Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Cylance User API guide
  4. Detections API
  5. Get detection

Get detection

Request a specific detection resource belonging to a tenant. Use get detections to obtain the unique detection ID.
Service endpoint
/detections/v2/{detection_id}/details
Optional query string parameters
Example
https://protectapi.cylance.com/detections/v2/f2d6c020-53e2-4300-9005-2e006d9a0f57/details
Method
HTTP/1.1 GET
Request headers
  • Accept: application/json
  • Authorization: Bearer
    JWT Token returned by Auth API
     with the opticsdetect:read scope encoded

Request

None

Response

Please see the Response status codes for more information.

Response JSON schema

Field Name
Description
ActivationTime
This is the time that this particular detection first started to occur.
AppliedExceptions
These are the exceptions that were applied to the detection.
  • Id: This is the unique identifier for the exception.
  • Version: This is the version number for the exception.
ArtifactsOfInterest
This is the artifact associated with the rule that triggered the exception. This is a dynamic object.
  • Artifact:
    • Type: This is the type of artifact.
    • Uid: This is the unique identifier for the artifact.
  • Source: This is the source for the artifact.
  • StateA: This is this is the name of the artifact of interest.
AssociatedArtifacts
This is the list of artifacts that were involved in this detection. These are dynamic objects.
Comment
This is the comment on the detection.
Context
This is the context of the detection.
DetectionRule
This is the description of the rule from which this detection originated.
  • Category: This is the category of the rule.
  • Description: This is the description of the rule.
  • Id: This is the ID of the rule.
  • Name: This is the name of the rule.
  • Version: This is the version of the rule.
Detector
This is the description of the plugin that originated the detection.
  • Name: This is the name of the detector.
  • Version: This is the version of the detector.
Device
This is a capture of the current state of the device.
  • CylanceId: This is the unique ID for the device.
  • Name: This is the name of the device.
Id
This is the unique identifier for the detection.
InvolvedArtifacts
These are the artifacts involved in this detection.
Name
This is the name of the detection.
ObjectType
This is the object type for the detection.
OccurrenceTime
This is the time at which the detection occurred.
PhoneticId
This is the easy-to-read version of the ID that is probabilistically unique.
Product
This is the description of the
Cylance
 product that originated the detection.
  • Name: This is the name of the
    Cylance
     product.
  • Version: This is the version of the
    Cylance
     product.
ReceivedTime
This is the time when the detection was received.
Responses
These are the responses to the detection.
  • Status: This is the status of the response.
  • Comment: This is the comment on the response.
  • TenantId: This is the tenant ID to which the response belongs.
  • PhoneticId: This is the easy-to-read version of the ID that is probabilistically unique.
  • DetectionId: This is the ID for the detection event that warranted the response.
  • OccurrenceTime: This is the time at which the response actions were taken.
  • ActionResults:
    • HandlingResponderVersion: This is the version of the responder plugin that performed the response.
    • HandlingResponderName: This is the name of the responder plugin that performed the response.
    • Results:
      • Status: This is the status of the result.
      • Message: This is the message of the result.
      • Code:
        • Ordinal: This is the indicator code for the success of the action.
        • Reason: This is the detailed description explaining the indicator code.
        • Name: This is the friendly name of the status code.
  • AssociatedArtifacts: These are the artifacts upon which the action occurred.
  • ResponseRuleId: This is the ID of the response rule that triggered the response.
  • SchemaVersion: This is the version of the response rule.
  • ResponseRuleVersion: This is the version of the response rule.
  • ReceivedTime: This is the time the response was received.
  • ObjectType: This is the type of the object for the response.
SchemaVersion
This is the version of the schema to which the object conforms.
Severity
This is the criticality of an observance of the detection.
SeveritySortLevel
This is the sort level for the severity.
Status
This is the status of the detection in the workflow.
StatusSortLevel
This is the sort level for the status.
Trace
This is the trace information.
  • Event: This is the
    CylanceOPTICS
     Event that triggered the state.
  • StateName: This is the name of a state that was traversed.
TenantId
This is the ID for the tenant.
ZoneIds
This is the list of IDs for the zones associated with the detection.