List IoCs

Lists all the IoCs discovered within your enterprise within the specified time range.

External Documentation

To learn more, visit the Chronicle documentation.

Parameters

Parameter	Description
Page Size	Specify the maximum number of IoCs to return. Valid range is 1-10000.
Start Time	Start time for your request.

Example Output

{
  matches: [{
    artifact: {
      domainName: "www.example.com"
     },
    firstSeenTime: "2018-05-25T20:47:11.048998Z",
    iocIngestTime: "2019-08-14T21:00:00Z",
    lastSeenTime:  "2019-10-24T16:19:46.880830Z",
    sources: [{
      category: "Spyware Reporting Server",
      confidenceScore: {
          intRawConfidenceScore: 0,
          normalizedConfidenceScore: "Low"
      },
      rawSeverity: "Medium",
      source: "ET Intelligence Rep List"
      }],
      uri: ["https://sample.backstory.chronicle.security/assetResults?assetIdentifier=sample_asset&
      referenceTime=2019-12-18T18%3A40%3A34.965Z&selectedList=AssetViewTimeline&
      startTime=2019-12-18T17%3A20%3A35.445Z&endTime=2019-12-18T19%3A20%3A35.445Z"]
  }],
  moreDataAvailable: true
}

Workflow Library Example

List Iocs with Chronicle and Send Results Via Email

Preview this Workflow on desktop

List IoCs

Parameters​

Example Output​

Workflow Library Example​

Parameters

Example Output

Workflow Library Example