Get Inspected Files

Get Inspected Files

Get list of inspected files. This API will return maximum 10,000 unique inspected files for any specified time window of start_time and end_time. Pagination is supported in the specified time window upto 10,000 inspected files. If page_size and cursor combination passed is referring to more than 10,000 inspected files, this API will throw an error. And this API will return only basic information about the inspected files. Please use /inspected-files/details API for getting full details of an inspected file and corresponding number of workloads_affected count, once the file hash is known from this API response. Usage of malware_class and malware_family filter together may result in inaccurate response.

Request
URI
GET
https://{api_host}/napp/api/v1/malware-prevention/inspected-files
COPY
Query Parameters
integer
start_time
Required

Use this request param for specifiying starting time of a timeline. Value has to be specified in milliseconds since epoch.

integer
end_time
Required

Use this request param for specifiying ending time of a timeline. Value has to be specified in milliseconds since epoch.

string of array
sha256
Optional

Use this request param for specifying sha256 hash to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.

string of array
sha1
Optional

Use this request param for specifying sha1 hash to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.

string of array
md5
Optional

Use this request param for specifying md5 hash to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.

string of array
verdict
Optional

Use this request param for specifying verdict to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering. Available values - BENIGN, TRUSTED, HIGHLY_TRUSTED, SUSPICIOUS, MALICIOUS, UNKNOWN, UNINSPECTED

boolean
allow_listed
Optional
Constraints: default: null

Used for specifying filter of allow listed files. By default, this parameter will be considered null and no filtering on allow_listed value will be applied.

string of array
malware_family
Optional

Used for specifying malware family to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.

string of array
malware_class
Optional

Used for specifying malware class to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.

boolean
is_blocked
Optional
Constraints: default: null

Used for specifying filter of blocked files. By default, this parameter will be considered null and no filtering on is_blocked value will be applied.

string of array
file_type
Optional

Used for specifying file_type to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.

string of array
analysis_type
Optional

Used for specifying analysis type to filter. If this parameter is passed multiple times, OR condition will be assumed.

string
sort_by
Optional
Constraints: default: LAST_INSPECTED_TIME

Field by which records are sorted. If THREAT_SCORE is selected, then records are first sorted by LAST_INSPECTED_TIME to filter last 10,000 unique files inspected and then result set is sorted by THREAT_SCORE.

Possible values are : LAST_INSPECTED_TIME, THREAT_SCORE,
boolean
sort_ascending
Optional
Constraints: default: false

If records need to be sorted in ascending order.

string
cursor
Optional

Opaque cursor to be used for getting next page of records (supplied by current result page).

integer
page_size
Optional
Constraints: minimum: 1 maximum: 10000 default: 10000

Maximum number of results to return in this page (server may return fewer).

string of array
site_id
Optional

ID of the NSX+ site which reported this file event. If the parameter is not passed, corresponding API will respond with results across all sites managed within NSX+ instance. This parameter will support single value. If value passed is empty string, it will be considered as valid input for filtering. This parameter is supported only in NSX+.


Authentication
This operation uses the following authentication methods.
Responses
200

Successful Operation

Returns InspectedFilesListResult of type(s) application/json
This response body class contains all of the following: InlineInspectedFilesListResult1
"InspectedFilesListResult Object"

Code Samples
COPY
                    curl -H 'Authorization: <value>' https://{api_host}/napp/api/v1/malware-prevention/inspected-files?start_time=v