getWafQuarantine — Retrieving a list of auto-quarantined files

As part of the backdoor and shell script mitigation policy, files determined to be malicious backdoors may be automatically quarantined to prevent malicious actions from being taken by third parties.

The getWafQuarantine method retrieves a list of auto-quarantined scripts.

The API endpoint is:

https://api.sitelock.com/v1/partner

Request format

SiteLockOnlineRequest: This element is used to delineate the full API request.
- authentication: The partner’s username, password, and branding
  - username: The partner’s API username
  - password: The partner’s API password
  - partner: (Optional) The brand name to use in messaging
- getWafQuarantine: The method name
  - site_id: The ID for which to retrieve the quarantine

Example request

<SiteLockOnlineRequest>
    <authentication>
        <user>Username</user>
        <password>Password</password>
    </authentication>
    <getWafQuarantine>
        <site_id>1234567</site_id>
    </getWafQuarantine>
</SiteLockOnlineRequest>xml

Response format

SiteLockOnlineResponse: This element is used to delineate the full API response.
- getWafQuarantine: The method name
  - items: A list of backdoor files being quarantined
    
    item: (Repeatable) A backdoor file. This element has either a single backdoor element, or a backdoors element containing multiple backdoor elements.
    
    url: [attribute] - The absolute path to the backdoor file, including the protocol
    
    backdoors: A list of backdoors found in the file
    
    backdoor: (Repeatable) The name of the backdoor being quarantined
    
    type: [attribute] - The type of the backdoor detected

Example response

<SiteLockOnlineResponse>
    <getWafQuarantine>
        <items>
            <item url="https://www.example.com/mt25652484n.php">
                <backdoor type="PHPBackdoor">r57</backdoor>
            </item>
        </items>
        <status>ok</status>
    </getWafQuarantine>
</SiteLockOnlineResponse>xml