getCustomDetectionListList - Firepower Threat Defense API v6.2 (FTD v7.2)

Description

The getCustomDetectionListList operation handles configuration related to CustomDetectionList model.
If you add a file to this list, the system treats it as if the AMP cloud assigned a malware disposition. If you use AMP for Networks, and the AMP cloud incorrectly identifies a file’s disposition, you can add the file to a file list to better detect the file in the future. These files are specified using SHA-256 hash values. Each file list can contain up to 10000 unique SHA-256 values.

HTTP request

GET /api/fdm/v6/objects/customdetectionhashlist

Query Parameters

Parameter	Required	Type	Description
offset	False	integer	An integer representing the index of the first requested object. Index starts from 0. If not specified, the returned objects will start from index 0
limit	False	integer	An integer representing the maximum amount of objects to return. If not specified, the maximum amount is 10
sort	False	string	The field used to sort the requested object list
filter	False	string	The criteria used to filter the models you are requesting. It should have the following format: {key}{operator}{value}[;{key}{operator}{value}]. Supported operators are: "!"(not equals), ":"(equals), "~"(similar). Supported keys are: "name", "fts". The "fts" filter cannot be used with other filters.

Example

curl -X GET \
    --header "Accept: application/json" \
    --header "Authorization: Bearer ${ACCESS_TOKEN}" \
    "https://${HOST}:${PORT}/api/fdm/v6/objects/customdetectionhashlist"

from bravado.requests_client import RequestsClient
from bravado.client import SwaggerClient


def get_client(host, token):
    http_client = RequestsClient()
    http_client.ssl_verify = False
    http_client.set_api_key(
        host,
        "Bearer {}".format(token),
        param_name="Authorization",
        param_in="header"
    )
    return SwaggerClient.from_url(
        "https://{}/apispec/ngfw.json".format(host),
        http_client=http_client,
        config={
            "validate_responses": False,
            "validate_swagger_spec": False
        }
    )


def get_custom_detection_list_list(client):
    return client.FileAndMalwarePolicy.getCustomDetectionListList(
    ).response().result


if __name__ == "__main__":
    host = "ftd.example.com"
    token = "access_token"
    client = get_client(host, token)


    get_custom_detection_list_list(client)