Run An UDM Search - Blink Documentation

Run an UDM Search query and retrieve matches.

External DocumentationTo learn more, visit the Chronicle documentation.

Parameters

Parameter	Description
Limit	The maximum number of matched events to return.
Query	The UDM search query to run.
Query End Time	End time of the query.
Query Start Time	Start time of the query.

Example Output

{
  "events": [
    {
      "name": "00000000c5fd1146ce52d833659247f68b82009d000000000500000000000000",
      "udm": {
        "metadata": {
          "eventTimestamp": "2022-09-14T00:59:59.567051Z",
          "eventType": "NETWORK_CONNECTION",
          "ingestedTimestamp": "2022-09-14T01:00:20.783486Z",
          "id": "AAAAAMX9EUbOUtgzZZJH9ouCAJ0AAAAABQAAAAAAAAA="
        },
        "principal": {
          "ip": [
            "10.9.8.7"
          ],
        },
        "target": {
          "ip": [
            "74.125.197.190"
          ],
          "port": 443
        }
      }
    },
    {
      "name": "000000000f8e8dc25f873448a3b51ed3e81af0d900000000050000001c000000",
      "udm": {
        "metadata": {
          "eventTimestamp": "2022-09-14T00:59:59.567051Z",
          "eventType": "NETWORK_CONNECTION",
          "ingestedTimestamp": "2022-09-14T01:00:20.071428Z",
          "id": "AAAAAA+OjcJfhzRIo7Ue0+ga8NkAAAAABQAAABwAAAA="
        },
        "principal": {
          "ip": [
            "10.9.8.7"
          ]
        },
        "target": {
          "ip": [
            "74.125.135.103"
          ],
          "port": 443
        }
      }
    }
  ]
}

Workflow Library Example

Run an Udm Search with Chronicle and Send Results Via Email

Preview this Workflow on desktop

Integrations

​Parameters

​Example Output

​Workflow Library Example

Parameters

Example Output

Workflow Library Example