Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Initializes a search and returns events matching the search query across agents.

Basic Parameters

ParameterDescription
From DateFilter results after the given date.
QueryThe query to be created. Should be formatted in SentinelOne Query Language (S1QL). For more information, see S1QL Cheatsheet.
To DateFilter results before the given date.

Advanced Parameters

ParameterDescription
LimitLimit number of returned items (1-1000). If not specified, the default limit is 10.

Example Output

{
	"data": [
		{
			"processIntegrityLevel": "string",
			"registryPath": "string",
			"loginsBaseType": "string",
			"indicatorMetadata": "string",
			"processDisplayName": "string",
			"agentUuid": "string",
			"processUniqueKey": "string",
			"dstPort": "integer",
			"registryId": "string",
			"dnsRequest": "string",
			"agentIsActive": "boolean",
			"agentOs": "linux",
			"direction": "string",
			"oldFileSha256": "string",
			"srcPort": "integer",
			"agentVersion": "string",
			"loginsUserName": "string",
			"fileSha256": "string",
			"threatStatus": "string",
			"createdAt": "2018-02-27T04:49:26.257525Z",
			"signatureSignedInvalidReason": "string",
			"processIsWow64": "string",
			"signedStatus": "string",
			"agentName": "string",
			"taskName": "string",
			"agentIsDecommissioned": "boolean",
			"processGroupId": "string",
			"processIsRedirectedCommandProcessor": "string",
			"processStartTime": "string",
			"agentId": "string",
			"processCmd": "string",
			"processRoot": "string",
			"publisher": "string",
			"isAgentVersionFullySupportedForPgMessage": "string",
			"fileFullName": "string",
			"fileSha1": "string",
			"processUserName": "string",
			"agentGroupId": "string",
			"agentIp": "string",
			"agentNetworkStatus": "string",
			"sha1": "string",
			"oldFileName": "string",
			"taskPath": "string",
			"processImageSha1Hash": "string",
			"parentProcessGroupId": "string",
			"processSubSystem": "string",
			"processName": "string",
			"srcProcDownloadToken": "string",
			"agentDomain": "string",
			"pid": "string",
			"tid": "string",
			"networkSource": "string",
			"relatedToThreat": "string",
			"networkUrl": "string",
			"parentProcessStartTime": "string",
			"fileType": "string",
			"id": "string",
			"objectType": "string",
			"indicatorCategory": "string",
			"networkMethod": "string",
			"user": "string",
			"parentPid": "string",
			"indicatorName": "string",
			"connectionStatus": "string",
			"verifiedStatus": "string",
			"processImagePath": "string",
			"fileMd5": "string",
			"md5": "string",
			"processSessionId": "string",
			"oldFileSha1": "string",
			"parentProcessIsMalicious": "boolean",
			"forensicUrl": "string",
			"dnsResponse": "string",
			"eventType": "string",
			"fileId": "string",
			"oldFileMd5": "string",
			"parentProcessName": "string",
			"dstIp": "string",
			"processIsMalicious": "boolean",
			"indicatorDescription": "string",
			"agentInfected": "boolean",
			"trueContext": "string",
			"agentMachineType": "string",
			"sha256": "string",
			"isAgentVersionFullySupportedForPg": "boolean",
			"siteName": "string",
			"parentProcessUniqueKey": "string",
			"fileSize": "string",
			"rpid": "string",
			"srcIp": "string"
		}
	],
	"errors": [
		{
			"type": "object"
		}
	],
	"pagination": {
		"totalItems": 580,
		"nextCursor": "YWdlbnRfaWQ6NTgwMjkzODE="
	}
}

Workflow Library Example

Deep Visibility Query with Sentinelone and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop