Get detections

Request a page with a list of detections belonging to a tenant, sorted in descending order (most recent detection listed first). The page number and page size parameters are optional. When the values are not specified, the default values are 1 and 20 respectively.

Service endpoint

/detections/v2?page=m&page_size=n

Optional query string parameters
  • page: This is the page number to request.
  • page_size: This is the number of device records to retrieve per page.
  • start: This is the start date-time of the query range.
  • end: This is the end date-time of the query range.
  • severity: This is the detection severity filter. Values are informational, low, medium, high.
  • detection_type: This is the detection type filter.
  • event_number: This is the event number filter.
  • device: This is the device name filter.
  • status: This is the status for the detection event, values are new, in progress, follow up, reviewed, done, false positive.
  • sort: This sorts by the following fields (adding "-" in front of the value denotes descending order):
    • Severity
    • OccurrenceTime
    • Status
    • Device
    • PhoneticId
    • Description
    • ReceivedTime

Example

retrieve the first page with up to 100 Detections, with a High severity, and sorted by Occurrence Time:

https://protectapi.cylance.com/detections/v2?page=1&page_size=100&severity=High&sort=OccurrenceTime

Method

HTTP/1.1 GET

Request headers
  • Accept: application/json
  • Authorization: Bearer JWT Token returned by Auth API with the opticsdetect:list scope encoded

Request

None

Response

Please see the Response status codes for more information.

Response JSON schema

Field Name Description

CylanceId

This is the ID for the device.

DetectionDescription

This is the description of the detection.

Device

This is the device information that contains the device ID and device name.

Id

This is the unique ID for the detection.

name

This is the name of the device.

OccurrenceTime

This is the time when the detection occurred according to the associated endpoint agent.

page_number

This is the page number requested.

page_size

This is the page size requested.

PhoneticId

This is the easy-to-read version of the ID that is probabilistically unique.

ReceivedTime

This is the time when the detection was received by Endpoint Defense's cloud services.

Severity

This is the criticality of an observance of a detection.

Status

This is the status of the detection workflow.

total_number_of_items

This is the total number of resources.

total_pages

This is the total number of pages that can be retrieved, based on the page size specified.