GET /service/api/console/gsm/{gsmKey}/sites/{siteId}/endpoints/{endpointId}/threathistory
 ?startDate={startDate}
 &endDate={endDate}
 &returnedInfo={returnedInfo}
 &pageSize={pageSize}
 &pageNr={pageNr}

Gets threat history information for a given endpoint.

NOTE: The maximum allowed time difference between 'startDate' and 'endDate' is 3 calendar months.

Request Information

URI Parameters

NameDescriptionTypeAdditional Information
gsmKey

The GSM console keycode.

string

Required

siteId

The site identifier.

string

Required

endpointId

The endpoint identifier.

string

Required

startDate

If specified, returns all threat history records after (or at) the given date. If omitted, defaults to 'endDate' minus 24 hours.

date

None.

endDate

If specified, returns all threat history records before (or at) the given date. If omitted, defaults to the current date and time.

date

None.

returnedInfo

A comma separated list of classes of information to be provided in response data. Currently only the "ExtendedInfo" class is supported as a value. If omitted, general threat record information is returned only.

string

None.

pageSize

Specifies the number of records to return.

integer

Default value is 50

pageNr

Specifies the page number. Can be used to retrieve the next batch of records.

integer

Default value is 1

Body Parameters

None.

Response Information

Resource Description

Information about matching threat history records.

GetThreatHistoryResponseModel
NameDescriptionTypeAdditional Information
MoreAvailable

Value indicating whether more records are available in the queried time window. Increment the page number in the query to obtain additional threat history records.

boolean

None.

PageNr

The number of the page that was requested.

integer

None.

PageSize

The size of the page that was requested.

integer

None.

StartDate

Start date for returned records. Threat history entries after (or at) this date are contained in the response.

date

None.

EndDate

End date for returned records. Threat history entries before (or at) this date are contained in the response.

date

None.

ThreatRecords

List of threat history records.

Collection of GetThreatHistoryResponseModel_Record

None.

Sample Response

{
  "MoreAvailable": false,
  "PageNr": 1,
  "PageSize": 50,
  "StartDate": "2019-02-22T21:10:29.6520556Z",
  "EndDate": "2019-05-22T21:10:29.6520556Z",
  "ThreatRecords": [
    {
      "EndpointId": "fac91b20-4aed-400e-b326-afe256259055",
      "MachineId": "78F552AE893B4B9483CA6C4FC23602D5:::0F1036FB6DB445B79595BD2108899DEA:::0F1036FB6DB445B79595BD2108899DEA",
      "HostName": "MyComputer1",
      "FileName": "eicar.com",
      "PathName": "?:\\users\\user1\\desktop",
      "MalwareGroup": "Anti-Malware Testfile",
      "FirstSeen": "2019-05-09T21:10:29.6520556Z",
      "LastSeen": "2019-05-20T21:10:29.6520556Z",
      "ExtendedInfo": {
        "DwellTime": 976,
        "FileMD5": "FD8BDAF7A9B741C3B5C57FB8923CD828",
        "FileSize": 68,
        "UserName": "User1",
        "IPAddress": "95.215.186.93",
        "Determination": "B",
        "FileVendor": "",
        "FileProduct": "",
        "FileVersion": ""
      }
    },
    {
      "EndpointId": "13397fb1-327d-4c4d-9fdf-6b7f6d0519f5",
      "MachineId": "CC5607ACFEAE4A389E14CD47F20FBACC:::99BEF3DE5A6E438B9CA213A43B753C61:::99BEF3DE5A6E438B9CA213A43B753C61",
      "HostName": "MyComputer2",
      "FileName": "eicar.com",
      "PathName": "?:\\users\\user2\\desktop",
      "MalwareGroup": "Anti-Malware Testfile",
      "FirstSeen": "2019-05-09T21:10:29.6520556Z",
      "LastSeen": "2019-05-20T21:10:29.6520556Z",
      "ExtendedInfo": {
        "DwellTime": 580,
        "FileMD5": "3258EBE8D3DA4CA6B26C11D3A9B85853",
        "FileSize": 68,
        "UserName": "User2",
        "IPAddress": "95.10.93.149",
        "Determination": "B",
        "FileVendor": "",
        "FileProduct": "",
        "FileVersion": ""
      }
    }
  ]
}                    
<GetThreatHistoryResponseModel xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.datacontract.org/2004/07/Webroot.UnityAPI.ServiceExtension.Console.Models">
  <EndDate>2019-05-22T21:10:29.6520556Z</EndDate>
  <MoreAvailable>false</MoreAvailable>
  <PageNr>1</PageNr>
  <PageSize>50</PageSize>
  <StartDate>2019-02-22T21:10:29.6520556Z</StartDate>
  <ThreatRecords>
    <GetThreatHistoryResponseModel_Record>
      <EndpointId>fac91b20-4aed-400e-b326-afe256259055</EndpointId>
      <ExtendedInfo>
        <Determination>B</Determination>
        <DwellTime>976</DwellTime>
        <FileMD5>FD8BDAF7A9B741C3B5C57FB8923CD828</FileMD5>
        <FileProduct></FileProduct>
        <FileSize>68</FileSize>
        <FileVendor></FileVendor>
        <FileVersion></FileVersion>
        <IPAddress>95.215.186.93</IPAddress>
        <UserName>User1</UserName>
      </ExtendedInfo>
      <FileName>eicar.com</FileName>
      <FirstSeen>2019-05-09T21:10:29.6520556Z</FirstSeen>
      <HostName>MyComputer1</HostName>
      <LastSeen>2019-05-20T21:10:29.6520556Z</LastSeen>
      <MachineId>78F552AE893B4B9483CA6C4FC23602D5:::0F1036FB6DB445B79595BD2108899DEA:::0F1036FB6DB445B79595BD2108899DEA</MachineId>
      <MalwareGroup>Anti-Malware Testfile</MalwareGroup>
      <PathName>?:\users\user1\desktop</PathName>
    </GetThreatHistoryResponseModel_Record>
    <GetThreatHistoryResponseModel_Record>
      <EndpointId>13397fb1-327d-4c4d-9fdf-6b7f6d0519f5</EndpointId>
      <ExtendedInfo>
        <Determination>B</Determination>
        <DwellTime>580</DwellTime>
        <FileMD5>3258EBE8D3DA4CA6B26C11D3A9B85853</FileMD5>
        <FileProduct></FileProduct>
        <FileSize>68</FileSize>
        <FileVendor></FileVendor>
        <FileVersion></FileVersion>
        <IPAddress>95.10.93.149</IPAddress>
        <UserName>User2</UserName>
      </ExtendedInfo>
      <FileName>eicar.com</FileName>
      <FirstSeen>2019-05-09T21:10:29.6520556Z</FirstSeen>
      <HostName>MyComputer2</HostName>
      <LastSeen>2019-05-20T21:10:29.6520556Z</LastSeen>
      <MachineId>CC5607ACFEAE4A389E14CD47F20FBACC:::99BEF3DE5A6E438B9CA213A43B753C61:::99BEF3DE5A6E438B9CA213A43B753C61</MachineId>
      <MalwareGroup>Anti-Malware Testfile</MalwareGroup>
      <PathName>?:\users\user2\desktop</PathName>
    </GetThreatHistoryResponseModel_Record>
  </ThreatRecords>
</GetThreatHistoryResponseModel>