Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Retrieve a list of offenses currently in the system.
External DocumentationTo learn more, visit the QRadar documentation.

Parameters

ParameterDescription
FieldsUse this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
FilterThis parameter is used to restrict the elements in a list base on the contents of various fields.
LimitThe amount of items to be returned. The default is 1000.

Example Output

[
	{
		"last_persisted_time": 1759366954361,
		"username_count": 1,
		"description": "<string>",
		"rules": [
			{
				"id": 31496,
				"type": "<string>"
			},
			{
				"id": 105308,
				"type": "<string>"
			}
		],
		"event_count": 9,
		"flow_count": 2,
		"assigned_to": null,
		"security_category_count": 4,
		"follow_up": false,
		"source_address_ids": [
			3052
		],
		"source_count": 2,
		"inactive": false,
		"protected": false,
		"closing_user": null,
		"destination_networks": [
			"<string>"
		],
		"source_network": "<string>",
		"category_count": 6,
		"close_time": null,
		"remote_destination_count": 2,
		"start_time": 61675019991,
		"magnitude": 0,
		"last_updated_time": 1522199112291,
		"credibility": 4,
		"id": 3454,
		"categories": [
			"<string>",
			"<string>"
		],
		"severity": 8,
		"policy_category_count": 1,
		"log_sources": [
			{
				"type_name": "<string>",
				"type_id": 7450,
				"name": "<string>",
				"id": 196
			},
			{
				"type_name": "<string>",
				"type_id": 36,
				"name": "<string>",
				"id": 57
			}
		],
		"closing_reason_id": null,
		"device_count": 3,
		"first_persisted_time": 594230603242,
		"offense_type": 0,
		"relevance": 2,
		"domain_id": 2,
		"offense_source": "<string>",
		"local_destination_address_ids": [
			261
		],
		"local_destination_count": 2,
		"status": "<string>"
	},
	{
		"last_persisted_time": 2794834496455,
		"username_count": 2,
		"description": "<string>",
		"rules": [
			{
				"id": 221100,
				"type": "<string>"
			}
		],
		"event_count": 7,
		"flow_count": 1,
		"assigned_to": null,
		"security_category_count": 1,
		"follow_up": false,
		"source_address_ids": [
			25807
		],
		"source_count": 1,
		"inactive": false,
		"protected": false,
		"closing_user": null,
		"destination_networks": [
			"<string>",
			"<string>"
		],
		"source_network": "<string>",
		"category_count": 3,
		"close_time": null,
		"remote_destination_count": 0,
		"start_time": 299247450809,
		"magnitude": 5,
		"last_updated_time": 1967953122980,
		"credibility": 4,
		"id": 28316,
		"categories": [
			"<string>",
			"<string>"
		],
		"severity": 1,
		"policy_category_count": 2,
		"log_sources": [
			{
				"type_name": "<string>",
				"type_id": 53,
				"name": "<string>",
				"id": 1100
			},
			{
				"type_name": "<string>",
				"type_id": 7,
				"name": "<string>",
				"id": 98
			}
		],
		"closing_reason_id": null,
		"device_count": 2,
		"first_persisted_time": 280236988039,
		"offense_type": 1,
		"relevance": 7,
		"domain_id": 0,
		"offense_source": "<string>",
		"local_destination_address_ids": [
			30064
		],
		"local_destination_count": 1,
		"status": "<string>"
	}
]

Workflow Library Example

List Offenses with Qradar and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop