Get memory protection event
Request details for a specific memory protection event.
Service endpoint | /memoryprotection/v2/{device_image_file_event_id} |
Optional query string parameters | — |
Example | https://protectapi.cylance.com/memoryprotection/v2/40d04bf5-c5d7-495f-805a-28c6fc8ac12chttps://protectapi.cylance.com/users/v2 |
Method | HTTP/1.1 GET |
Request headers |
|
Request
None
Response
Please see the Response status codes for more information.
Response JSON schema
Field Name | Description |
|---|---|
action | This is the action take on the memory protection event.
|
agent_event_id | This is the unique identifier for the memory protection event, created by the agent. |
created | This is the date and time the memory protection event was created. |
device_id | This is the unique identifier for the device. |
device_image_file_event_id | This is the unique identifier for the memory protection event. Use this information for get memory protection event. |
dll_version | This is the agent version that identified the memory protection event. |
file_hash_id | This is the SHA256 hash for the threat. |
file_version | This is the version number of the file that caused the memory protection event. |
groups | These are the groups the user belongs to. |
image_name | This is the path and name of the file that triggered the memory protection event. |
process_id | This is the process ID of the memory protection event. It is generated by the operating system. |
sid | This is the security identifier for the user, group, or other security principal. It is generated by the operating system. |
username | This is the name of the user who was logged in to the device when the memory protection event occurred. |
violation_type | This is the violation type number for the memory protection event. See Memory violation types for more information. |