Hi folks,
I was trying to implement this mechanism in my integration:
https://support.symantec.com/en_US/article.TECH239975.html
(Endpoint Protection 14 REST API support for deleting or fetching a file based on hash value)
Unfortunately got into dead end, maybe you can give a tip how to move further. Hers what I did:
I use postman for API tests. I'm able to authentincate /api/v1/identity/authenticate , I get a token back. Next step is to order SEPM to go to endpoing and grab the file using:
/api/v1/command-queue/files?file_path=c:\windows\notepad.exe&computer_ids=C[...CUT...]3&sha256=933E1778B2760B3A9194C2799D7B76052895959C3CAEDEFB4E9D764CBB6AD3B5
all I get as a return is a command_ID. Great. After some time I can see that command was executed successfully in the SEMP console. Now I would like to download the file (eg. for further analysis), but according to article for that I need a file_ID - /api/v1/command-queue/file/{file_id}/content
The question is... where to get file_id?
Did anyone actually successfully implemented the mechanism from the article?