Get Threat Timeline
Get a threat's timeline.
Parameters
| Parameter | Description |
|---|---|
| Cursor | Cursor position returned by the last request. Use to iterate over more than 1000 items. Example: "YWdlbnRfaWQ6NTgwMjkzODE=". |
| Limit | Limit number of returned items (1-1000). Example: 10. |
| Return All Pages | Automatically fetch all resources, page by page. |
| Sort By | The column to sort the results by. |
| Threat ID | The threat ID. |
Example Output
{
"errors": [
{
"type": "object"
}
],
"pagination": {
"nextCursor": "YWdlbnRfaWQ6NTgwMjkzODE=",
"totalItems": 580
},
"data": [
{
"siteId": "225494730938493804",
"secondaryDescription": "string",
"id": "225494730938493804",
"hash": "string",
"userId": "225494730938493804",
"agentId": "225494730938493804",
"createdAt": "2018-02-27T04:49:26.257525Z",
"data": {
"computer_name": "COMP_1234",
"username": "my_user"
},
"osFamily": "macos",
"accountId": "225494730938493804",
"groupId": "225494730938493804",
"primaryDescription": "string",
"updatedAt": "2018-02-27T04:49:26.257525Z",
"threatId": "225494730938493804",
"agentUpdatedVersion": "2.5.1.1320",
"activityType": "integer"
}
]
}
Workflow Library Example
Get Threat Timeline with Sentinelone and Send Results Via Email
Preview this Workflow on desktop