Parameter | Description |
---|---|
Event ID | Filter by a specific process key and its children. |
Format | Exported file format. |
Threat ID | The threat ID. |
{
"threatInfo": {
"threatName": "<string>",
"identifiedAt": "<string>",
"updatedAt": "2025-01-01T15:56:21.535999Z",
"confidenceLevel": "<string>",
"mitigationStatus": "<string>",
"sha1": "<string>",
"isFileless": "<string>",
"filePath": "<string>",
"maliciousProcessArguments": "<string>",
"originatorProcess": "<string>",
"classification": "<string>",
"storyline": "<string>",
"threatId": "<string>",
"initiatedBy": "<string>",
"initiatingUsername": "<string>",
"reachedEventsLimit": "<string>"
},
"agentDetectionInfo": {
"agentComputerName": "<string>",
"agentIsDecommissioned": "<string>",
"agentUuid": "<string>",
"agentVersion": "<string>",
"assetVersion": "<string>",
"agentRegisteredAt": "<string>",
"agentIpV4": "<string>",
"agentIpV6": "<string>",
"agentDomain": "<string>",
"groupName": "<string>",
"siteName": "<string>",
"accountName": "<string>",
"agentLastLoggedInUserName": "<string>",
"agentOsName": "<string>",
"agentOsRevision": "<string>"
},
"events": {}
}
Was this page helpful?