Skip Navigation

Request file retrieval from device

Request that the specified file be retrieved from a specified device and stored in the
Cylance
console for later analysis.
Service endpoint
/devicecommands/v2/{{device_id}}/getfile
Optional query string parameters
Example
https://protectapi.cylance.com/devicecommands/v2/45E07F34E76B4A9EB167D6D0C510D6BA/getfile
Method
HTTP/1.1 POST
Request headers
  • Accept: application/json
  • Authorization: Bearer
    JWT Token returned by Auth API
    with the opticscommand:read scope encoded
The format of the device ID must be in all caps with no hyphens.

Request

{ "file_path": "C:\path\to\file.txt" }

Response

Please see the Response status codes for more information.

Response JSON schema

Field Name
Description
data
This is an object containing the various fields associated with the file retrieval request.
tenant_id
This is the unique tenant ID of the tenant that the device belongs to.
user_id
This is the unique ID of the user who locked down the device.
device_id
This is the unique device ID that the lockdown command was issued to. See About device ID for device ID formatting.
created_at
This is the timestamp (in UTC) of when the file retrieval was requested.
filepath
This is the file path of the requested file.
download_url
This is the unique URL and parameters required to download the retrieved file.
file_status
This is the status of the file retrieval. This will always be "PENDING" for newly created file retrievals.
file_status_description
This displays any errors or status messages associated with the retrieval request.
password
This is the password required to decrypt the retrieved file.
md5
This is the MD5 hash of the retrieved file.
sha1
This is the SHA1 hash of the retrieved file.
sha256
This is the SHA256 hash of the retrieved file.
correlation_id
This is the correlation ID associated with this action.
user_login
This is the email address of the user who initiated the file retrieval request.
hostname
This is the hostname of the device that the file retrieval was requested on.