Select the tab

Download quarantined objects

Copy current article URL Share via email

This article (PDF) Whole documentation (PDF)

Relative path: /v1/quarantined-objects:download

Download quarantined objects matching the criteria in the filter.

The response is a ZIP archive of quarantined objects.

Info:
Modeled after gRPC-JSON transcoder: Sending arbitrary content
and
GitHub: Google APIs

Base URL for Europe, Germany, United States and Canada regions:

https://eu.quarantine-management.eset.systems

https://de.quarantine-management.eset.systems

https://us.quarantine-management.eset.systems

https://ca.quarantine-management.eset.systems

Request body

Display Schema instead of an Example or vice-versa

Type	Required	Example	Schema
application/json	Yes	{ "excludedObjectUuids": [ "string" ], "filter": { "cloudOfficeTenantUuid": "string", "emailInternetMessageId": "string", "emailRecipient": "string", "emailSender": "string", "emailSubject": "string", "fileName": "string", "msSharepointRootSiteUuid": "string", "msTeamsTeamUuid": "string", "objectOrigin": "OBJECT_ORIGIN_UNSPECIFIED", "objectType": "QUARANTINED_OBJECT_TYPE_UNSPECIFIED", "quarantineReason": "QUARANTINE_REASON_UNSPECIFIED", "quarantineTime": { "startTime": "string", "endTime": "string" }, "userUuid": "string" } }	{ "$ref": "v1DownloadQuarantinedObjectsRequest", "excludedObjectUuids": [ { "type": "string" } ], "filter": { "$ref": "v1QuarantineFilter", "description": "Quarantine filter. Every entry can be seen as a condition. If multiple conditions are filled, they are used in a filtering expression with the AND operator (that is, they must be fulfilled simultaneously).", "cloudOfficeTenantUuid": { "type": "string", "description": "Reference to [cloud office tenant]. If filled, only objects of the referred tenant are returned. If empty or null, objects of any tenant are returned. type: cloud_office_protection.v1.CloudOfficeTenant" }, "emailInternetMessageId": { "type": "string", "description": "If filled, only messages with this Message-ID are returned. If empty or '', messages with any Message-ID are returned." }, "emailRecipient": { "type": "string", "description": "If given, only emails with the given email address in recipients are returned. If empty or '', emails for all the recipients are included in the response. 0 - 100 characters" }, "emailSender": { "type": "string", "description": "If given, only emails from the given email address are returned. If empty or '', emails from all the senders are included in the response. 0 - 100 characters" }, "emailSubject": { "type": "string", "description": "If given, only emails whose subject contains this string are returned. If empty or '', emails with any subject are included in the response. 0 - 100 characters" }, "fileName": { "type": "string", "description": "If given, only quarantined files with the path terminated with this string are returned. If empty or '', all files are returned." }, "msSharepointRootSiteUuid": { "type": "string", "description": "Reference to [Microsoft Sharepoint root site]. If filled, only objects belonging to the given site or its child sites are returned. If empty or '', objects of all sites are returned. type: eset.dotnod.quarantine_management.v1-alpha.MicrosoftSharepointSite" }, "msTeamsTeamUuid": { "type": "string", "description": "Reference to [Microsoft Teams team]. type: eset.dotnod.quarantine_management.v1-alpha.MicrosoftTeamsTeam" }, "objectOrigin": { "$ref": "v1ObjectOrigin", "type": "string", "description": "Object origin denotes a system managing object's life-cycle. This is necessary to be known for actions that manipulate with object, such as delete, quarantine, move and so on. OBJECT_ORIGIN_UNSPECIFIED: fallback OBJECT_ORIGIN_MS_OFFICE365: Object originates in Microsoft Office 365. OBJECT_ORIGIN_GOOGLE_WORKSPACE: Object originates in Google Workspace. OBJECT_ORIGIN_DEVICE: Object originates from a device.", "default": "OBJECT_ORIGIN_UNSPECIFIED", "enum": [ "OBJECT_ORIGIN_UNSPECIFIED", "OBJECT_ORIGIN_MS_OFFICE365", "OBJECT_ORIGIN_GOOGLE_WORKSPACE", "OBJECT_ORIGIN_DEVICE" ] }, "objectType": { "$ref": "v1QuarantinedObjectType", "type": "string", "description": "Possible types of an object. QUARANTINED_OBJECT_TYPE_UNSPECIFIED: fallback QUARANTINED_OBJECT_TYPE_EMAIL_MESSAGE: The object is an email message. QUARANTINED_OBJECT_TYPE_EMAIL_ATTACHMENT: The object is an email attachment. QUARANTINED_OBJECT_TYPE_FILE_ON_DRIVE: The object is a file on the drive.", "default": "QUARANTINED_OBJECT_TYPE_UNSPECIFIED", "enum": [ "QUARANTINED_OBJECT_TYPE_UNSPECIFIED", "QUARANTINED_OBJECT_TYPE_EMAIL_MESSAGE", "QUARANTINED_OBJECT_TYPE_EMAIL_ATTACHMENT", "QUARANTINED_OBJECT_TYPE_FILE_ON_DRIVE" ] }, "quarantineReason": { "$ref": "v1QuarantineReason", "type": "string", "description": "Reasons for the object being quarantined. QUARANTINE_REASON_UNSPECIFIED: fallback QUARANTINE_REASON_MALWARE: The object was identified as malware or as containing malware. QUARANTINE_REASON_GRAYWARE: The object was identified as grayware or as containing grayware. Grayware refers to potentially unwanted programs or files that, while not explicitly malicious, can negatively impact system performance or user experience. QUARANTINE_REASON_PHISHING: The object (mostly email) was identified as phishing. QUARANTINE_REASON_SPAM: The object (mostly email) was identified as unsolicited or spam. QUARANTINE_REASON_SENDER_SPOOFING: The email's sender was identified as spoofed. QUARANTINE_REASON_RULE: The object was quarantined by a rule (for example, mail transfer protection rule).", "default": "QUARANTINE_REASON_UNSPECIFIED", "enum": [ "QUARANTINE_REASON_UNSPECIFIED", "QUARANTINE_REASON_MALWARE", "QUARANTINE_REASON_GRAYWARE", "QUARANTINE_REASON_PHISHING", "QUARANTINE_REASON_SPAM", "QUARANTINE_REASON_SENDER_SPOOFING", "QUARANTINE_REASON_RULE" ] }, "quarantineTime": { "$ref": "typeInterval", "description": "Represents a time interval, encoded as a Timestamp start (inclusive) and a Timestamp end (exclusive). The start must be less than or equal to the end. When the start equals the end, the interval is empty (matches no time). When both start and end are unspecified, the interval matches any time.", "startTime": { "type": "string", "description": "Optional. Inclusive start of the interval. If specified, a Timestamp matching this interval will have to be the same or after the start.", "format": "date-time" }, "endTime": { "type": "string", "description": "Optional. Exclusive end of the interval. If specified, a Timestamp matching this interval will have to be before the end.", "format": "date-time" } }, "userUuid": { "type": "string", "description": "This is a reference to the user associated with the quarantined object through ownership of its storage. If filled for a file, only the files on a cloud drive owned by the given user are included in the response. If filled for mail, only the files in a mailbox owned by the given user are included in the response. If null or empty, quarantined objects associated with any user and accessible to the caller will be included in the response. type: user_management.v1.User" } } }

Type

Required

Example

Schema

application/json

Yes

{
  "excludedObjectUuids": [
    "string"
  ],
  "filter": {
    "cloudOfficeTenantUuid": "string",
    "emailInternetMessageId": "string",
    "emailRecipient": "string",
    "emailSender": "string",
    "emailSubject": "string",
    "fileName": "string",
    "msSharepointRootSiteUuid": "string",
    "msTeamsTeamUuid": "string",
    "objectOrigin": "OBJECT_ORIGIN_UNSPECIFIED",
    "objectType": "QUARANTINED_OBJECT_TYPE_UNSPECIFIED",
    "quarantineReason": "QUARANTINE_REASON_UNSPECIFIED",
    "quarantineTime": {
      "startTime": "string",
      "endTime": "string"
    },
    "userUuid": "string"
  }
}

{
  "$ref": "v1DownloadQuarantinedObjectsRequest",
  "excludedObjectUuids": [
    {
      "type": "string"
    }
  ],
  "filter": {
    "$ref": "v1QuarantineFilter",
    "description": "Quarantine filter. Every entry can be seen as a condition. If multiple conditions are filled, they are used in a filtering expression with the AND operator (that is, they must be fulfilled simultaneously).",
    "cloudOfficeTenantUuid": {
      "type": "string",
      "description": "Reference to [cloud office tenant]. If filled, only objects of the referred tenant are returned. If empty or null, objects of any tenant are returned. type: cloud_office_protection.v1.CloudOfficeTenant"
    },
    "emailInternetMessageId": {
      "type": "string",
      "description": "If filled, only messages with this Message-ID are returned. If empty or '', messages with any Message-ID are returned."
    },
    "emailRecipient": {
      "type": "string",
      "description": "If given, only emails with the given email address in recipients are returned. If empty or '', emails for all the recipients are included in the response. 0 - 100 characters"
    },
    "emailSender": {
      "type": "string",
      "description": "If given, only emails from the given email address are returned. If empty or '', emails from all the senders are included in the response. 0 - 100 characters"
    },
    "emailSubject": {
      "type": "string",
      "description": "If given, only emails whose subject contains this string are returned. If empty or '', emails with any subject are included in the response. 0 - 100 characters"
    },
    "fileName": {
      "type": "string",
      "description": "If given, only quarantined files with the path terminated with this string are returned. If empty or '', all files are returned."
    },
    "msSharepointRootSiteUuid": {
      "type": "string",
      "description": "Reference to [Microsoft Sharepoint root site]. If filled, only objects belonging to the given site or its child sites are returned. If empty or '', objects of all sites are returned. type: eset.dotnod.quarantine_management.v1-alpha.MicrosoftSharepointSite"
    },
    "msTeamsTeamUuid": {
      "type": "string",
      "description": "Reference to [Microsoft Teams team]. type: eset.dotnod.quarantine_management.v1-alpha.MicrosoftTeamsTeam"
    },
    "objectOrigin": {
      "$ref": "v1ObjectOrigin",
      "type": "string",
      "description": "Object origin denotes a system managing object's life-cycle. This is necessary to be known for actions that manipulate with object, such as delete, quarantine, move and so on. OBJECT_ORIGIN_UNSPECIFIED: fallback OBJECT_ORIGIN_MS_OFFICE365: Object originates in Microsoft Office 365. OBJECT_ORIGIN_GOOGLE_WORKSPACE: Object originates in Google Workspace. OBJECT_ORIGIN_DEVICE: Object originates from a device.",
      "default": "OBJECT_ORIGIN_UNSPECIFIED",
      "enum": [
        "OBJECT_ORIGIN_UNSPECIFIED",
        "OBJECT_ORIGIN_MS_OFFICE365",
        "OBJECT_ORIGIN_GOOGLE_WORKSPACE",
        "OBJECT_ORIGIN_DEVICE"
      ]
    },
    "objectType": {
      "$ref": "v1QuarantinedObjectType",
      "type": "string",
      "description": "Possible types of an object. QUARANTINED_OBJECT_TYPE_UNSPECIFIED: fallback QUARANTINED_OBJECT_TYPE_EMAIL_MESSAGE: The object is an email message. QUARANTINED_OBJECT_TYPE_EMAIL_ATTACHMENT: The object is an email attachment. QUARANTINED_OBJECT_TYPE_FILE_ON_DRIVE: The object is a file on the drive.",
      "default": "QUARANTINED_OBJECT_TYPE_UNSPECIFIED",
      "enum": [
        "QUARANTINED_OBJECT_TYPE_UNSPECIFIED",
        "QUARANTINED_OBJECT_TYPE_EMAIL_MESSAGE",
        "QUARANTINED_OBJECT_TYPE_EMAIL_ATTACHMENT",
        "QUARANTINED_OBJECT_TYPE_FILE_ON_DRIVE"
      ]
    },
    "quarantineReason": {
      "$ref": "v1QuarantineReason",
      "type": "string",
      "description": "Reasons for the object being quarantined. QUARANTINE_REASON_UNSPECIFIED: fallback QUARANTINE_REASON_MALWARE: The object was identified as malware or as containing malware. QUARANTINE_REASON_GRAYWARE: The object was identified as grayware or as containing grayware. Grayware refers to potentially unwanted programs or files that, while not explicitly malicious, can negatively impact system performance or user experience. QUARANTINE_REASON_PHISHING: The object (mostly email) was identified as phishing. QUARANTINE_REASON_SPAM: The object (mostly email) was identified as unsolicited or spam. QUARANTINE_REASON_SENDER_SPOOFING: The email's sender was identified as spoofed. QUARANTINE_REASON_RULE: The object was quarantined by a rule (for example, mail transfer protection rule).",
      "default": "QUARANTINE_REASON_UNSPECIFIED",
      "enum": [
        "QUARANTINE_REASON_UNSPECIFIED",
        "QUARANTINE_REASON_MALWARE",
        "QUARANTINE_REASON_GRAYWARE",
        "QUARANTINE_REASON_PHISHING",
        "QUARANTINE_REASON_SPAM",
        "QUARANTINE_REASON_SENDER_SPOOFING",
        "QUARANTINE_REASON_RULE"
      ]
    },
    "quarantineTime": {
      "$ref": "typeInterval",
      "description": "Represents a time interval, encoded as a Timestamp start (inclusive) and a Timestamp end (exclusive). The start must be less than or equal to the end. When the start equals the end, the interval is empty (matches no time). When both start and end are unspecified, the interval matches any time.",
      "startTime": {
        "type": "string",
        "description": "Optional. Inclusive start of the interval. If specified, a Timestamp matching this interval will have to be the same or after the start.",
        "format": "date-time"
      },
      "endTime": {
        "type": "string",
        "description": "Optional. Exclusive end of the interval. If specified, a Timestamp matching this interval will have to be before the end.",
        "format": "date-time"
      }
    },
    "userUuid": {
      "type": "string",
      "description": "This is a reference to the user associated with the quarantined object through ownership of its storage. If filled for a file, only the files on a cloud drive owned by the given user are included in the response. If filled for mail, only the files in a mailbox owned by the given user are included in the response. If null or empty, quarantined objects associated with any user and accessible to the caller will be included in the response. type: user_management.v1.User"
    }
  }
}

Responses

Display Schema+Headers instead of an Example or vice-versa

Code	Description and Example	Description, Schema and Headers
200	Successful response. Response example "string"	Successful response. Response schema { "title": "Free form byte stream", "type": "string", "format": "binary" } Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
202	Response took too long; request cached. Response can be retrieved later using the response-id header.	Response took too long; request cached. Response can be retrieved later using the response-id header. Response schema [] Headers { "response-id": { "description": "Unique ID of a pending request. Used to retrieve cached result.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } }, "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
400	One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided.	One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided. Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
401	Token has expired or is invalid.	Token has expired or is invalid. Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
403	Access denied. Check permissions.	Access denied. Check permissions. Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
404	Requested resource not found.	Requested resource not found. Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
429	Rate limit reached. Try again later.	Rate limit reached. Try again later. Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
500	Internal server failure. Try again later.	Internal server failure. Try again later. Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
502	Internal server failure. Try again later.	Internal server failure. Try again later. Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
503	Environment under maintenance. Try again later.	Environment under maintenance. Try again later. Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
504	Action took too long; timeout reached	Action took too long; timeout reached Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }

˄˅