Get File Inspection Events
Get list of file inspection events.
Use this request param for specifiying starting time of a timeline. Value has to be specified in milliseconds since epoch.
Use this request param for specifiying ending time of a timeline. Value has to be specified in milliseconds since epoch.
Use this request param for specifying sha256 hash to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.
Use this request param for specifying sha1 hash to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.
Use this request param for specifying md5 hash to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.
Use this request param for specifying verdict to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering. Available values - BENIGN, TRUSTED, HIGHLY_TRUSTED, SUSPICIOUS, MALICIOUS, UNKNOWN, UNINSPECTED
Used for specifying filter of allow listed files. By default, this parameter will be considered null and no filtering on allow_listed value will be applied.
Field by which records are sorted. Only inspection_time based sorting is supported. Please specify the order of sorted data using sort_ascending parameter.
If records need to be sorted in ascending order.
Opaque cursor to be used for getting next page of records (supplied by current result page).
Maximum number of results to return in this page (server may return fewer).
Use this request param for excluding details so that only inspection timestamp, verdict and allow_listed fields will be returned in response. page_size query parameter will NOT be honoured if this property is set to true and will be overwritten with 10000 as page_size.
ID of the NSX+ site which reported this file event. If the parameter is not passed, corresponding API will respond with results across all sites managed within NSX+ instance. This parameter will support single value. If value passed is empty string, it will be considered as valid input for filtering. This parameter is supported only in NSX+.
Successful Operation
{
"_self": {},
"_links": [
{
"href": "string",
"action": "string",
"rel": "string"
}
],
"_schema": "string",
"result_count": 0,
"sort_by": "string",
"sort_ascending": false,
"cursor": "string",
"results": [
{
"inspection_time": 0,
"server": {
"vm_id": "string",
"ip_address": "string",
"fqdn": "string"
},
"client": {
"vm_id": "string",
"ip_address": "string",
"fqdn": "string"
},
"sha256": "string",
"sha1": "string",
"md5": "string",
"file_name": "string",
"inspection_status": "string",
"threat_score": 0,
"verdict": "string",
"error_message": "string",
"error_code": "string",
"is_blocked": false,
"allow_listed": false,
"transport_node_type": "string",
"transport_node_id": "string",
"gateway_id": "string"
}
]
}