Deep Visibility Query
Initializes a search and returns events matching the search query across agents.
Basic Parameters
| Parameter | Description |
|---|---|
| From Date | Filter results after the given date. |
| Query | The query to be created. Should be formatted in SentinelOne Query Language (S1QL). For more information, see S1QL Cheatsheet. |
| To Date | Filter results before the given date. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Limit | Limit number of returned items (1-1000). If not specified, the default limit is 10. |
Example Output
{
"data": [
{
"processIntegrityLevel": "string",
"registryPath": "string",
"loginsBaseType": "string",
"indicatorMetadata": "string",
"processDisplayName": "string",
"agentUuid": "string",
"processUniqueKey": "string",
"dstPort": "integer",
"registryId": "string",
"dnsRequest": "string",
"agentIsActive": "boolean",
"agentOs": "linux",
"direction": "string",
"oldFileSha256": "string",
"srcPort": "integer",
"agentVersion": "string",
"loginsUserName": "string",
"fileSha256": "string",
"threatStatus": "string",
"createdAt": "2018-02-27T04:49:26.257525Z",
"signatureSignedInvalidReason": "string",
"processIsWow64": "string",
"signedStatus": "string",
"agentName": "string",
"taskName": "string",
"agentIsDecommissioned": "boolean",
"processGroupId": "string",
"processIsRedirectedCommandProcessor": "string",
"processStartTime": "string",
"agentId": "string",
"processCmd": "string",
"processRoot": "string",
"publisher": "string",
"isAgentVersionFullySupportedForPgMessage": "string",
"fileFullName": "string",
"fileSha1": "string",
"processUserName": "string",
"agentGroupId": "string",
"agentIp": "string",
"agentNetworkStatus": "string",
"sha1": "string",
"oldFileName": "string",
"taskPath": "string",
"processImageSha1Hash": "string",
"parentProcessGroupId": "string",
"processSubSystem": "string",
"processName": "string",
"srcProcDownloadToken": "string",
"agentDomain": "string",
"pid": "string",
"tid": "string",
"networkSource": "string",
"relatedToThreat": "string",
"networkUrl": "string",
"parentProcessStartTime": "string",
"fileType": "string",
"id": "string",
"objectType": "string",
"indicatorCategory": "string",
"networkMethod": "string",
"user": "string",
"parentPid": "string",
"indicatorName": "string",
"connectionStatus": "string",
"verifiedStatus": "string",
"processImagePath": "string",
"fileMd5": "string",
"md5": "string",
"processSessionId": "string",
"oldFileSha1": "string",
"parentProcessIsMalicious": "boolean",
"forensicUrl": "string",
"dnsResponse": "string",
"eventType": "string",
"fileId": "string",
"oldFileMd5": "string",
"parentProcessName": "string",
"dstIp": "string",
"processIsMalicious": "boolean",
"indicatorDescription": "string",
"agentInfected": "boolean",
"trueContext": "string",
"agentMachineType": "string",
"sha256": "string",
"isAgentVersionFullySupportedForPg": "boolean",
"siteName": "string",
"parentProcessUniqueKey": "string",
"fileSize": "string",
"rpid": "string",
"srcIp": "string"
}
],
"errors": [
{
"type": "object"
}
],
"pagination": {
"totalItems": 580,
"nextCursor": "YWdlbnRfaWQ6NTgwMjkzODE="
}
}
Workflow Library Example
Deep Visibility Query with Sentinelone and Send Results Via Email
Preview this Workflow on desktop