Skip to main content

List Threat Identifiers

List and query threat identifiers.

Parameters

ParameterDescription
Filter CriteriaFilter Criteria by which threat identifiers will be filtered.

For example:
<br/>{<br/> "macros": ["avl_map_cloud_iam"],<br/> "content_type": ["Threat Identifier"]<br/>}<br/>
My OrganizationDetermines whether the results will include only Threat Identifiers created by your organization.
Sort CriteriaSort Criteria by which threat identifiers will be sorted.

For example:
<br/>{<br/> "sortedBy": {<br/> "modification_time:latest": "DESC"<br/> }<br/>}<br/>

Example Output

{
"facets": {
// Facets data goes here
},
"hits": {
"AVL_R10120": {
"author": "mike@anvilogic.com",
"author_efficacy": 50,
"cid": "AVL_UC6390",
"compliant": "true",
"content_sub_type": "Behavioral",
"content_type": "Threat Identifier",
"creation_time": 1637025576691,
"custom_labels": [
"aws"
],
"data_category": [
"AWS CloudTrail logs"
],
"rule_sub_domain": [
"IAM"
],
"run_status": "N/A",
"sharing_level": "all",
"tiCount": 0,
"title": "AWS CreateAccessKey (Devo)",
"tsCount": 0,
"use_case_id": "AVL_UC6390",
"use_cases": [
{
"author": "eric@anvilogic.com",
"creation_time": 1624554747375,
"has_rule": "true",
// ... other use case fields ...
}
],
}
},
"listViewCounts": {
// List view counts data goes here
},
"searchMetadata": {
"currPageResults": 28,
// ... other search metadata fields ...
}
}

Workflow Library Example

List Threat Identifiers with Anvilogic and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop