Get a threat’s timeline.

Parameters

ParameterDescription
CursorCursor position returned by the last request. Use to iterate over more than 1000 items. Example: “YWdlbnRfaWQ6NTgwMjkzODE=”.
LimitLimit number of returned items (1-1000). Example: 10.
Return All PagesAutomatically fetch all resources, page by page.
Sort ByThe column to sort the results by.
Threat IDThe threat ID.

Example Output

{
	"data": [
		{
			"accountId": "<string>",
			"activityType": 4952,
			"agentId": null,
			"agentUpdatedVersion": null,
			"createdAt": "2025-01-01T15:56:21.535999Z",
			"data": {
				"accountName": "<string>",
				"description": null,
				"externalServiceId": null,
				"fileContentHash": "<string>",
				"fullScopeDetails": "<string>",
				"fullScopeDetailsPath": "<string>",
				"groupName": null,
				"ipAddress": null,
				"osFamily": "<string>",
				"realUser": null,
				"scopeLevel": "<string>",
				"scopeName": "<string>",
				"siteName": "<string>",
				"username": "<string>"
			},
			"groupId": null,
			"hash": "<string>",
			"id": "<string>",
			"osFamily": "<string>",
			"primaryDescription": "<string>",
			"secondaryDescription": "<string>",
			"siteId": "<string>",
			"threatId": null,
			"updatedAt": "2025-01-01T15:56:21.535999Z",
			"userId": null
		},
		{
			"accountId": "<string>",
			"activityType": 22,
			"agentId": "<string>",
			"agentUpdatedVersion": null,
			"createdAt": "2025-01-01T15:56:21.535999Z",
			"data": {
				"accountName": "<string>",
				"computerName": "<string>",
				"confidenceLevel": "<string>",
				"escapedMaliciousProcessArguments": null,
				"externalServiceId": null,
				"fileContentHash": "<string>",
				"fileDisplayName": "<string>",
				"filePath": "<string>",
				"fullScopeDetails": "<string>",
				"fullScopeDetailsPath": "<string>",
				"groupName": "<string>",
				"ipAddress": "<string>",
				"realUser": null,
				"siteName": "<string>",
				"sourceType": "<string>",
				"threatClassification": "<string>",
				"threatClassificationSource": "<string>",
				"username": null
			},
			"groupId": "<string>",
			"hash": null,
			"id": "<string>",
			"osFamily": null,
			"primaryDescription": "<string>",
			"secondaryDescription": "<string>",
			"siteId": "<string>",
			"threatId": "<string>",
			"updatedAt": "2025-01-01T15:56:21.535999Z",
			"userId": null
		}
	],
	"pagination": {
		"nextCursor": null,
		"totalItems": 245
	}
}

Workflow Library Example

Get Threat Timeline with Sentinelone and Send Results Via Email

Preview this Workflow on desktop