Anzenna Public API
  1. data exfiltration
Anzenna Public API
  • data exfiltration
    • List file movement activities
      POST
    • Get file movement activity by id
      GET
    • List git events
      POST
    • Get a specific git event by id
      GET
    • List git repositories
      POST
    • Get a specific git repository
      GET
    • List files used with data exfiltration.
      POST
    • Get a specific data exfiltration file
      GET
    • Query database exfiltration events
      POST
  • api key
    • Get API key information
      GET
  • login events
    • List login events
      POST
    • Get a login event by ID
      GET
  • browser applications
    • Query all browser applications
      POST
    • List browser application instances
      POST
  • browser application instances
    • Get an browser application by id
      GET
    • Get a browser application by id
      GET
  • browser history
    • List browser history entries
      POST
  • data sharing
    • Query database share grants
      POST
    • Query database share user additions
      POST
    • List file sharing instances
      POST
    • List documents
      POST
    • Get document by id
      GET
  • devices
    • List devices
    • Get a device
    • Get a device
  • device policies
    • List device policies
    • Get a device policy
    • Get a device policy
  • device applications
    • List device applications
    • Get a device application
    • Get a device application
  • device infections
    • List device infections
    • Get a device infection
    • Get a device infection
  • ide applications
    • List IDE applications
    • Get an IDE application
    • Get an IDE application
  • ide application instances
    • Query IDE application instances.
  • mcp servers
    • List MCP servers
    • Get an MCP server
    • Get an MCP server
  • mcp server instances
    • Query MCP server installations
  • device application instances
    • Query device application instances.
  • mfa
    • Query all mfa statuses
  • oauth applications
    • Query all OAuth applications
    • Get an OAuth application by id
    • Get an OAuth application by id
  • oauth application instances
    • Query all OAuth application instances
  • passwords
    • Query all password reuse instances
  • people
    • Query all people
    • Get a person by id
    • Get a person by id
    • Add a category to multiple people
    • Remove a category from multiple people
  • account
    • List accounts
    • Get an account by id
    • Get an account by id
  • phishing interactions
    • Query all phishing interactions
  • company wide risk trends
    • Get company risk trends
  • high risk organizations
    • Get number of high risk organizations
  • detections
    • Get key finding detections
    • Get detection details
    • Get detection details
    • List users associated with a given detection
    • List users associated with a given detection
  • shadow it
    • Query all Shadow IT instances
  • advanced query
    • Execute an advanced query
  • events
    • List security events
  • sources
    • Query raw events
  • allowlist
    • Query all allowlists
    • Create a new allowlist
    • Update an allowlist
    • Delete an allowlist
  1. data exfiltration

List files used with data exfiltration.

POST
/data-exfiltration/files
List files used with data exfiltration.
This cannot be used to list files seen in data sharing.

Request

Authorization
Bearer Token
Provide your bearer token in the
Authorization
header when making requests to protected resources.
Example:
Authorization: Bearer ********************
or
Body Params application/jsonRequired

Examples

Responses

🟢200
application/json
Successful operation
Body

🟠401
🟠403
Request Request Example
Shell
JavaScript
Java
Swift
curl --location --request POST '/data-exfiltration/files' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "query": "name='\''WINPC-4291'\'' AND status IN ('\''active'\'', '\''pending'\'')",
    "distinct_count": "string",
    "sort": "name desc, id",
    "limit": 10,
    "offset": 0,
    "include_total_count": true
}'
Response Response Example
{
    "pagination": {
        "count": 0,
        "total_count": 1000
    },
    "distinct_values": [
        {
            "value": null,
            "count": 0
        }
    ],
    "items": [
        {
            "id": "string",
            "name": "string",
            "checksum": "string",
            "size": 0,
            "scp_upload_count": 5,
            "scp_download_count": 5,
            "upload_count": 0,
            "download_count": 0,
            "rsync_download_count": 0,
            "rsync_upload_count": 0,
            "usb_upload_count": 0,
            "ai_classification": "file_name_binary",
            "file_extension": "string",
            "risk_factors": [
                {
                    "type": "sensitive_file",
                    "magnitude": 40
                }
            ],
            "allowlisted": true
        }
    ]
}
Modified at 2026-02-10 23:10:01
Previous
Get a specific git repository
Next
Get a specific data exfiltration file
Built with