New

Make Threat Found Date available through the API

  • 27 May 2020
  • 1 reply
  • 275 views

I want to know the number of threats that were found in a certain time period. For that, I need the date that each threat was found.

In the management console, the closest thing is the Scan Start date. The problem is that this data isn’t available in the API. In my case, using Brightgauge, there is no way to the identify the date/time that a threat was found, quarantined, or resolved. This seems to me like very important data that could go a long way, and I would like it to be made available on the UnityAPI.


1 reply

Userlevel 3
Badge +6

Hi Jamison, I’m a little surprised that Brightgauge is not able to display the threat dates; we will get in touch with them to see why that could be.  Our Unity API provides the data shown below via the Threat History report (field data has been altered to protect the innocent). 

      "EndpointId": "017834ae-cc1a-4619-8c7f-f3c5023eb0f3",

      "MachineId": "8BD4E9AF05084A5AB2E2F465F1D8EFE2:::302D3C129A014048A8D5B427D7A10E66:::302D3C129A014048A8D5B427D7A10E66",

      "HostName": "MyComputer1",

      "FileName": "eicar.com",

      "PathName": "?:\\users\\user1\\desktop",

      "MalwareGroup": "Anti-Malware Testfile",

      "FirstSeen": "2020-09-25T17:24:19.9852897Z",

      "LastSeen": "2020-10-06T17:24:19.9852897Z",

      "ExtendedInfo": {

        "DwellTime": 540,

        "FileMD5": "9BC4837EAF744739BB67044914166BE1",

        "FileSize": 68,

        "UserName": "User1",

        "IPAddress": "95.249.166.214",

        "Determination": "B",

        "FileVendor": "",

        "FileProduct": "",

        "FileVersion": ""

If you are looking for customer-facing threat reports, you can generate them using the Universal Reporter, which can be found in the Console under Reports > API reporting.  I would encourage watching the videos provided first.  

Thanks,

Nick

Reply