REST API Detections

$top

Request the number of items in the queried collection included in the result.

$skip

Request the number of items in the queried collection to be skipped and excluded from the result.

$count

Enable clients to request a count of the matching resources included with the resources in the response. If set to $count=1, the number of detections is returned.

$orderBy

Enable clients to request resources in ascending order using $orderBy=asc or descending order using $orderBy=desc. The default order is ascending.

$filter

Enable clients to filter resources addressed by a request URL. The query supports the following operators eq, ne, gt, ge, lt, le, and, or, and (). Combine operators with values to filter data. For instance, resolved eq 0 will report unresolved detections.

$filter

Allows the user to filter detections with an expression built from:

Fields: id, resolved, creationTime

Operators: eq, ne, gt, ge, lt, le, and, or, and ()

$idType

if $idType=sha1 {id} in URL is interpreted as sha1 of a module

computerId

Unique identifier of a computer in ESET Inspect Database

computerName

Displays the computer's name that raised the detection

computerUuid

Unique identifier of a computer in ESET Inspect Database

creationTime

The time of the detection

handled

Shows whether an action was taken against this detection

id

Unique identifier of detection in ESET Inspect Database

moduleFirstSeenLocally

When an executable was first seen on any computer

moduleId

Unique identifier of the executable in ESET Inspect Database

moduleLastExecutedLocally

When the executable executed last time on any computer

moduleLgAge

Number of days visible in the LiveGrid®

moduleLgPopularity

How many computers reported an executable to LiveGrid®

moduleLgReputation

LiveGrid® reputation is a number from 1 to 9, indicating the file's safety . 1-2 Red is malicious, 3-7 Yellow is suspicious, 8-9 Green is safe

moduleName

The executable that triggered the detection.

moduleSha1

The hash of the executable that triggered the detection

moduleSignatureType

Informs if the file is signed or not and how it is signed. (Trusted/Valid/None/Invalid/Unknown)

moduleSigner

The file's signer (if signed).

note

If available, shows a comment.

priority

The detection's priority( default 0, otherwise set by the ESET Inspect Administrator)

processCommandLine

The argument used with the command

processId

A process's unique identifier in the ESET Inspect Database

processPath

The disk path where the executable is located

processUser

The user account that was logged on the computer at the time of the detection trigger

resolved

True/false depends if the user marked the detection as resolved

ruleName

The rule's name that triggered the detection

ruleId

A rule's integer id

ruleUuid

A rule's uuid id

severity

The detection's severity.

severityScore

A more precise severity definition. 1-39 > Info 40-69 > Warning 70 - 100 > Threat

threatName

The threat's name found in this list http://www.virusradar.com/en/threat_encyclopaedia

threatUri

The URI (uniform resource identifier) that caused the detection to trigger

type

ESET type of the detections:

UnknownAlarm = 0

RuleActivated = 1 - rule based detection

MalwareFoundOnDisk = 2 - malware found on disk by Endpoint

MalwareFoundInMemory = 3 - malware found in memory by Endpoint

ExploitDetected = 4 - exploit detected by Endpoint

FirewallDetection = 5

BlockedAddress = 7 - url blocked by firewall

CryptoBlockerDetection = 8 - cryptoBlocker detection

uuid

A detection's unique identifier.

$idType

if $idType=sha1 {id} in URL is interpreted as sha1 of a module

resolved

When set to true, the detection is marked as resolved

priority

note

Enable to add a note