McAfee Advanced Threat Defense APIs McAfee Advanced Threat Defense provides an Application Programming Interface (API) framework for external applications to access core McAfee Advanced Threat Defense functions through the REST protocol. REST stands for Representational State Transfer. It relies on a stateless, client-server and cacheable communication protocol – HTTP. It is an architecture style for designing networked applications. RESTful applications use HTTP requests to post data (create and/or update), get data (query information) and delete data. Thus, REST uses HTTP for all CRUD (Create/Read/Update/Delete) operations. It is a lightweight alternative to mechanisms like RPC (Remote Procedure Calls) and Web Services such as SOAP and WSDL. Attention: All Input and Output examples mentioned in this document are code snippets using REST module with Python. Make sure to tweak the input parameters according to your organizational needs. Login This URL allows a third party application to log on to McAfee Advanced Threat Defense API framework . Heartbeat This URL provides McAfee Advanced Threat Defense availability information to the user. File/URL submissionThe URL below is to upload a file/web URL for dynamic analysis by using the provided Analyzer Profile. Only single file/web URL can be submitted at a time. Task ID List Resource URL below fetches the list of task id's associated with a job id. Bulk Sample StatusThe Resource URL below is to find the status of bulk number of samples in a single query. Check Brief Status This URL checks the analysis status. Get report content Use this URL to selectively download the analysis report files. List the analyzer profiles This URL is to display the analyzer profiles. Only the analyzer profiles to which the user has access are displayed. Users List This URL displays the user profile information present on the McAfee Advanced Threat Defense. Verify blacklisted and whitelisted hash values This URL is to check if a user submitted hash value is either blacklisted or whitelisted. Only single hash value can be verified at a time. Enable or disable custom YARA scanners Enable or disable the custom YARA scanner settings. LogoutThis URL allows logging out from McAfee Advanced Threat Defense. It generates either a response or an error message. Proper logout must be performed in order to clear the session information; else, subsequent logon is not allowed until session timeout.