Documentation Index
Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
Use this file to discover all available pages before exploring further.
Export threat events in CSV or JSON format.
Parameters
| Parameter | Description |
|---|
| Event ID | Filter by a specific process key and its children. |
| Format | Exported file format. |
| Threat ID | The threat ID. |
Example Output
{
"threatInfo": {
"threatName": "<string>",
"identifiedAt": "<string>",
"updatedAt": "2025-01-01T15:56:21.535999Z",
"confidenceLevel": "<string>",
"mitigationStatus": "<string>",
"sha1": "<string>",
"isFileless": "<string>",
"filePath": "<string>",
"maliciousProcessArguments": "<string>",
"originatorProcess": "<string>",
"classification": "<string>",
"storyline": "<string>",
"threatId": "<string>",
"initiatedBy": "<string>",
"initiatingUsername": "<string>",
"reachedEventsLimit": "<string>"
},
"agentDetectionInfo": {
"agentComputerName": "<string>",
"agentIsDecommissioned": "<string>",
"agentUuid": "<string>",
"agentVersion": "<string>",
"assetVersion": "<string>",
"agentRegisteredAt": "<string>",
"agentIpV4": "<string>",
"agentIpV6": "<string>",
"agentDomain": "<string>",
"groupName": "<string>",
"siteName": "<string>",
"accountName": "<string>",
"agentLastLoggedInUserName": "<string>",
"agentOsName": "<string>",
"agentOsRevision": "<string>"
},
"events": {}
}
Workflow Library Example
Export Events with Sentinelone and Send Results Via Email
