GET /service/api/console/gsm/{gsmKey}/sites/{siteId}/groups/{groupId}/threathistory
?startDate={startDate}
&endDate={endDate}
&returnedInfo={returnedInfo}
&pageSize={pageSize}
&pageNr={pageNr}
Gets threat history information for endpoints on a group.
Request Information
URI Parameters
| Name | Description | Type | Additional Information |
|---|---|---|---|
| gsmKey |
The GSM console keycode. |
string |
Required |
| siteId |
The site identifier. |
string |
Required |
| groupId |
The group identifier. |
string |
Required |
| startDate |
If specified, returns all threat history records after (or at) the given date. If omitted, defaults to 'endDate' minus 24 hours. |
date |
None. |
| endDate |
If specified, returns all threat history records before (or at) the given date. If omitted, defaults to the current date and time. |
date |
None. |
| returnedInfo |
A comma separated list of classes of information to be provided in response data. Currently only the "ExtendedInfo" class is supported as a value. If omitted, general threat record information is returned only. |
string |
None. |
| pageSize |
Specifies the number of records to return. |
integer |
Default value is 50 |
| pageNr |
Specifies the page number. Can be used to retrieve the next batch of records. |
integer |
Default value is 1 |
Body Parameters
None.
Response Information
Resource Description
Information about matching threat history records.
GetThreatHistoryResponseModel| Name | Description | Type | Additional Information |
|---|---|---|---|
| MoreAvailable |
Value indicating whether more records are available in the queried time window. Increment the page number in the query to obtain additional threat history records. |
boolean |
None. |
| PageNr |
The number of the page that was requested. |
integer |
None. |
| PageSize |
The size of the page that was requested. |
integer |
None. |
| StartDate |
Start date for returned records. Threat history entries after (or at) this date are contained in the response. |
date |
None. |
| EndDate |
End date for returned records. Threat history entries before (or at) this date are contained in the response. |
date |
None. |
| ThreatRecords |
List of threat history records. |
Collection of GetThreatHistoryResponseModel_Record |
None. |
Sample Response
{
"MoreAvailable": false,
"PageNr": 1,
"PageSize": 50,
"StartDate": "2019-06-19T04:54:14.2218764Z",
"EndDate": "2019-09-19T04:54:14.2218764Z",
"ThreatRecords": [
{
"EndpointId": "6c26b8b5-ad37-44e8-bf16-c3d33dac22a8",
"MachineId": "318A323352404A329B2F5CC616D9F890:::B29C1D1EDD024EE1B43B668332BBFC8E:::B29C1D1EDD024EE1B43B668332BBFC8E",
"HostName": "MyComputer1",
"FileName": "eicar.com",
"PathName": "?:\\users\\user1\\desktop",
"MalwareGroup": "Anti-Malware Testfile",
"FirstSeen": "2019-09-06T04:54:14.2218764Z",
"LastSeen": "2019-09-17T04:54:14.2218764Z",
"ExtendedInfo": {
"DwellTime": 505,
"FileMD5": "8529502D1123402BAF5E4DC77152B69B",
"FileSize": 68,
"UserName": "User1",
"IPAddress": "95.247.226.176",
"Determination": "B",
"FileVendor": "",
"FileProduct": "",
"FileVersion": ""
}
},
{
"EndpointId": "0f190a6a-2a2b-4299-bed0-b94e0d35b5af",
"MachineId": "6B4B1FA43A5E4CD3971EDF49B32737BF:::92F92CFFE3D246A19CAF73380D109DF0:::92F92CFFE3D246A19CAF73380D109DF0",
"HostName": "MyComputer2",
"FileName": "eicar.com",
"PathName": "?:\\users\\user2\\desktop",
"MalwareGroup": "Anti-Malware Testfile",
"FirstSeen": "2019-09-06T04:54:14.2218764Z",
"LastSeen": "2019-09-17T04:54:14.2218764Z",
"ExtendedInfo": {
"DwellTime": 294,
"FileMD5": "4B645B3D19E64A88BCD40DF14E4ABF66",
"FileSize": 68,
"UserName": "User2",
"IPAddress": "95.61.96.94",
"Determination": "B",
"FileVendor": "",
"FileProduct": "",
"FileVersion": ""
}
}
]
}
<GetThreatHistoryResponseModel xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.datacontract.org/2004/07/Webroot.UnityAPI.ServiceExtension.Console.Models">
<EndDate>2019-09-19T04:54:14.2218764Z</EndDate>
<MoreAvailable>false</MoreAvailable>
<PageNr>1</PageNr>
<PageSize>50</PageSize>
<StartDate>2019-06-19T04:54:14.2218764Z</StartDate>
<ThreatRecords>
<GetThreatHistoryResponseModel_Record>
<EndpointId>6c26b8b5-ad37-44e8-bf16-c3d33dac22a8</EndpointId>
<ExtendedInfo>
<Determination>B</Determination>
<DwellTime>505</DwellTime>
<FileMD5>8529502D1123402BAF5E4DC77152B69B</FileMD5>
<FileProduct></FileProduct>
<FileSize>68</FileSize>
<FileVendor></FileVendor>
<FileVersion></FileVersion>
<IPAddress>95.247.226.176</IPAddress>
<UserName>User1</UserName>
</ExtendedInfo>
<FileName>eicar.com</FileName>
<FirstSeen>2019-09-06T04:54:14.2218764Z</FirstSeen>
<HostName>MyComputer1</HostName>
<LastSeen>2019-09-17T04:54:14.2218764Z</LastSeen>
<MachineId>318A323352404A329B2F5CC616D9F890:::B29C1D1EDD024EE1B43B668332BBFC8E:::B29C1D1EDD024EE1B43B668332BBFC8E</MachineId>
<MalwareGroup>Anti-Malware Testfile</MalwareGroup>
<PathName>?:\users\user1\desktop</PathName>
</GetThreatHistoryResponseModel_Record>
<GetThreatHistoryResponseModel_Record>
<EndpointId>0f190a6a-2a2b-4299-bed0-b94e0d35b5af</EndpointId>
<ExtendedInfo>
<Determination>B</Determination>
<DwellTime>294</DwellTime>
<FileMD5>4B645B3D19E64A88BCD40DF14E4ABF66</FileMD5>
<FileProduct></FileProduct>
<FileSize>68</FileSize>
<FileVendor></FileVendor>
<FileVersion></FileVersion>
<IPAddress>95.61.96.94</IPAddress>
<UserName>User2</UserName>
</ExtendedInfo>
<FileName>eicar.com</FileName>
<FirstSeen>2019-09-06T04:54:14.2218764Z</FirstSeen>
<HostName>MyComputer2</HostName>
<LastSeen>2019-09-17T04:54:14.2218764Z</LastSeen>
<MachineId>6B4B1FA43A5E4CD3971EDF49B32737BF:::92F92CFFE3D246A19CAF73380D109DF0:::92F92CFFE3D246A19CAF73380D109DF0</MachineId>
<MalwareGroup>Anti-Malware Testfile</MalwareGroup>
<PathName>?:\users\user2\desktop</PathName>
</GetThreatHistoryResponseModel_Record>
</ThreatRecords>
</GetThreatHistoryResponseModel>