Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Cylance User API guide
  4. Memory protection API
  5. Get memory protection events

Get memory protection events

Request a list of memory protection events.
Service endpoint
/memoryprotection/v2?page=m&page_size=n&start_time=t1&end_time=t2
Optional query string parameters
  • page: This is the page number to request.
  • page_size: This is the number of device records to retrieve per page.
  • start_time: This is the start of the time range. Format is YYYY-MM-DDThh:mm:ss.SSSZ (ISO 8601 date/time format). Required if using an end_time.
  • end_time: This is the end of the time range. Format is: YYYY-MM-DDThh:mm:ss.SSSZ (ISO 8601 date/time format). Optional. The default value is now.
  • device_id: This adds a device ID to reduce the set of memory protection events. Default is null.
Example
https://protectapi.cylance.com/memoryprotection/v2?page=1&page_size=100&start_time=2019-11-01T12:00:00&
end_time:2019-11-30T12:00:00
Method
HTTP/1.1 GET
Request headers
  • Accept: application/json
  • Authorization: Bearer
    JWT Token returned by Auth API
     with the memoryprotection:list scope encoded

Request

None

Response

Please see the Response status codes for more information.

Response JSON schema

Field Name
Description
action
This is the action take on the memory protection event.
  • 0: None
  • 2: Block
  • 3: Terminate
agent_event_id
This is the unique identifier for the memory protection event, created by the Agent.
created
This is the date and time the memory protection event was created.
device_id
This is the unique identifier for the device.
device_image_file_event_id
This is the unique identifier for the memory protection event. Use this information for get memory protection event.
dll_version
This is the agent version that identified the memory protection event.
file_hash_id
This is the SHA256 hash for the threat.
file_version
This is the version number of the file that caused the memory protection event.
groups
This is the groups the user belongs to.
image_name
This is the path and name of the file that triggered the memory protection event.
process_id
This is the process ID of the memory protection event. It is generated by the operating system.
sid
This is the security identifier for the user, group, or other security principal. It is generated by the operating system.
username
This is the name of the user who was logged in to the device when the memory protection event occurred.
violation_type
This is the violation type number for the memory protection event. See Memory violation types for more information.