Run An UDM Search
Run an UDM Search query and retrieve matches.
External Documentation
To learn more, visit the Chronicle documentation.
Parameters
| Parameter | Description |
|---|---|
| Limit | The maximum number of matched events to return. |
| Query | The UDM search query to run. |
| Query End Time | End time of the query. |
| Query Start Time | Start time of the query. |
Example Output
{
"events": [
{
"name": "00000000c5fd1146ce52d833659247f68b82009d000000000500000000000000",
"udm": {
"metadata": {
"eventTimestamp": "2022-09-14T00:59:59.567051Z",
"eventType": "NETWORK_CONNECTION",
"ingestedTimestamp": "2022-09-14T01:00:20.783486Z",
"id": "AAAAAMX9EUbOUtgzZZJH9ouCAJ0AAAAABQAAAAAAAAA="
},
"principal": {
"ip": [
"10.9.8.7"
],
},
"target": {
"ip": [
"74.125.197.190"
],
"port": 443
}
}
},
{
"name": "000000000f8e8dc25f873448a3b51ed3e81af0d900000000050000001c000000",
"udm": {
"metadata": {
"eventTimestamp": "2022-09-14T00:59:59.567051Z",
"eventType": "NETWORK_CONNECTION",
"ingestedTimestamp": "2022-09-14T01:00:20.071428Z",
"id": "AAAAAA+OjcJfhzRIo7Ue0+ga8NkAAAAABQAAABwAAAA="
},
"principal": {
"ip": [
"10.9.8.7"
]
},
"target": {
"ip": [
"74.125.135.103"
],
"port": 443
}
}
}
]
}
Workflow Library Example
Run an Udm Search with Chronicle and Send Results Via Email
Preview this Workflow on desktop