Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Get all threat events.

Parameters

ParameterDescription
Count OnlyIf true, only total number of items will be returned, without any of the actual objects.
CursorCursor position returned by the last request. Use to iterate over more than 1000 items. Example: “YWdlbnRfaWQ6NTgwMjkzODE=”.
Event IDFilter by a specific process key and its children.
LimitLimit number of returned items (1-1000). Example: 10.
Return All PagesAutomatically fetch all resources, page by page.
Sort ByThe column to sort the results by.
Threat IDThe threat ID.

Example Output

{
	"data": [
		{
			"siteId": "string",
			"user": "string",
			"agentId": "string",
			"agentIsActive": "boolean",
			"registryPath": "string",
			"parentPid": "string",
			"processStartTime": "2018-02-27T04:49:26.257525Z",
			"networkMethod": "string",
			"processImageSha1Hash": "string",
			"taskPath": "string",
			"fileId": "string",
			"agentVersion": "string",
			"processIntegrityLevel": "string",
			"verifiedStatus": "string",
			"taskName": "string",
			"eventType": "string",
			"fileFullName": "string",
			"agentMachineType": "string",
			"processSessionId": "string",
			"processSubSystem": "string",
			"agentIp": "string",
			"agentName": "string",
			"connectionStatus": "string",
			"pid": "string",
			"processName": "string",
			"indicatorMetadata": "string",
			"protocol": "string",
			"trueContext": "string",
			"parentProcessGroupId": "string",
			"createdAt": "2018-02-27T04:49:26.257525Z",
			"dstPort": "integer",
			"rpid": "string",
			"storyline": "string",
			"processGroupId": "string",
			"activeContentHash": "string",
			"agentUuid": "string",
			"siteName": "string",
			"processRoot": "string",
			"relatedToThreat": "boolean",
			"agentOs": "macos",
			"dnsRequest": "string",
			"processIsMalicious": "boolean",
			"oldFileSha1": "string",
			"fileMd5": "string",
			"agentDomain": "string",
			"signatureSignedInvalidReason": "string",
			"registryClassification": "string",
			"publisher": "string",
			"threatStatus": "string",
			"indicatorDescription": "string",
			"loginsUserName": "string",
			"srcPort": "integer",
			"networkUrl": "string",
			"processDisplayName": "string",
			"processImagePath": "string",
			"signedStatus": "string",
			"parentProcessIsMalicious": "boolean",
			"dnsResponse": "string",
			"registryId": "string",
			"tid": "string",
			"fileSha1": "string",
			"indicatorCategory": "string",
			"activeContentFileId": "string",
			"fileSize": "string",
			"md5": "string",
			"fileType": "string",
			"sha256": "string",
			"agentGroupId": "string",
			"objectType": "events",
			"agentIsDecommissioned": "boolean",
			"srcIp": "string",
			"agentInfected": "boolean",
			"processIsWow64": "string",
			"indicatorName": "string",
			"parentProcessUniqueKey": "string",
			"direction": "string",
			"fileSha256": "string",
			"id": "string",
			"processIsRedirectedCommandProcessor": "string",
			"loginsBaseType": "string",
			"oldFileSha256": "string",
			"sha1": "string",
			"activeContentPath": "string",
			"dstIp": "string",
			"processUniqueKey": "string",
			"oldFileMd5": "string",
			"processCmd": "string",
			"hasActiveContent": "boolean",
			"networkSource": "string",
			"oldFileName": "string",
			"processUserName": "string",
			"parentProcessName": "string",
			"agentNetworkStatus": "string"
		}
	],
	"pagination": {
		"nextCursor": null,
		"totalItems": 3
	}
}

Workflow Library Example

Get Events with Sentinelone and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop