Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Cylance User API guide
  4. Focus view API
  5. Get focus view list

Get focus view list

Retrieve a list of focus views that have been made in the tenant.
Service endpoint
/foci/v2?page=m&page_size=n
Optional query string parameters
The 'q' request parameter was replaced with multiple request parameters to provide more flexibility when filtering the Focus View List. Any Get Focus View List requests that contain the 'q' request parameter will not return any results. Requests should use the following parameters:
  • artifact_type: This is the type of Artifact for the Focus View. Types include Protect, Process, File, and NetworkConnection. The artifact type is case-insensitive.
  • created_at: This is the date when the file retrieval was requested. The date format is YYYY-MM-DD. The results are for a 24 hour period. For example, using "&created_at=2019-11-01" will return results that occurred from 2019-11-01:00:00:00 to 2019-11-01:23:59:59.
  • description: This is the human-readable description for the Focus View. The description is case-insensitive.
  • hostname: This is the hostname of the device for which the retrieval was requested. The hostname is case-insensitive.
  • status: This is the status of the Focus View request or result. Statuses include AVAILABLE, DOES_NOT_EXIST, PENDING, REQUEST, RETRY_REQUEST, UNAVAILABLE, and UNKNOWN_DEVICE. The statuses are case-sensitive.
  • page: This is the page number to request. The default is 1.
  • page_size: This is the number of file retrieval records to retrieve per page. The default is 20.
  • sort: This is used to sort by field (adding '-' in front of the value denotes descending order).
Example
https://protectapi.cylance.com/foci/v2?page=1&page_size=100
Method
HTTP/1.1 GET
Request headers
  • Accept: application/json
  • Authorization: Bearer
    JWT Token returned by Auth API
     with the opticsfocus:read scope encoded

Request

None

Response

Please see the Response status codes for more information.

Response JSON schema

Field Name
Description
page_size
This is the number of items per page.
total_pages
This is the total number of pages of this page size.
total_number_of_items
This is the total number of Focus Views available in the tenant.
page_number
This is the current page number.
page_items
This is a list of Focus View objects.
device_id
This is the unique device ID that the lockdown command was issued to. See About device ID for device ID formatting.
artifact_type
This is the type of Artifact for the focus view.
  • Protect: Request a focus view for a
    CylancePROTECT Desktop
    -generated event.
  • Process: Request a focus view for a process artifact to visualize how a process interacts with the device. This is the most common option.
  • File: Request a focus view for a file artifact to visualize how the file has been interacted with.
  • NetworkConnection: Request a focus view for a network artifact to visualize communications associated with an IP address.
artifact_subtype
This field should always be "Uid" at this time.
value
This is the UID of the Artifact used to gather the focus view.
threat_type
This is an option field to use with a "Protect" artifact_type to denote the type of threat that a focus view is being generated for.
description
This is the human-readable description for the focus view.
id
This is the unique ID of the focus view.
tenant_id
This is the unique tenant ID of the tenant that the device belongs to.
created_at
This is the timestamp (in UTC) of when the file retrieval was requested.
hostname
This is the hostname of the device that the file retrieval was requested on.
status
This is the status of the  focus view result or request. Possible values are:
  • AVAILABLE: A  focus view has been generated and is available for viewing.
  • DOES_NOT_EXIST: The  focus view requested on the device cannot be completed because the requested parameters do not exist on the device.
  • PENDING: The  focus view has been requested.
  • REQUEST: The  focus view has not been generated, but it can be requested.
  • RETRY_REQUEST: The  focus view has not been generated. It was previously requested but no results were received. It can be requested again.
  • UNAVAILABLE: The  focus view is not available, and the associated device is not online to fulfill the request. It can be requested at a later time.
  • UNKNOWN_DEVICE: The F focus view is not available, and the associated device is no longer known.
relations
This is a list of objects that are related to this  focus view. The following fields can be contained:
  • Object: The URL of a  focus view, InstaQuery, or Detection Event that is linked to this  focus view.
  • Relationship: How the relationship was established.