Skip to main content
Get a list of threats.
External DocumentationTo learn more, visit the Abnormal documentation.

Basic Parameters

ParameterDescription
Attack TypeFilters threats based on the type of attack.
FilterA filter key must be specified and value must be of the format filter={FILTER KEY} gte YYYY-MM-DDTHH:MM:SSZ lte YYYY-MM-DDTHH:MM:SSZ.

Note: At least 1 of gte/lte must be specified.

For example: receivedTime gte 2020-01-01T01:01:01Z lte 2021-12-01T01:01:01Z
RecipientFilters threats based on the name or email address of the recipient.
SenderFilters threats based on the name or email address of the sender.
SourceFilters threats based on the source of detection.
SubjectFilters threats based on the email subject.
TopicFilters threats based on the topic of email contents.

Advanced Parameters

ParameterDescription
Attack StrategyFilters threats based on the attack strategy.
Impersonated PartyFilters threats based on the impersonated party.
Page NumberThe first page to start getting results from.
Page SizeNumber of threats on each page.

Example Output

{
	"total": 0,
	"threats": [
		{
			"threatId": "<string>"
		}
	],
	"pageNumber": 1
}

Workflow Library Example

List Threats with Abnormal and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop