List IoCs
Lists all the IoCs discovered within your enterprise within the specified time range.
External Documentation
To learn more, visit the Chronicle documentation.
Parameters
Parameter | Description |
---|---|
Page Size | Specify the maximum number of IoCs to return. Valid range is 1-10000. |
Start Time | Start time for your request. |
Example Output
{
matches: [{
artifact: {
domainName: "www.example.com"
},
firstSeenTime: "2018-05-25T20:47:11.048998Z",
iocIngestTime: "2019-08-14T21:00:00Z",
lastSeenTime: "2019-10-24T16:19:46.880830Z",
sources: [{
category: "Spyware Reporting Server",
confidenceScore: {
intRawConfidenceScore: 0,
normalizedConfidenceScore: "Low"
},
rawSeverity: "Medium",
source: "ET Intelligence Rep List"
}],
uri: ["https://sample.backstory.chronicle.security/assetResults?assetIdentifier=sample_asset&
referenceTime=2019-12-18T18%3A40%3A34.965Z&selectedList=AssetViewTimeline&
startTime=2019-12-18T17%3A20%3A35.445Z&endTime=2019-12-18T19%3A20%3A35.445Z"]
}],
moreDataAvailable: true
}
Workflow Library Example
List Iocs with Chronicle and Send Results Via Email
Preview this Workflow on desktop