List Events

Lists all the events discovered within your enterprise on a particular device within the specified time range.

External Documentation

To learn more, visit the Chronicle documentation.

Parameters

Parameter	Description
Asset Indicator Type	The type of the asset indicator.
Asset Indicator Value	The value of the asset indicator.
Event Reference Time	Query by the time of the reference of the event.
Event Time After	Query by the time of the event.
Event Time Before	Query by the time of the event.
Page Size	The amount of alerts that will be returned every page.

Example Output

{
  "events": [
    {
      "metadata": {
        "eventTimestamp": "2019-11-18T20:36:58.069290Z",
        "collectedTimestamp": "2019-11-18T20:36:58.069290Z",
        "eventType": "NETWORK_DNS"
      },
      "principal": {
        "hostname": "enterprise.service.example.com",
        "ip": ["203.0.113.100"]
      },
      "target": {
        "ip": ["10.0.2.8"]
      },
      "network": {
        "applicationProtocol": "DNS",
        "dns": {
          "questions": [
            {
              "name": "www.altostrat.com",
              "type": 1
            }
          ],
          "answers": [
            {
              "name": "www.altostrat.com",
              "type": 1,
              "class": 1,
              "data": "203.0.113.100"
            }
          ]
        }
      }
    },
    {
      "metadata": {
        "eventTimestamp": "2019-11-18T20:36:58.069290Z",
        "collectedTimestamp": "2019-11-18T20:36:58.069290Z",
        "eventType": "NETWORK_DHCP"
      },
      "principal": {
        "ip": ["10.0.2.8"]
      },
      "target": {
        "ip": ["198.51.152"]
      },
      "network": {
        "applicationProtocol": "DHCP"
      }
    },
    {
      "metadata": {
        "eventTimestamp": "2019-11-18T20:36:58.069290Z",
        "collectedTimestamp": "2019-11-18T20:36:58.069290Z",
        "eventType": "NETWORK_HTTP"
      },
      "principal": {
        "ip": ["10.0.2.18"]
      },
      "target": {
        "hostname": "www.altostrat.com",
        "url": "http://www.altostrat.com/robots.txt"
      },
      "network": {
        "ipProtocol": "HTTP",
        "http": {
          "method": "METHOD_GET",
          "responseCode": 200
        }
      }
    }
  ]
  uri: ["https://sample.backstory.chronicle.security/assetResults?assetIdentifier=
       sample_asset&referenceTime=2019-12-18T18%3A40%3A34.965Z&selectedList=AssetViewTimeline&
       startTime=2019-12-18T17%3A20%3A35.445Z&endTime=2019-12-18T19%3A20%3A35.445Z"]
}

Workflow Library Example

List Events with Chronicle and Send Results Via Email

Preview this Workflow on desktop

On this page

Parameters
Example Output
Workflow Library Example

Lists all the events discovered within your enterprise on a particular device within the specified time range.

External Documentation

To learn more, visit the Chronicle documentation.

Parameters

Parameter	Description
Asset Indicator Type	The type of the asset indicator.
Asset Indicator Value	The value of the asset indicator.
Event Reference Time	Query by the time of the reference of the event.
Event Time After	Query by the time of the event.
Event Time Before	Query by the time of the event.
Page Size	The amount of alerts that will be returned every page.

Example Output

{
  "events": [
    {
      "metadata": {
        "eventTimestamp": "2019-11-18T20:36:58.069290Z",
        "collectedTimestamp": "2019-11-18T20:36:58.069290Z",
        "eventType": "NETWORK_DNS"
      },
      "principal": {
        "hostname": "enterprise.service.example.com",
        "ip": ["203.0.113.100"]
      },
      "target": {
        "ip": ["10.0.2.8"]
      },
      "network": {
        "applicationProtocol": "DNS",
        "dns": {
          "questions": [
            {
              "name": "www.altostrat.com",
              "type": 1
            }
          ],
          "answers": [
            {
              "name": "www.altostrat.com",
              "type": 1,
              "class": 1,
              "data": "203.0.113.100"
            }
          ]
        }
      }
    },
    {
      "metadata": {
        "eventTimestamp": "2019-11-18T20:36:58.069290Z",
        "collectedTimestamp": "2019-11-18T20:36:58.069290Z",
        "eventType": "NETWORK_DHCP"
      },
      "principal": {
        "ip": ["10.0.2.8"]
      },
      "target": {
        "ip": ["198.51.152"]
      },
      "network": {
        "applicationProtocol": "DHCP"
      }
    },
    {
      "metadata": {
        "eventTimestamp": "2019-11-18T20:36:58.069290Z",
        "collectedTimestamp": "2019-11-18T20:36:58.069290Z",
        "eventType": "NETWORK_HTTP"
      },
      "principal": {
        "ip": ["10.0.2.18"]
      },
      "target": {
        "hostname": "www.altostrat.com",
        "url": "http://www.altostrat.com/robots.txt"
      },
      "network": {
        "ipProtocol": "HTTP",
        "http": {
          "method": "METHOD_GET",
          "responseCode": 200
        }
      }
    }
  ]
  uri: ["https://sample.backstory.chronicle.security/assetResults?assetIdentifier=
       sample_asset&referenceTime=2019-12-18T18%3A40%3A34.965Z&selectedList=AssetViewTimeline&
       startTime=2019-12-18T17%3A20%3A35.445Z&endTime=2019-12-18T19%3A20%3A35.445Z"]
}

Workflow Library Example

List Events with Chronicle and Send Results Via Email

Preview this Workflow on desktop

On this page

Parameters
Example Output
Workflow Library Example

Parameters

Example Output

Workflow Library Example

Case Management

Automated Case Management

Case Management Dashboard

Case Management Interface

Triggers & Actions

Case Management Settings

List Events

Parameters

Example Output

Workflow Library Example

​Parameters

​Example Output

​Workflow Library Example

Case Management

Automated Case Management

Case Management Dashboard

Case Management Interface

Triggers & Actions

Case Management Settings

​Parameters

​Example Output

​Workflow Library Example

Parameters

Example Output

Workflow Library Example

Parameters

Example Output

Workflow Library Example