List Events

Lists all the events discovered within your enterprise on a particular device within the specified time range.

External Documentation

To learn more, visit the Chronicle documentation.

Parameters

Parameter	Description
Asset Indicator Type	The type of the asset indicator.
Asset Indicator Value	The value of the asset indicator.
Event Reference Time	Query by the time of the reference of the event.
Event Time After	Query by the time of the event.
Event Time Before	Query by the time of the event.
Page Size	The amount of alerts that will be returned every page.

Example Output

{
  "events": [
    {
      "metadata": {
        "eventTimestamp": "2019-11-18T20:36:58.069290Z",
        "collectedTimestamp": "2019-11-18T20:36:58.069290Z",
        "eventType": "NETWORK_DNS"
      },
      "principal": {
        "hostname": "enterprise.service.example.com",
        "ip": ["203.0.113.100"]
      },
      "target": {
        "ip": ["10.0.2.8"]
      },
      "network": {
        "applicationProtocol": "DNS",
        "dns": {
          "questions": [
            {
              "name": "www.altostrat.com",
              "type": 1
            }
          ],
          "answers": [
            {
              "name": "www.altostrat.com",
              "type": 1,
              "class": 1,
              "data": "203.0.113.100"
            }
          ]
        }
      }
    },
    {
      "metadata": {
        "eventTimestamp": "2019-11-18T20:36:58.069290Z",
        "collectedTimestamp": "2019-11-18T20:36:58.069290Z",
        "eventType": "NETWORK_DHCP"
      },
      "principal": {
        "ip": ["10.0.2.8"]
      },
      "target": {
        "ip": ["198.51.152"]
      },
      "network": {
        "applicationProtocol": "DHCP"
      }
    },
    {
      "metadata": {
        "eventTimestamp": "2019-11-18T20:36:58.069290Z",
        "collectedTimestamp": "2019-11-18T20:36:58.069290Z",
        "eventType": "NETWORK_HTTP"
      },
      "principal": {
        "ip": ["10.0.2.18"]
      },
      "target": {
        "hostname": "www.altostrat.com",
        "url": "http://www.altostrat.com/robots.txt"
      },
      "network": {
        "ipProtocol": "HTTP",
        "http": {
          "method": "METHOD_GET",
          "responseCode": 200
        }
      }
    }
  ]
  uri: ["https://sample.backstory.chronicle.security/assetResults?assetIdentifier=
       sample_asset&referenceTime=2019-12-18T18%3A40%3A34.965Z&selectedList=AssetViewTimeline&
       startTime=2019-12-18T17%3A20%3A35.445Z&endTime=2019-12-18T19%3A20%3A35.445Z"]
}

Workflow Library Example

List Events with Chronicle and Send Results Via Email

Preview this Workflow on desktop