Get threat

Request threat details for a specific threat.

Service endpoint

/threats/v2/{threat_sha256}

Optional query string parameters

Example

https://protectapi.cylance.com/threats/v2/bf17366ee3bb8068a9ad70fc9e68496e7e311a055bf4ffeeff53cc5d29ccce52

Method

HTTP/1.1 GET

Request headers
  • Accept: application/json
  • Authorization: Bearer JWT Token returned by Auth API with the threat:read scope encoded

Request

None

Response

Please see the Response status codes for more information.

Response JSON schema

Field Name Description

auto_run

This setting indicates if the file is set to automatically run on system startup.

  • false: The file is not set to automatically run on system startup.
  • true: The file is set to automatically run on system startup.

av_industry

This is the score provided by the antivirus industry. If there is no antivirus industry score, then null is displayed.

cert_issuer

This is the ID for the certificate issuer.

cert_publisher

This is the ID for the certificate publisher.

cert_timestamp

This is the date and time (in UTC) when the file was signed using the certificate.

classification

This is the threat classification for the threat. See Threat classifications for more information.

cylance_score

This is the Endpoint Defense score assigned to the threat.

The User API returns a raw score of -1 to 1. Threats have a negative raw score, while safe files have a positive raw score. The management console only displays threats and uses a score of 1 to 100. A raw score of -1 equals a Console score of 100.

detected_by

This is the name of the module that detected the threat.

file_size

This is the size of the file, in bytes.

global_quarantine

This setting identifies if the threat is on the global quarantine list.

  • false: The file is not on the global quarantine list.
  • true: The file is on the global quarantine list.

md5

This is the MD5 hash for the threat.

name

This is the name of the threat.

running

This setting identifies if the threat is executing, or another executable loaded or called it.

  • false: The threat is not running.
  • true: The threat is running.

safelisted

This setting identifies if the threat is on the safe list.

  • false: The file is not on the safe list.
  • true: The file is on the safe list.

sha256

This is the SHA256 hash for the threat.

signed

This setting identifies if the file is signed or not signed.

sub_classification

This is the threat sub-classification for the threat. See Threat classifications for more information.

unique_to_cylance

This setting identifies that the threat was identified by Endpoint Defense but not by other antivirus sources.

  • false: The file has been identified by other antivirus sources.
  • true: The file has only been identified as a threat by Endpoint Defense.