- Application management
- RESTful API
- User API
- Device API
- Get devices
- Get devices extended
- Get device count
- Get device
- Get device by MAC address
- Get device by hostname
- Update device
- Get device threat
- Update device threat
- Get zone devices
- Get agent installer link
- Delete Devices
- Get Device Lifecycle Management settings
- Update Device Lifecycle Management Settings
- Exempt devices from the Device Lifecycle Management process
- Include devices in the Device Lifecycle Management process
- Reset the inactive period for a list of devices that are included in the Device Lifecycle Management process
- Global list API
- Policy API
- Zone API
- Threat API
- Memory protection API
- Detections API
- Package deployment API
- Detection rule API
- Detection rule sets API
- Detection exceptions API
- Device commands API
- Focus view API
- InstaQuery API
- CylanceOPTICS policy API
- Lockdown configurations API
- BlackBerry Docs
- Cylance Endpoint Security
- Cylance User API guide
- Device API
- Update device threat
Update device threat
Update the status (waive or quarantine) of a convicted threat. To update a threat on a device requires the modify permission for the threats privilege in an integration. See authorization below.
Service Endpoint | /devices/v2/{unique_device_id}/threats |
Optional query string parameters | — |
Example | https://protectapi.cylance.com/devices/v2/e378dacb-9324-453a-b8c6-5a8406952195/threats |
Method | HTTP/1.1 POST |
Request headers |
|
Request
{ "threat_id": "bf17366ee3bb8068a9ad70fc9e68496e7e311a055bf4ffeeff53cc5d29ccce52", "event": "Quarantine" }
Response
Please see the Response status codes for more information.
Response JSON schema
Field Name | Description |
|---|---|
event | This is the requested status update for the convicted threat, which can be either quarantine or waive |
threat_id | This is the SHA256 hash of the convicted threat |