Get threats

Get a list of threats detected in a tenant.

Service endpoint	threats/v2?page=m&page_size=n&start_time=t1&end_time=t2
Optional query string parameters	—
Example	https://protectapi.cylance.com/threats/v2/?page=1&page_size=20&start_time=2023-11-14T21:07:10&end_time=2023-11-24T21:07:10
Method	HTTP/1.1 GET
Request headers	Accept: application/json Authorization: Bearer `JWT Token returned by Auth API` with the device:list scope encoded

Request

None

Please see the Response status codes for more information.

Field Name	Description
avIndustry	This is the threat data from the AV industry.
certIssuer	This is the certificate issuer.
certPublisher	This is the certificate publisher.
certTimestamp	This is the date and time when the certificate was created.
classification	This is the classification of the threat (For example, PUP indicates a potentially unwanted program).
dateDetected	This is the date and time the threat was detected on the device. Note that the date parameters filter on dateDetected.
dateFirstDetected	This is the date and time when the threat was first detected.
detectedBy	This is the product features that detected the threat.
deviceId	This is the unique ID for the device.
deviceName	This is the name of the device.
end_time	The end of the time range in ISO-8601 date/time format (optional) (default value: now)
fileSize	This is the size of the file, in bytes (for example, 1000 is 1KB).
globalQuarantined	—
md5	This is the MD5 hash information for the threat.
mostRecentDetection	This is the date and time of the most recent detection of the threat.
name	This is the name of the threat.
page	The page number to request. (optional) (default value: 1)
page_size	The number of device records to retrieve per page. (optional) (default value: 10, maximum value: 200)
safelisted	—
sha256	This is the SHA256 hash information for the file.
signed	—
start_time	The start of the time range in ISO-8601 date/time format (required if using end_time)
subClassification	—
threatHistory	—
uniqueToCylance	—