Get detections .csv

Request a list of Aurora Focus detection resources belonging to a tenant, in .csv format. Any provided filters will be applied, but limit/offset parameters will not. All detections for the tenant will be exported.

Service endpoint

/detections/v2/csv

Optional query string parameters
  • start: This is the start date-time of the query range.
  • end: This is the end date-time of the query range.
  • severity: This is the detection severity filter. Values are informational, low, medium, high.
  • detection_type: This is the detection type filter.
  • detected_on: This is the detected on filter.
  • event_number: This is the event number filter.
  • device: This is the device name filter.
  • status: The values for this are new, in progress, follow up, reviewed, done, false positive.
  • page: This is the page number to request.
  • page_size: This is the number of detection records to retrieve per page.
  • sort: This sorts by the following fields (adding "-" in front of the value denotes descending order):
    • Severity
    • OccurrenceTime
    • Status
    • Device
    • PhoneticId
    • Description
    • ReceivedTime

Example

retrieve the first page with up to 100 detections, with a high severity, and sorted by occurrence time: https://protectapi.cylance.com/detections/v2/csv?page=1&page_size=100&severity=High&sort=OccurrenceTime

Method

HTTP/1.1 GET

Request headers
  • Accept: application/json
  • Authorization: Bearer JWT Token returned by Auth API with the opticsdetect:list scope encoded

Request

None

Response

Please see the Response status codes for more information.

Request JSON schema

Field Name Description

Cylance Id

This is the ID for the device.

Device

This is the name of the device.

Detected On

This is the time when the detection occurred according to the associated endpoint agent.

Detection

This is the description of the detection.

Detection Id

This is the easy-to-read version of the ID that is probabilistically unique.

Id

This is the unique ID for the detection.

ReceivedTime

This is the time when the detection was received by Endpoint Defense's cloud services.

Severity

This is the criticality of an observance of a detection.

Status

This is the status of the detection workflow.