Get memory protection events
Request a list of memory protection events.
|
Service endpoint |
/memoryprotection/v2?page=m&page_size=n&start_time=t1&end_time=t2 |
|
Optional query string parameters |
|
|
Example |
https://protectapi.cylance.com/memoryprotection/v2?page=1&page_size=100&start_time=2019-11-01T12:00:00& end_time:2019-11-30T12:00:00 |
|
Method |
HTTP/1.1 GET |
|
Request headers |
|
Request
None
Response
Please see the Response status codes for more information.
Response JSON schema
| Field Name | Description |
|---|---|
|
action |
This is the action take on the memory protection event.
|
|
agent_event_id |
This is the unique identifier for the memory protection event, created by the Agent. |
|
created |
This is the date and time the memory protection event was created. |
|
device_id |
This is the unique identifier for the device. |
|
device_image_file_event_id |
This is the unique identifier for the memory protection event. Use this information for get memory protection event. |
|
dll_version |
This is the agent version that identified the memory protection event. |
|
file_hash_id |
This is the SHA256 hash for the threat. |
|
file_version |
This is the version number of the file that caused the memory protection event. |
|
groups |
This is the groups the user belongs to. |
|
image_name |
This is the path and name of the file that triggered the memory protection event. |
|
process_id |
This is the process ID of the memory protection event. It is generated by the operating system. |
|
sid |
This is the security identifier for the user, group, or other security principal. It is generated by the operating system. |
|
username |
This is the name of the user who was logged in to the device when the memory protection event occurred. |
|
violation_type |
This is the violation type number for the memory protection event. See Memory violation types for more information. |