Export data of threats (as seen in the Console > Incidents) that match the provided IDs list. This command exports only 20,000 items (each datum is an item), thus it’s highly recommended to apply the filter.

Parameters

ParameterDescription
IDsList of threats IDs.

Example Output

"Status","Threat Details","Confidence Level","Endpoints","Incident Status","Analyst Verdict","Reported Time (UTC)","Identifying Time (UTC)","Detecting Engine","Initiated By","Classification","Agent Version On Detection","Agent Version","Hash","Path","Completed Actions","Pending Actions","Reboot Required","Failed Actions","Policy At Detection","Mitigated Preemptively","External Ticket Id","Account","Site","Group","Originating Process"

"Marked as suspicious","ransomware.exe","Malicious","DESKTOP-HR2345","In Progress","True positive","Oct 15, 2024 03:27:19 PM","Oct 15, 2024 03:27:05 PM","['On-Write Static AI']","Agent Policy","Ransomware","24.1.2.145","24.1.2.145","8f5e6d9c2a1b4c7e3f9a8b7d6c5e4f3a2b1c9d8e","\Device\HarddiskVolume2\Users\jsmith\Documents\ransomware.exe","['quarantine', 'kill']",False,False,False,"protect",False,"789","50127 - GLOBEX","Security Operations - Production","Finance Department","firefox.exe"

Workflow Library Example

Export Threats with Sentinelone and Send Results Via Email

Preview this Workflow on desktop