Get Inspected Files
Get list of inspected files. This API will return maximum 10,000 unique inspected files for any specified time window of start_time and end_time. Pagination is supported in the specified time window upto 10,000 inspected files. If page_size and cursor combination passed is referring to more than 10,000 inspected files, this API will throw an error. And this API will return only basic information about the inspected files. Please use /inspected-files/details API for getting full details of an inspected file and corresponding number of workloads_affected count, once the file hash is known from this API response. Usage of malware_class and malware_family filter together may result in inaccurate response.
Use this request param for specifiying starting time of a timeline. Value has to be specified in milliseconds since epoch.
Use this request param for specifiying ending time of a timeline. Value has to be specified in milliseconds since epoch.
Use this request param for specifying sha256 hash to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.
Use this request param for specifying sha1 hash to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.
Use this request param for specifying md5 hash to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.
Use this request param for specifying verdict to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering. Available values - BENIGN, TRUSTED, HIGHLY_TRUSTED, SUSPICIOUS, MALICIOUS, UNKNOWN, UNINSPECTED
Used for specifying filter of allow listed files. By default, this parameter will be considered null and no filtering on allow_listed value will be applied.
Used for specifying malware family to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.
Used for specifying malware class to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.
Used for specifying filter of blocked files. By default, this parameter will be considered null and no filtering on is_blocked value will be applied.
Used for specifying file_type to filter. If this parameter is passed multiple times, OR condition will be assumed. If value passed is empty string, it will be considered as valid input for filtering.
Used for specifying analysis type to filter. If this parameter is passed multiple times, OR condition will be assumed.
Field by which records are sorted. If THREAT_SCORE is selected, then records are first sorted by LAST_INSPECTED_TIME to filter last 10,000 unique files inspected and then result set is sorted by THREAT_SCORE.
If records need to be sorted in ascending order.
Opaque cursor to be used for getting next page of records (supplied by current result page).
Maximum number of results to return in this page (server may return fewer).
ID of the NSX+ site which reported this file event. If the parameter is not passed, corresponding API will respond with results across all sites managed within NSX+ instance. This parameter will support single value. If value passed is empty string, it will be considered as valid input for filtering. This parameter is supported only in NSX+.
Successful Operation
"InspectedFilesListResult Object" curl -H 'Authorization: <value>' https://{api_host}/napp/api/v1/malware-prevention/inspected-files?start_time=v