Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Cylance User API guide
  4. Threat API
  5. Get threat

Get threat

Request threat details for a specific threat.
Service endpoint
/threats/v2/{threat_sha256}
Optional query string parameters
Example
https://protectapi.cylance.com/threats/v2/bf17366ee3bb8068a9ad70fc9e68496e7e311a055bf4ffeeff53cc5d29ccce52
Method
HTTP/1.1 GET
Request headers
  • Accept: application/json
  • Authorization: Bearer
    JWT Token returned by Auth API
     with the threat:read scope encoded

Request

None

Response

Please see the Response status codes for more information.

Response JSON schema

Field Name
Description
auto_run
This setting indicates if the file is set to automatically run on system startup.
  • false: The file is not set to automatically run on system startup.
  • true: The file is set to automatically run on system startup.
av_industry
This is the score provided by the antivirus industry. If there is no antivirus industry score, then null is displayed.
cert_issuer
This is the ID for the certificate issuer.
cert_publisher
This is the ID for the certificate publisher.
cert_timestamp
This is the date and time (in UTC) when the file was signed using the certificate.
classification
This is the threat classification for the threat. See Threat classifications for more information.
cylance_score
This is the
Cylance
 score assigned to the threat.
The User API returns a raw score of -1 to 1. Threats have a negative raw score, while safe files have a positive raw score. The management console only displays threats and uses a score of 1 to 100. A raw score of -1 equals a Console score of 100.
detected_by
This is the name of the module that detected the threat.
file_size
This is the size of the file, in bytes.
global_quarantine
This setting identifies if the threat is on the global quarantine list.
  • false: The file is not on the global quarantine list.
  • true: The file is on the global quarantine list.
md5
This is the MD5 hash for the threat.
name
This is the name of the threat.
running
This setting identifies if the threat is executing, or another executable loaded or called it.
  • false: The threat is not running.
  • true: The threat is running.
safelisted
This setting identifies if the threat is on the safe list.
  • false: The file is not on the safe list.
  • true: The file is on the safe list.
sha256
This is the SHA256 hash for the threat.
signed
This setting identifies if the file is signed or not signed.
sub_classification
This is the threat sub-classification for the threat. See Threat classifications for more information.
unique_to_cylance
This setting identifies that the threat was identified by
Cylance
 but not by other antivirus sources.
  • false: The file has been identified by other antivirus sources.
  • true: The file has only been identified as a threat by
    Cylance
    .