Skip to main content
Lists all the IoCs discovered within your enterprise within the specified time range.
External DocumentationTo learn more, visit the Chronicle documentation.

Parameters

ParameterDescription
Page SizeSpecify the maximum number of IoCs to return. Valid range is 1-10000.
Start TimeStart time for your request.

Example Output

{
  matches: [{
    artifact: {
      domainName: "www.example.com"
     },
    firstSeenTime: "2018-05-25T20:47:11.048998Z",
    iocIngestTime: "2019-08-14T21:00:00Z",
    lastSeenTime:  "2019-10-24T16:19:46.880830Z",
    sources: [{
      category: "Spyware Reporting Server",
      confidenceScore: {
          intRawConfidenceScore: 0,
          normalizedConfidenceScore: "Low"
      },
      rawSeverity: "Medium",
      source: "ET Intelligence Rep List"
      }],
      uri: ["https://sample.backstory.chronicle.security/assetResults?assetIdentifier=sample_asset&
      referenceTime=2019-12-18T18%3A40%3A34.965Z&selectedList=AssetViewTimeline&
      startTime=2019-12-18T17%3A20%3A35.445Z&endTime=2019-12-18T19%3A20%3A35.445Z"]
  }],
  moreDataAvailable: true
}

Workflow Library Example

List Iocs with Chronicle and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop
I