- Application management
- RESTful API
- User API
- Device API
- Get devices
- Get devices extended
- Get device count
- Get device
- Get device by MAC address
- Get device by hostname
- Update device
- Get device threat
- Update device threat
- Get zone devices
- Get agent installer link
- Delete Devices
- Get Device Lifecycle Management settings
- Update Device Lifecycle Management Settings
- Exempt devices from the Device Lifecycle Management process
- Include devices in the Device Lifecycle Management process
- Reset the inactive period for a list of devices that are included in the Device Lifecycle Management process
- Global list API
- Policy API
- Zone API
- Threat API
- Memory protection API
- Detections API
- Package deployment API
- Detection rule API
- Detection rule sets API
- Detection exceptions API
- Device commands API
- Focus view API
- InstaQuery API
- CylanceOPTICS policy API
- Lockdown configurations API
- BlackBerry Docs
- Cylance Endpoint Security
- Cylance User API guide
- Detections API
Detections API
The
CylanceOPTICS
detection API allows users to interact with detection events triggered by the CylanceOPTICS
context analysis engine (CAE). CAE allows users to take automated response actions against malicious or suspicious behavior detected on devices utilizing both machine learning models and static behavior-based rules.The
CylanceOPTICS
detection API enables further automation of analyzing, triaging, and responding to malicious or suspicious activity prevented or detected by CylanceOPTICS
. The workflows currently available through this API include:- Gathering a summary detection events that have occurred in a tenant including a detection event's ID, severity, description, occurrence time, associated device, and status.
- Gathering the specific detection details of detection events that have occurred in a tenant, including the artifacts associated with a detection event, the status of automated response actions that have been taken against a detection event, and other granular details that compose the detection event.
- Deleting a single or multiple detection events from a tenant.
- Updating a detection event's status and comments in a tenant.