Skip to main content
Lists all the events discovered within your enterprise on a particular device within the specified time range.
External DocumentationTo learn more, visit the Chronicle documentation.

Parameters

ParameterDescription
Asset Indicator TypeThe type of the asset indicator.
Asset Indicator ValueThe value of the asset indicator.
Event Reference TimeQuery by the time of the reference of the event.
Event Time AfterQuery by the time of the event.
Event Time BeforeQuery by the time of the event.
Page SizeThe amount of alerts that will be returned every page.

Example Output

{
  "events": [
    {
      "metadata": {
        "eventTimestamp": "2019-11-18T20:36:58.069290Z",
        "collectedTimestamp": "2019-11-18T20:36:58.069290Z",
        "eventType": "NETWORK_DNS"
      },
      "principal": {
        "hostname": "enterprise.service.example.com",
        "ip": ["203.0.113.100"]
      },
      "target": {
        "ip": ["10.0.2.8"]
      },
      "network": {
        "applicationProtocol": "DNS",
        "dns": {
          "questions": [
            {
              "name": "www.altostrat.com",
              "type": 1
            }
          ],
          "answers": [
            {
              "name": "www.altostrat.com",
              "type": 1,
              "class": 1,
              "data": "203.0.113.100"
            }
          ]
        }
      }
    },
    {
      "metadata": {
        "eventTimestamp": "2019-11-18T20:36:58.069290Z",
        "collectedTimestamp": "2019-11-18T20:36:58.069290Z",
        "eventType": "NETWORK_DHCP"
      },
      "principal": {
        "ip": ["10.0.2.8"]
      },
      "target": {
        "ip": ["198.51.152"]
      },
      "network": {
        "applicationProtocol": "DHCP"
      }
    },
    {
      "metadata": {
        "eventTimestamp": "2019-11-18T20:36:58.069290Z",
        "collectedTimestamp": "2019-11-18T20:36:58.069290Z",
        "eventType": "NETWORK_HTTP"
      },
      "principal": {
        "ip": ["10.0.2.18"]
      },
      "target": {
        "hostname": "www.altostrat.com",
        "url": "http://www.altostrat.com/robots.txt"
      },
      "network": {
        "ipProtocol": "HTTP",
        "http": {
          "method": "METHOD_GET",
          "responseCode": 200
        }
      }
    }
  ]
  uri: ["https://sample.backstory.chronicle.security/assetResults?assetIdentifier=
       sample_asset&referenceTime=2019-12-18T18%3A40%3A34.965Z&selectedList=AssetViewTimeline&
       startTime=2019-12-18T17%3A20%3A35.445Z&endTime=2019-12-18T19%3A20%3A35.445Z"]
}

Workflow Library Example

List Events with Chronicle and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop