Skip to main content

List IoCs

Lists all the IoCs discovered within your enterprise within the specified time range.

External Documentation

To learn more, visit the Chronicle documentation.

Parameters

ParameterDescription
Page SizeSpecify the maximum number of IoCs to return. Valid range is 1-10000.
Start TimeStart time for your request.

Example Output

{
matches: [{
artifact: {
domainName: "www.example.com"
},
firstSeenTime: "2018-05-25T20:47:11.048998Z",
iocIngestTime: "2019-08-14T21:00:00Z",
lastSeenTime: "2019-10-24T16:19:46.880830Z",
sources: [{
category: "Spyware Reporting Server",
confidenceScore: {
intRawConfidenceScore: 0,
normalizedConfidenceScore: "Low"
},
rawSeverity: "Medium",
source: "ET Intelligence Rep List"
}],
uri: ["https://sample.backstory.chronicle.security/assetResults?assetIdentifier=sample_asset&
referenceTime=2019-12-18T18%3A40%3A34.965Z&selectedList=AssetViewTimeline&
startTime=2019-12-18T17%3A20%3A35.445Z&endTime=2019-12-18T19%3A20%3A35.445Z"]
}],
moreDataAvailable: true
}

Workflow Library Example

List Iocs with Chronicle and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop