Parameter | Description |
---|---|
Alert IDs | Filter by a list of alert IDs. |
Analyst Verdict | Filter alerts by an analyst verdict. Options: FALSE_POSITIVE SUSPICIOUS TRUE_POSITIVE UNDEFINED |
Count Only | If true, only total number of items will be returned, without any of the actual objects. |
Created After | Created after a specified timestamp. |
Created Before | Created before a specified timestamp. |
Cursor | Cursor position returned by the last request. Use to iterate over more than 1000 items. Example: “YWdlbnRfaWQ6NTgwMjkzODE=”. |
Incident Status | Filter alerts by a incident status. Options: IN_PROGRESS RESOLVED UNRESOLVED |
Limit | Limit number of returned items (1-1000). Example: 10. |
Return All Pages | Automatically fetch all resources, page by page. |
Sort By | The column to sort the results by. |
Parameter | Description |
---|---|
Account IDs | List of account IDs to filter by. Example: 225494730938493804,225494730938493915. |
{
"data": [
{
"agentDetectionInfo": {
"accountId": "<string>",
"machineType": "<string>",
"name": "<string>",
"osFamily": "<string>",
"osName": "<string>",
"osRevision": "<string>",
"siteId": "<string>",
"uuid": "<string>",
"version": "<string>"
},
"agentRealtimeInfo": {
"id": "<string>",
"infected": false,
"isActive": false,
"isDecommissioned": true,
"machineType": "<string>",
"name": "<string>",
"os": "<string>",
"uuid": "<string>"
},
"alertInfo": {
"alertId": "<string>",
"analystVerdict": "<string>",
"createdAt": "2025-01-01T15:56:21.535999Z",
"dnsRequest": null,
"dnsResponse": null,
"dstIp": null,
"dstPort": null,
"dvEventId": "<string>",
"eventType": "<string>",
"hitType": "<string>",
"incidentStatus": "<string>",
"indicatorCategory": null,
"indicatorDescription": null,
"indicatorName": null,
"isEdr": true,
"loginAccountDomain": "<string>",
"loginAccountSid": "<string>",
"loginIsAdministratorEquivalent": "<string>",
"loginIsSuccessful": "<string>",
"loginType": "<string>",
"loginsUserName": "<string>",
"modulePath": null,
"moduleSha1": null,
"netEventDirection": null,
"registryKeyPath": null,
"registryOldValue": null,
"registryOldValueType": null,
"registryPath": null,
"registryValue": null,
"reportedAt": "2025-01-01T15:56:21.535999Z",
"source": "<string>",
"srcIp": null,
"srcMachineIp": "<string>",
"srcPort": null,
"tiIndicatorComparisonMethod": null,
"tiIndicatorSource": null,
"tiIndicatorType": null,
"tiIndicatorValue": null,
"updatedAt": "2025-01-01T15:56:21.535999Z",
},
"containerInfo": {
"id": null,
"image": null,
"labels": null,
"name": null
},
"kubernetesInfo": {
"cluster": null,
"controllerKind": null,
"controllerLabels": null,
"controllerName": null,
"namespace": null,
"namespaceLabels": null,
"node": null,
"pod": null,
"podLabels": null
},
"ruleInfo": {
"description": null,
"id": "<string>",
"name": "<string>",
"queryLang": "<string>",
"queryType": "<string>",
"s1ql": "<string>",
"scopeLevel": "<string>",
"severity": "<string>",
"treatAsThreat": "<string>"
},
"sourceParentProcessInfo": {
"commandline": "<string>",
"effectiveUser": null,
"fileHashMd5": "<string>",
"fileHashSha1": "<string>",
"fileHashSha256": "<string>",
"filePath": "<string>",
"fileSignerIdentity": "<string>",
"integrityLevel": "<string>",
"loginUser": null,
"name": "<string>",
"pid": "<string>",
"pidStarttime": "2025-04-17T01:15:48.111000Z",
"realUser": null,
"storyline": "<string>",
"subsystem": "<string>",
"uniqueId": "<string>",
"user": "<string>"
},
"sourceProcessInfo": {
"commandline": "<string>",
"effectiveUser": null,
"fileHashMd5": "<string>",
"fileHashSha1": "<string>",
"fileHashSha256": "<string>",
"filePath": "<string>",
"fileSignerIdentity": "<string>",
"integrityLevel": "<string>",
"loginUser": null,
"name": "<string>",
"pid": "<string>",
"pidStarttime": "2025-04-17T01:15:48.111000Z",
"realUser": null,
"storyline": "<string>",
"subsystem": "<string>",
"uniqueId": "<string>",
"user": "<string>"
},
"targetProcessInfo": {
"tgtFileCreatedAt": "2025-01-01T15:56:21.535999Z",
"tgtFileHashSha1": null,
"tgtFileHashSha256": null,
"tgtFileId": null,
"tgtFileIsSigned": "<string>",
"tgtFileModifiedAt": "2025-01-01T15:56:21.535999Z",
"tgtFileOldPath": null,
"tgtFilePath": null,
"tgtProcCmdLine": null,
"tgtProcImagePath": null,
"tgtProcIntegrityLevel": "<string>",
"tgtProcName": null,
"tgtProcPid": null,
"tgtProcSignedStatus": null,
"tgtProcStorylineId": null,
"tgtProcUid": null,
"tgtProcessStartTime": "2025-04-17T01:15:48.111000Z"
}
},
{
"agentDetectionInfo": {
"accountId": "<string>",
"machineType": "<string>",
"name": "<string>",
"osFamily": "<string>",
"osName": "<string>",
"osRevision": "<string>",
"siteId": "<string>",
"uuid": "<string>",
"version": "<string>"
},
"agentRealtimeInfo": {
"id": "<string>",
"infected": false,
"isActive": false,
"isDecommissioned": true,
"machineType": "<string>",
"name": "<string>",
"os": "<string>",
"uuid": "<string>"
},
"alertInfo": {
"alertId": "<string>",
"analystVerdict": "<string>",
"createdAt": "2025-01-01T15:56:21.535999Z",
"dnsRequest": null,
"dnsResponse": null,
"dstIp": null,
"dstPort": null,
"dvEventId": "<string>",
"eventType": "<string>",
"hitType": "<string>",
"incidentStatus": "<string>",
"indicatorCategory": null,
"indicatorDescription": null,
"indicatorName": null,
"isEdr": true,
"loginAccountDomain": "<string>",
"loginAccountSid": "<string>",
"loginIsAdministratorEquivalent": "<string>",
"loginIsSuccessful": "<string>",
"loginType": "<string>",
"loginsUserName": "<string>",
"modulePath": null,
"moduleSha1": null,
"netEventDirection": null,
"registryKeyPath": null,
"registryOldValue": null,
"registryOldValueType": null,
"registryPath": null,
"registryValue": null,
"reportedAt": "2025-01-01T15:56:21.535999Z",
"source": "<string>",
"srcIp": null,
"srcMachineIp": null,
"srcPort": null,
"tiIndicatorComparisonMethod": null,
"tiIndicatorSource": null,
"tiIndicatorType": null,
"tiIndicatorValue": null,
"updatedAt": "2025-01-01T15:56:21.535999Z",
},
"containerInfo": {
"id": null,
"image": null,
"labels": null,
"name": null
},
"kubernetesInfo": {
"cluster": null,
"controllerKind": null,
"controllerLabels": null,
"controllerName": null,
"namespace": null,
"namespaceLabels": null,
"node": null,
"pod": null,
"podLabels": null
},
"ruleInfo": {
"description": null,
"id": "<string>",
"name": "<string>",
"queryLang": "<string>",
"queryType": "<string>",
"s1ql": "<string>",
"scopeLevel": "<string>",
"severity": "<string>",
"treatAsThreat": "<string>"
},
"sourceParentProcessInfo": {
"commandline": "<string>",
"effectiveUser": null,
"fileHashMd5": "<string>",
"fileHashSha1": "<string>",
"fileHashSha256": "<string>",
"filePath": "<string>",
"fileSignerIdentity": "<string>",
"integrityLevel": "<string>",
"loginUser": null,
"name": "<string>",
"pid": "<string>",
"pidStarttime": "2025-04-17T01:15:48.111000Z",
"realUser": null,
"storyline": "<string>",
"subsystem": "<string>",
"uniqueId": "<string>",
"user": "<string>"
},
"sourceProcessInfo": {
"commandline": "<string>",
"effectiveUser": null,
"fileHashMd5": "<string>",
"fileHashSha1": "<string>",
"fileHashSha256": "<string>",
"filePath": "<string>",
"fileSignerIdentity": "<string>",
"integrityLevel": "<string>",
"loginUser": null,
"name": "<string>",
"pid": "<string>",
"pidStarttime": "2025-04-17T01:15:48.111000Z",
"realUser": null,
"storyline": "<string>",
"subsystem": "<string>",
"uniqueId": "<string>",
"user": "<string>"
},
"targetProcessInfo": {
"tgtFileCreatedAt": "2025-01-01T15:56:21.535999Z",
"tgtFileHashSha1": null,
"tgtFileHashSha256": null,
"tgtFileId": null,
"tgtFileIsSigned": "<string>",
"tgtFileModifiedAt": "2025-01-01T15:56:21.535999Z",
"tgtFileOldPath": null,
"tgtFilePath": null,
"tgtProcCmdLine": null,
"tgtProcImagePath": null,
"tgtProcIntegrityLevel": "<string>",
"tgtProcName": null,
"tgtProcPid": null,
"tgtProcSignedStatus": null,
"tgtProcStorylineId": null,
"tgtProcUid": null,
"tgtProcessStartTime": "2025-04-17T01:15:48.111000Z"
}
}
],
"pagination": {
"nextCursor": null,
"totalItems": 23
}
}
Was this page helpful?