HTTP method

The action to perform on the data on the endpoint. Methods in the Cybereason API include:

  • GET. Retrieves the data on a specific resource.

  • POST. Submits data on a resource. Note that some requests sent via the API use POST even though they are retrieving data from the server, not updating a resource. This is especially true for the Query API requests.

    If you use the POST method, you must include a JSON request body with the request.

  • PUT. Updates data on a resource.

  • DELETE. Deletes a resource.

HTTP Request Headers

Includes details about the request. You can use these headers in a Cybereason API request:

  • Content-Type: This header details the type of content sent in the request. For Cybereason API requests, this is required.

    Set the type to Content-Type: application/json.

  • Accept. This instructs the server what kind of data the request is sending. It is not required to add this to a request. Adding this header could be helpful to process the request.

    Set the type to Accept: application/json.

Request Body

The actual requested data to retrieve or update on the resource. For details on the specific content to include in a request, see the specific task topic in this guide.

Request Examples

Find processes with a high data transfer by injected processes

{
  "name": "query",
  "request": {
    "url": "https://123.456.789.012/rest/visualsearch/query/simple",
    "method": "POST",
    "header": [
      {
        "key": "Content-Type",
        "value": "application/json"
      }
    ],
    "body": {
      "queryPath": [
        {
          "requestedType": "Process",
          "filters": [
            {
              "facetName": "highDataTransmittedSuspicion",
              "values": [
                true
              ]
            },
            {
              "facetName": "detectedInjectedEvidence",
              "values": [
                true
              ]
            }
          ],
          "isResult": true
        }
      ],
      "totalResultLimit": 1000,
      "perGroupLimit": 100,
      "perFeatureLimit": 100,
      "templateContext": "SPECIFIC",
      "queryTimeout": 120000,
      "customFields": [
        "elementDisplayName",
        "ransomwareAutoRemediationSuspended",
        "executionPrevented",
        "creationTime",
        "endTime",
        "commandLine",
        "decodedCommandLine",
        "isImageFileSignedAndVerified",
        "productType",
        "children",
        "parentProcess",
        "ownerMachine",
        "imageFile",
        "calculatedUser",
        "pid"
      ]
    },
    "description": "find high data transfer"
  }
}

Request a list of Malops

{
  "name": "Get a list of Malops",
  "request": {
    "url": "https://123.456.789.012:443/rest/crimes/unified",
    "method": "POST",
    "header": [
      {
        "key": "Content-Type",
        "value": "application/json"
      }
    ],
    "body": {
      "totalResultLimit": 10000,
      "perGroupLimit": 10000,
      "perFeatureLimit": 100,
      "templateContext": "OVERVIEW",
      "queryPath": [
        {
          "requestedType": "MalopProcess",
          "result": true,
          "filters": null
        }
      ]
    }
  },
  "description": "get Malops"
}