Get Inspected File Details
Get details of a particular inspected file including number of inspections and workloads_affected count for the specified time window. Atleast one of sha256, sha1 or md5 file hash is a required paramater. Query parameter verdict is optional and if passed, last observed inspection_time is identified based on matching events by verdict. Note that counts for the file are aggregated independent of verdict parameter passed here and correspond to all events observed for this file.
Use this request param for specifiying starting time of a timeline. Value has to be specified in milliseconds since epoch.
Use this request param for specifiying ending time of a timeline. Value has to be specified in milliseconds since epoch.
Use this request param for specifying sha256 hash to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.
Use this request param for specifying sha1 hash to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.
Use this request param for specifying md5 hash to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.
Use this request param for specifying verdict to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering. Available values - BENIGN, TRUSTED, HIGHLY_TRUSTED, SUSPICIOUS, MALICIOUS, UNKNOWN, UNINSPECTED
ID of the NSX+ site which reported this file event. If the parameter is not passed, corresponding API will respond with results across all sites managed within NSX+ instance. This parameter will support single value. If value passed is empty string, it will be considered as valid input for filtering. This parameter is supported only in NSX+.
Successful Operation
{
"_self": {},
"_links": [
{
"href": "string",
"action": "string",
"rel": "string"
}
],
"_schema": "string",
"result_count": 0,
"sort_by": "string",
"sort_ascending": false,
"cursor": "string",
"results": [
{
"sha256": "string",
"sha1": "string",
"md5": "string",
"file_size": 0,
"last_inspected": 0,
"inspection_status": "string",
"threat_score": 0,
"verdict": "string",
"error_message": "string",
"error_code": "string",
"allow_listed": {
"last_inspection_setting": false,
"current_setting": false
},
"malware_family": [
"string"
],
"malware_class": [
"string"
],
"is_blocked": false,
"file_type": "string",
"inspections_count": 0,
"last_inspected_site": {
"site_id": "string",
"site_name": "string",
"site_type": "string"
},
"file_name": [
"string"
],
"analysed_in_cloud": false,
"file_type_details": "string",
"submitted_by": "string",
"analyst_task_uuid": "string",
"protocol": "string",
"workloads_affected_count": 0,
"last_client": {
"vm_id": "string",
"ip_address": "string",
"fqdn": "string"
},
"last_server": {
"vm_id": "string",
"ip_address": "string",
"fqdn": "string"
},
"transport_node_type": "string",
"transport_node_id": "string",
"gateway_id": "string",
"first_inspected": 0
}
]
}