Get threats

Get a list of threats detected in a tenant.

Service endpoint

threats/v2?page=m&page_size=n&start_time=t1&end_time=t2

Optional query string parameters

  • page: This is the page number to request.

  • page_size: This is the number of device records to retrieve per page.

  • start_time: This is the start of the time range. Format is YYYY-MM-DDThh:mm:ss.SSSZ (ISO 8601 date/time format). Required if using an end_time.

  • end_time: This is the end of the time range. Format is: YYYY-MM-DDThh:mm:ss.SSSZ (ISO 8601 date/time format). Optional. The default value is now.

  • device_id: This adds a device ID to reduce the set of memory protection events. Default is null.

Example

https://protectapi.cylance.com/threats/v2/?page=1&page_size=20&start_time=2023-11-14T21:07:10&end_time=2023-11-24T21:07:10

Method

HTTP/1.1 GET

Request headers
  • Accept: application/json
  • Authorization: Bearer JWT Token returned by Auth API with the device:list scope encoded

Request

None

Response

Please see the Response status codes for more information.

Response JSON schema

Field Name Description

av_industry

This is the score provided by the antivirus industry. If there is no antivirus industry score, then null is displayed.

classification

This is the threat classification for the threat. See Threat classifications for more information.

file_size

This is the size of the file in bytes.

global_quarantined

This setting identifies if the threat is on the global quarantine list.

  • false: The file is not on the global quarantine list.
  • true: The file is on the global quarantine list.
last_found This is the date and time (in UTC) when the threat was last found on the device.

md5

This is the MD5 hash for the threat.
name This is the name of the threat.
page_items This is the list of threats belonging to the requested page.
page_number This is the page number requested.
page_size This is the page size requested.

safelisted

This setting identifies if the threat was safelisted.

sha256

This is the SHA256 hash for the threat.

sub_classification

This is the threat sub-classification for the threat. See Threat classifications for more information.
total_number_of_items This is the total number of resources.
total_pages This is the total number of pages that can be retrieved based on the page size specified.

unique_to_cylance

This setting identifies that the threat was identified by Endpoint Defense but not by other antivirus sources.

  • false: The file has been identified by other antivirus sources.
  • true: The file has only been identified as a threat by Endpoint Defense.