About

Mitigation Signature List Endpoint is designed to return action based signature suggestions as obtained under Picus platform > Mitigation > Vendor Based Mitigations. Vendor based mitigation device mitigations can be fetched using the endpoint.

Example

Get mitigation signatures -that are related to device with id 16- of actions with ids 13636, 13643.

curl --request GET \
     --url 'https://api.picussecurity.com/v1/mitigation/devices/16/signatures?action_ids=13636,13643' \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer access_token'

[
    {
        "id": 167065,
        "signature_id": "Some signature id",
        "name": "Malicious Binary.TC.mouuqr",
        "vendor_severity": "High",
        "signature_category": "",
        "signature_version": "Some signature version",
        "description": "",
        "reference": "",
        "product_platform": "Check Point NGX",
        "product_version": "R80.40"
    },
    {
        "id": 167515,
        "signature_id": "Some signature id",
        "name": "Injector.Win32.Runpe.TC.koj",
        "vendor_severity": "High",
        "signature_category": "",
        "signature_version": "Some signature version",
        "description": "",
        "reference": "",
        "product_platform": "Check Point NGX",
        "product_version": "R80.40"
    }
]

📘
Action Ids Filter
Required, Max 10 action ids can be filtered.