List and query threat identifiers.

Parameters

ParameterDescription
Filter CriteriaFilter Criteria by which threat identifiers will be filtered.For example: { "macros": ["avl_map_cloud_iam"], "content_type": ["Threat Identifier"]}
My OrganizationDetermines whether the results will include only Threat Identifiers created by your organization.
Sort CriteriaSort Criteria by which threat identifiers will be sorted.For example:{ "sortedBy": { "modification_time:latest": "DESC" }}

Example Output

{
  "facets": {
    // Facets data goes here
  },
  "hits": {
    "AVL_R10120": {
      "author": "mike@anvilogic.com",
      "author_efficacy": 50,
      "cid": "AVL_UC6390",
      "compliant": "true",
      "content_sub_type": "Behavioral",
      "content_type": "Threat Identifier",
      "creation_time": 1637025576691,
      "custom_labels": [
        "aws"
      ],
      "data_category": [
        "AWS CloudTrail logs"
      ],
      "rule_sub_domain": [
        "IAM"
      ],
      "run_status": "N/A",
      "sharing_level": "all",
      "tiCount": 0,
      "title": "AWS CreateAccessKey (Devo)",
      "tsCount": 0,
      "use_case_id": "AVL_UC6390",
      "use_cases": [
        {
          "author": "eric@anvilogic.com",
          "creation_time": 1624554747375,
          "has_rule": "true",
          // ... other use case fields ...
        }
      ],
    }
  },
  "listViewCounts": {
    // List view counts data goes here
  },
  "searchMetadata": {
    "currPageResults": 28,
    // ... other search metadata fields ...
  }
}

Workflow Library Example

List Threat Identifiers with Anvilogic and Send Results Via Email

Preview this Workflow on desktop