List Threat Identifiers
List and query threat identifiers.
Parameters
| Parameter | Description |
|---|---|
| Filter Criteria | Filter Criteria by which threat identifiers will be filtered. For example: <br/>{<br/> "macros": ["avl_map_cloud_iam"],<br/> "content_type": ["Threat Identifier"]<br/>}<br/> |
| My Organization | Determines whether the results will include only Threat Identifiers created by your organization. |
| Sort Criteria | Sort Criteria by which threat identifiers will be sorted. For example: <br/>{<br/> "sortedBy": {<br/> "modification_time:latest": "DESC"<br/> }<br/>}<br/> |
Example Output
{
"facets": {
// Facets data goes here
},
"hits": {
"AVL_R10120": {
"author": "mike@anvilogic.com",
"author_efficacy": 50,
"cid": "AVL_UC6390",
"compliant": "true",
"content_sub_type": "Behavioral",
"content_type": "Threat Identifier",
"creation_time": 1637025576691,
"custom_labels": [
"aws"
],
"data_category": [
"AWS CloudTrail logs"
],
"rule_sub_domain": [
"IAM"
],
"run_status": "N/A",
"sharing_level": "all",
"tiCount": 0,
"title": "AWS CreateAccessKey (Devo)",
"tsCount": 0,
"use_case_id": "AVL_UC6390",
"use_cases": [
{
"author": "eric@anvilogic.com",
"creation_time": 1624554747375,
"has_rule": "true",
// ... other use case fields ...
}
],
}
},
"listViewCounts": {
// List view counts data goes here
},
"searchMetadata": {
"currPageResults": 28,
// ... other search metadata fields ...
}
}
Workflow Library Example
List Threat Identifiers with Anvilogic and Send Results Via Email
Preview this Workflow on desktop