Get threat devices
Request a list of devices affected by a specific threat. Only one file_path is listed per page_item, therefore the same device could have multiple entries, one entry per file_path.
|
Service endpoint |
/threats/v2/{threat_sha256}/devices?page=m&page_size=n |
|
Optional query string parameters |
|
|
Example |
return the first page with 100 devices that have the specified threat: https://protectapi.cylance.com/threats/v2/bf17366ee3bb8068a9ad70fc9e68496e7e311a055bf4ffeeff53cc5d29ccce52/devices?page1&page_size=100 |
|
Method |
HTTP/1.1 GET |
|
Request headers |
|
Request
None
Response
Please see the Response status codes for more information.
Response JSON schema
| Field Name | Description |
|---|---|
|
agent_version |
This is the Aurora Protect Desktop agent version installed on the device. |
|
date_found |
This is the date and time (in UTC) when the threat was found on the device. |
|
file_path |
This is the path where the file was found on the device. Only one file_path is listed per page_item, therefore the same device could have multiple entries, one entry per file_path. |
|
file_status |
This is the current quarantine status of the file on the device.
|
|
id |
This is the endpoint's unique identifier. |
|
ip_addresses |
This is the list of IP addresses for the device. |
|
mac_addresses |
This is the list of MAC addresses for the device. |
|
name |
This is the name of the device. |
|
page_number |
This is the page number requested. |
|
page_size |
This is the page size requested. |
|
policy_id |
This is the unique identifier for the policy assigned to the device, or null if no policy is assigned. |
|
state |
This is the state of the device.
|
|
total_number_of_items |
This is the total number of resources. |
|
total_pages |
This is the total number of pages that can be retrieved, based on the page size specified. |