Export threat events in CSV or JSON format.

Parameters

ParameterDescription
Event IDFilter by a specific process key and its children.
FormatExported file format.
Threat IDThe threat ID.

Example Output

{
	"threatInfo": {
		"threatName": "<string>",
		"identifiedAt": "<string>",
		"updatedAt": "<string>",
		"confidenceLevel": "<string>",
		"mitigationStatus": "<string>",
		"sha1": "<string>",
		"isFileless": "<string>",
		"filePath": "<string>",
		"maliciousProcessArguments": "<string>",
		"originatorProcess": "<string>",
		"classification": "<string>",
		"storyline": "<string>",
		"threatId": "<string>",
		"initiatedBy": "<string>",
		"initiatingUsername": "<string>",
		"reachedEventsLimit": "<string>"
	},
	"agentDetectionInfo": {
		"agentComputerName": "<string>",
		"agentIsDecommissioned": "<string>",
		"agentUuid": "<string>",
		"agentVersion": "<string>",
		"assetVersion": "<string>",
		"agentRegisteredAt": "<string>",
		"agentIpV4": "<string>",
		"agentIpV6": "<string>",
		"agentDomain": "<string>",
		"groupName": "<string>",
		"siteName": "<string>",
		"accountName": "<string>",
		"agentLastLoggedInUserName": "<string>",
		"agentOsName": "<string>",
		"agentOsRevision": "<string>"
	},
	"events": {}
}

Workflow Library Example

Export Events with Sentinelone and Send Results Via Email

Preview this Workflow on desktop