Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Cylance User API guide
  4. Detections API
  5. Get detections .csv

Get detections .csv

Request a list of
CylanceOPTICS
 detection resources belonging to a tenant, in .csv format. Any provided filters will be applied, but limit/offset parameters will not. All detections for the tenant will be exported.
Service endpoint
/detections/v2/csv
Optional query string parameters
  • start: This is the start date-time of the query range.
  • end: This is the end date-time of the query range.
  • severity: This is the detection severity filter. Values are informational, low, medium, high.
  • detection_type: This is the detection type filter.
  • detected_on: This is the detected on filter.
  • event_number: This is the event number filter.
  • device: This is the device name filter.
  • status: The values for this are new, in progress, follow up, reviewed, done, false positive.
  • page: This is the page number to request.
  • page_size: This is the number of detection records to retrieve per page.
  • sort: This sorts by the following fields (adding "-" in front of the value denotes descending order):
    • Severity
    • OccurrenceTime
    • Status
    • Device
    • PhoneticId
    • Description
    • ReceivedTime
Example
retrieve the first page with up to 100 detections, with a high severity, and sorted by occurrence time: https://protectapi.cylance.com/detections/v2/csv?page=1&page_size=100&severity=High&sort=OccurrenceTime
Method
HTTP/1.1 GET
Request headers
  • Accept: application/json
  • Authorization: Bearer
    JWT Token returned by Auth API
     with the opticsdetect:list scope encoded

Request

None

Response

Please see the Response status codes for more information.

Request JSON schema

Field Name
Description
Cylance Id
This is the ID for the device.
Device
This is the name of the device.
Detected On
This is the time when the detection occurred according to the associated endpoint agent.
Detection
This is the description of the detection.
Detection Id
This is the easy-to-read version of the ID that is probabilistically unique.
Id
This is the unique ID for the detection.
ReceivedTime
This is the time when the detection was received by
Cylance
's cloud services.
Severity
This is the criticality of an observance of a detection.
Status
This is the status of the detection workflow.