Requests
In standard REST architecture, requests are a key part of the API. You send a request from your client or program and the server sends a response containing the data.
In the request, you specify where to send the request (the URL and URI) and what to send (the data in the JSON request body).
You use the following components:
Component |
Description |
---|---|
Request URL |
This is the prefix for the location to which to send the request. In the Cybereason API. this URL is always https://<your server>/rest. |
Endpoint URI |
The specific endpoint within the REST hierarchy to send the request. For a full list of endpoints, see API Endpoints. |
HTTP method |
The action to perform on the data on the endpoint. Methods in the Cybereason API include:
|
HTTP Request Headers |
Includes details about the request. You can use these headers in a Cybereason API request:
|
Request Body |
The actual requested data to retrieve or update on the resource. For details on the specific content to include in a request, see the specific task topic in this guide. |
Request Examples
Find processes with a high data transfer by injected processes
{
"name": "query",
"request": {
"url": "https://123.456.789.012/rest/visualsearch/query/simple",
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"body": {
"queryPath": [
{
"requestedType": "Process",
"filters": [
{
"facetName": "highDataTransmittedSuspicion",
"values": [
true
]
},
{
"facetName": "detectedInjectedEvidence",
"values": [
true
]
}
],
"isResult": true
}
],
"totalResultLimit": 1000,
"perGroupLimit": 100,
"perFeatureLimit": 100,
"templateContext": "SPECIFIC",
"queryTimeout": 120000,
"customFields": [
"elementDisplayName",
"ransomwareAutoRemediationSuspended",
"executionPrevented",
"creationTime",
"endTime",
"commandLine",
"decodedCommandLine",
"isImageFileSignedAndVerified",
"productType",
"children",
"parentProcess",
"ownerMachine",
"imageFile",
"calculatedUser",
"pid"
]
},
"description": "find high data transfer"
}
}
Request a list of Malops
{
"name": "Get a list of Malops",
"request": {
"url": "https://123.456.789.012:443/rest/crimes/unified",
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"body": {
"totalResultLimit": 10000,
"perGroupLimit": 10000,
"perFeatureLimit": 100,
"templateContext": "OVERVIEW",
"queryPath": [
{
"requestedType": "MalopProcess",
"result": true,
"filters": null
}
]
}
},
"description": "get Malops"
}