Veeam Backup & Replication 13
REST API Reference
Related documents

Malware Detection

The Malware Detection section defines paths and operations for managing malware events.

Get All Malware Events

The HTTP GET request to the /api/v1/malwareDetection/events path allows you to get an array of all malware events created on the backup server.

Available to: Veeam Backup Administrator, Incident API Operator.

SecurityBearer
Request
query Parameters
skip
integer <int32>

Number of events to skip.

limit
integer <int32>

Maximum number of events to return.

orderColumn
string (ESuspiciousActivityEventsFiltersOrderColumn)

Sorts events by one of the event parameters.

Enum: "Type" "DetectionTimeUtc" "BackupObjectId" "State" "Source" "Severity" "CreatedBy" "Engine"
orderAsc
boolean

Sorts events in the ascending order by the orderColumn parameter.

typeFilter
string (ESuspiciousActivityType)

Filters events by event type.

Enum: "Unknown" "DeletedUsefulFiles" "RansomwareNotes" "MalwareExtensions" "EncryptedData" "YaraScan" "AntivirusScan" "RenamedFiles"
detectedAfterTimeUtcFilter
string <date-time>

Returns events created after the specified time, in UTC.

detectedBeforeTimeUtcFilter
string <date-time>

Returns events created before the specified time, in UTC.

backupObjectIdFilter
string <uuid>

Filters events by backup object ID.

stateFilter
string (ESuspiciousActivityState)

Filters events by state.

Enum: "Created" "FalsePositive"
sourceFilter
string (ESuspiciousActivitySourceType)

Filters events by source type.

Enum: "Manual" "InternalVeeamDetector" "External" "MarkAsCleanEvent"
severityFilter
string (ESuspiciousActivitySeverity)

Filters events by severity.

Enum: "Clean" "Suspicious" "Infected"
createdByFilter
string

Filters events by the createdBy pattern. To substitute one or more characters, use the asterisk (*) character at the beginning, at the end or both.

engineFilter
string

Filters events by the engine pattern. To substitute one or more characters, use the asterisk (*) character at the beginning, at the end or both.

header Parameters
x-api-version
required
string
Default: 1.1-rev2

Version and revision of the client REST API. Must be in the following format: <version>-<revision>.

Responses
200

OK

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.

500

Internal server error. The request has been received but could not be completed because of an internal error at the server side.

get/api/v1/malwareDetection/events
Request samples 
Response samples 
application/json
{
  • "data": [
    ],
  • "pagination": {
    }
}
Create Malware Event
The HTTP POST request to the /api/v1/malwareDetection/events path allows you to create a new malware event.
Available to: Veeam Backup Administrator, Incident API Operator.


SecurityBearer 
Request 
header Parameters
x-api-version
required
string
 Default:  1.1-rev2
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Request Body schema: application/json
required
detectionTimeUtc
required
string <date-time> 
Detection date and time, in UTC.


 
required
object (SuspiciousActivityMachineSpec) 
Machine that you want to mark with the malware event. Specify at least 2 parameters.


 
details
required
string
Event description.


 
engine
required
string
Detection engine.


 
Responses 
201
Malware event has been created.


400
Bad request. This error is related to POST/PUT requests. The request body is malformed, incomplete or otherwise invalid.


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


post/api/v1/malwareDetection/events
Request samples 
application/json
{
  • "detectionTimeUtc": "2019-08-24T14:15:22Z",
  • "machine": {
    },
  • "details": "string",
  • "engine": "string"
}
Response samples 
application/json
{
  • "data": [
    ],
  • "pagination": {
    }
}
Get Malware Event
The HTTP GET request to the /api/v1/malwareDetection/events/{id} path allows you to get a malware event that has the specified id. 
Available to: Veeam Backup Administrator, Incident API Operator.


SecurityBearer 
Request 
path Parameters
id
required
string <uuid> 
ID of the event.


 
header Parameters
x-api-version
required
string
 Default:  1.1-rev2
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Responses 
200
OK


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


404
Not found. No object was found with the path parameter specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


get/api/v1/malwareDetection/events/{id}
Request samples 
Response samples 
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "type": "Unknown",
  • "detectionTimeUtc": "2019-08-24T14:15:22Z",
  • "machine": {
    },
  • "state": "Created",
  • "details": "string",
  • "source": "Manual",
  • "severity": "Clean",
  • "createdBy": "string",
  • "engine": "string"
}