Get a list of forensic events. Required scope:Documentation Index
Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
Use this file to discover all available pages before exploring further.
investigation-workbench:read
Parameters
| Parameter | Description |
|---|---|
| Company ID | The Mitiga client company ID. Required when acting on behalf of another company. |
| End Time | The end time to filter results to. |
| Entity | The forensic entity ID to filter results by. |
| Entity Comparison Type | The search operator for the Entity filter. Defaults to EqualsCaseInsensitive. |
| Entity Type | The type of entity to filter results by. |
| Event Type | A comma-separated list of forensic event types to filter results by. |
| IP Address | A comma-separated list of IPv4, IPv6, or hostnames to filter forensic events by. |
| Importance | A comma-separated list of importance levels to filter forensic events by. |
| Include Beta Events | Select to include beta events in the results. |
| Is Published | Select to filter forensic events by whether they are published. |
| Platforms | A comma-separated list of platforms to filter by. For example: AWS, M365, AzureAD, GCP, Okta, Github, and more. |
| Start Time | The start time to filter results from. |
| Status | A comma-separated list of forensic event statuses to filter results by. |
| Suppression Status | Select the suppression status to filter forensic events by. Defaults to Retained (non-suppressed) events only. |
| Verdict | A comma-separated list of verdicts to filter forensic events by. |
Workflow Library Example
List Forensic Events with Mitiga and Send Results Via Email