Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Cylance User API guide
  4. Detections API
  5. Get detections

Get detections

Request a page with a list of detections belonging to a tenant, sorted in descending order (most recent detection listed first). The page number and page size parameters are optional. When the values are not specified, the default values are 1 and 20 respectively.
Service endpoint
/detections/v2?page=m&page_size=n
Optional query string parameters
  • page: This is the page number to request.
  • page_size: This is the number of device records to retrieve per page.
  • start: This is the start date-time of the query range.
  • end: This is the end date-time of the query range.
  • severity: This is the detection severity filter. Values are informational, low, medium, high.
  • detection_type: This is the detection type filter.
  • event_number: This is the event number filter.
  • device: This is the device name filter.
  • status: This is the status for the detection event, values are new, in progress, follow up, reviewed, done, false positive.
  • sort: This sorts by the following fields (adding "-" in front of the value denotes descending order):
    • Severity
    • OccurrenceTime
    • Status
    • Device
    • PhoneticId
    • Description
    • ReceivedTime
Example
retrieve the first page with up to 100 Detections, with a High severity, and sorted by Occurrence Time:
https://protectapi.cylance.com/detections/v2?page=1&page_size=100&severity=High&sort=OccurrenceTime
Method
HTTP/1.1 GET
Request headers
  • Accept: application/json
  • Authorization: Bearer
    JWT Token returned by Auth API
     with the opticsdetect:list scope encoded

Request

None

Response

Please see the Response status codes for more information.

Response JSON schema

Field Name
Description
CylanceId
This is the ID for the device.
DetectionDescription
This is the description of the detection.
Device
This is the device information that contains the device ID and device name.
Id
This is the unique ID for the detection.
name
This is the name of the device.
OccurrenceTime
This is the time when the detection occurred according to the associated endpoint agent.
page_number
This is the page number requested.
page_size
This is the page size requested.
PhoneticId
This is the easy-to-read version of the ID that is probabilistically unique.
ReceivedTime
This is the time when the detection was received by
Cylance
's cloud services.
Severity
This is the criticality of an observance of a detection.
Status
This is the status of the detection workflow.
total_number_of_items
This is the total number of resources.
total_pages
This is the total number of pages that can be retrieved, based on the page size specified.