REST API Detections

$top

Requests to include the number of items in the queried collection.

$skip

Requests to skip and not include the number of items in the queried collection.

$count

Enables clients to request a count of the matching resources included with the resources in the response. If set to $count=1, the number of detections is returned.

$orderBy

Enables clients to request resources in ascending order using $orderBy=asc or descending order using $orderBy=desc. The default order is ascending.

$filter

Enables clients to filter resources addressed by a request URL. The query supports the following operators eq, ne, gt, ge, lt, le, and, or, and (). Operators can combine with values to filter data. For instance, resolved eq 0 will report only unresolved detections.

$filter

Allows the user to filter detections with an expression built from:

Fields: id, resolved, creationTime

Operators: eq, ne, gt, ge, lt, le, and, or, and ()

$idType

if $idType=sha1 {id} in URL is interpreted as sha1 of a module

computerId

A computer's unique identifier in the ESET Inspect Database

computerName

The computer's name that raised the detection

computerUuid

A computer's unique identifier in the ESET Inspect Database

creationTime

The time of the detection

handled

Shows if action was taken against this detection

id

Unique detection identifier in the ESET Inspect Database

moduleFirstSeenLocally

When an executable was first seen on any computer

moduleId

An executable's unique identifier in the ESET Inspect Database

moduleLastExecutedLocally

When the executable was last executed on any computer

moduleLgAge

Number of days visible in the LiveGrid®

moduleLgPopularity

How many computers reported an executable to LiveGrid®

moduleLgReputation

A number from 1 to 9, indicating how safe the file is: 1–2 (red) is malicious, 3–7 (yellow) is suspicious, 8–9 (green) is safe

moduleName

The executable that triggered the detection.

moduleSha1

The executable’s hash that triggered the detection

moduleSignatureType

Information on if and how the file is signed

moduleSigner

The file signer, if applicable

note

A comment

priority

The detection's priority ( default 0, otherwise set by the ESET Inspect Administrator)

processCommandLine

Shows the argument used with the command

processId

A process's unique identifier in the ESET Inspect Database

processPath

The disk path where the executable is located

processUser

The logged user's name when the detection triggered

resolved

True/false; if user marked the detection as resolved

ruleName

The rule's name that triggered the detection

ruleId

A rule's integer id

ruleUuid

A rule's Uuid id

severity

The detection's severity

severityScore

A precise severity definition: 1–39 > Info 40–69 > Warning 70–100 > Threat

threatName

The threat's name, that can be found in this list http://www.virusradar.com/en/threat_encyclopaedia

threatUri

The URI (uniform resource identifier) that caused the detection to trigger

type

ESET type of the detections:

UnknownAlarm = 0

RuleActivated = 1: rule based detection

MalwareFoundOnDisk = 2: malware found on disk by Endpoint

MalwareFoundInMemory = 3: malware found in memory by Endpoint

ExploitDetected = 4: exploit detected by Endpoint

FirewallDetection = 5

BlockedAddress = 7: URL blocked by firewall

CryptoBlockerDetection = 8: cryptoBlocker detection

uuid

A detection's unique identifier

$idType

if $idType=sha1 {id} in URL is interpreted as sha1 of a module

resolved

When set to true, the detection is marked as resolved

priority

note

Enable to add a note