Get data of threats that match the filter.

Basic Parameters

ParameterDescription
Analyst VerdictsFilter alerts by an analyst verdict.
Options:
false_positive
suspicious
true_positive
undefined
Count OnlyIf true, only total number of items will be returned, without any of the actual objects.
Created AfterCreated after a specified timestamp.
Created BeforeCreated before a specified timestamp.
CursorCursor position returned by the last request. Use to iterate over more than 1000 items. Example: “YWdlbnRfaWQ6NTgwMjkzODE=”.
Incident StatusesFilter alerts by a specific incident status.
Options:
in_progress
resolved
unresolved
LimitLimit number of returned items (1-1000). Example: 10.
Return All PagesAutomatically fetch all resources, page by page.
Sort ByThe column to sort the results by.
Threats IDsFilter by a list of threats IDs.

Advanced Parameters

ParameterDescription
Account IDsList of account IDs to filter by. Example: 225494730938493804,225494730938493915.

Example Output

{
  "data": [
    {
      "agentDetectionInfo": {
        "accountId": "<string>",
        "accountName": "<string>",
        "agentDetectionState": null,
        "agentDomain": "<string>",
        "agentIpV4": "<string>",
        "agentIpV6": "<string>",
        "agentLastLoggedInUpn": null,
        "agentLastLoggedInUserMail": null,
        "agentLastLoggedInUserName": "<string>",
        "agentMitigationMode": "<string>",
        "agentOsName": "<string>",
        "agentOsRevision": "<string>",
        "agentRegisteredAt": "2025-01-01T15:56:21.535999Z",
        "agentUuid": "<string>",
        "agentVersion": "<string>",
        "assetVersion": "<string>",
        "cloudProviders": {},
        "externalIp": "<string>",
        "groupId": "<string>",
        "groupName": "<string>",
        "siteId": "<string>",
        "siteName": "<string>"
      },
      "agentRealtimeInfo": {
        "accountId": "<string>",
        "accountName": "<string>",
        "activeThreats": 0,
        "agentComputerName": "<string>",
        "agentDecommissionedAt": true,
        "agentDomain": "<string>",
        "agentId": "<string>",
        "agentInfected": false,
        "agentIsActive": false,
        "agentIsDecommissioned": true,
        "agentMachineType": "<string>",
        "agentMitigationMode": "<string>",
        "agentNetworkStatus": "<string>",
        "agentOsName": "<string>",
        "agentOsRevision": "<string>",
        "agentOsType": "<string>",
        "agentUuid": "<string>",
        "agentVersion": "<string>",
        "groupId": "<string>",
        "groupName": "<string>",
        "networkInterfaces": [
          {
            "id": "<string>",
            "inet": [
              "<string>"
            ],
            "inet6": [],
            "name": "<string>",
            "physical": "<string>"
          },
          {
            "id": "<string>",
            "inet": [
              "<string>"
            ],
            "inet6": [],
            "name": "<string>",
            "physical": "<string>"
          }
        ],
        "operationalState": "<string>",
        "rebootRequired": false,
        "scanAbortedAt": null,
        "scanFinishedAt": "2025-01-01T15:56:21.535999Z",
        "scanStartedAt": "2025-01-01T15:56:21.535999Z",
        "scanStatus": "<string>",
        "siteId": "<string>",
        "siteName": "<string>",
        "storageName": null,
        "storageType": null,
        "userActionsNeeded": []
      },
      "containerInfo": {
        "id": null,
        "image": null,
        "isContainerQuarantine": null,
        "labels": null,
        "name": null
      },
      "ecsInfo": {
        "clusterName": null,
        "serviceArn": null,
        "serviceName": null,
        "taskArn": null,
        "taskAvailabilityZone": null,
        "taskDefinitionArn": null,
        "taskDefinitionFamily": null,
        "taskDefinitionRevision": null,
        "type": null,
        "version": null
      },
      "id": "<string>",
      "indicators": [
        {
          "category": "<string>",
          "description": "<string>",
          "ids": [
            110
          ],
          "tactics": [
            {
              "name": "<string>",
              "source": "<string>",
              "techniques": [
                {
                  "link": "<string>",
                  "name": "<string>"
                },
                {
                  "link": "<string>",
                  "name": "<string>"
                }
              ]
            },
            {
              "name": "<string>",
              "source": "<string>",
              "techniques": [
                {
                  "link": "<string>",
                  "name": "<string>"
                },
                {
                  "link": "<string>",
                  "name": "<string>"
                }
              ]
            }
          ]
        },
        {
          "category": "<string>",
          "description": "<string>",
          "ids": [
            229
          ],
          "tactics": [
            {
              "name": "<string>",
              "source": "<string>",
              "techniques": [
                {
                  "link": "<string>",
                  "name": "<string>"
                },
                {
                  "link": "<string>",
                  "name": "<string>"
                }
              ]
            }
          ]
        }
      ],
      "kubernetesInfo": {
        "cluster": null,
        "controllerKind": null,
        "controllerLabels": null,
        "controllerName": null,
        "isContainerQuarantine": null,
        "namespace": null,
        "namespaceLabels": null,
        "node": null,
        "nodeLabels": null,
        "pod": null,
        "podLabels": null
      },
      "mitigationStatus": [],
      "threatInfo": {
        "analystVerdict": "<string>",
        "analystVerdictDescription": "<string>",
        "automaticallyResolved": false,
        "browserType": null,
        "certificateId": "<string>",
        "classification": "<string>",
        "classificationSource": "<string>",
        "cloudFilesHashVerdict": null,
        "collectionId": "<string>",
        "confidenceLevel": "<string>",
        "createdAt": "2025-01-01T15:56:21.535999Z",
        "detectionEngines": [
          {
            "key": "<string>",
            "title": "<string>"
          }
        ],
        "detectionType": "<string>",
        "engines": [
          "<string>"
        ],
        "externalTicketExists": false,
        "externalTicketId": null,
        "failedActions": false,
        "fileExtension": "<string>",
        "fileExtensionType": "<string>",
        "filePath": "<string>",
        "fileSize": 98829,
        "fileVerificationType": "<string>",
        "identifiedAt": "2025-01-01T15:56:21.535999Z",
        "incidentStatus": "<string>",
        "incidentStatusDescription": "<string>",
        "initiatedBy": "<string>",
        "initiatedByDescription": "<string>",
        "initiatingUserId": null,
        "initiatingUsername": null,
        "isFileless": false,
        "isValidCertificate": true,
        "macroModules": null,
        "maliciousProcessArguments": "<string>",
        "md5": null,
        "mitigatedPreemptively": false,
        "mitigationStatus": "<string>",
        "mitigationStatusDescription": "<string>",
        "originatorProcess": "<string>",
        "pendingActions": false,
        "processUser": "<string>",
        "publisherName": "<string>",
        "reachedEventsLimit": false,
        "rebootRequired": false,
        "rootProcessUpn": null,
        "sha1": "<string>",
        "sha256": null,
        "storyline": "<string>",
        "threatId": "<string>",
        "threatName": "<string>",
        "updatedAt": "2025-01-01T15:56:21.535999Z",
      },
      "whiteningOptions": [
        "<string>",
        "<string>"
      ]
    },
    {
      "agentDetectionInfo": {
        "accountId": "<string>",
        "accountName": "<string>",
        "agentDetectionState": null,
        "agentDomain": "<string>",
        "agentIpV4": "<string>",
        "agentIpV6": "<string>",
        "agentLastLoggedInUpn": null,
        "agentLastLoggedInUserMail": null,
        "agentLastLoggedInUserName": "<string>",
        "agentMitigationMode": "<string>",
        "agentOsName": "<string>",
        "agentOsRevision": "<string>",
        "agentRegisteredAt": "2025-01-01T15:56:21.535999Z",
        "agentUuid": "<string>",
        "agentVersion": "<string>",
        "assetVersion": "<string>",
        "cloudProviders": {},
        "externalIp": "<string>",
        "groupId": "<string>",
        "groupName": "<string>",
        "siteId": "<string>",
        "siteName": "<string>"
      },
      "agentRealtimeInfo": {
        "accountId": "<string>",
        "accountName": "<string>",
        "activeThreats": 1,
        "agentComputerName": "<string>",
        "agentDecommissionedAt": null,
        "agentDomain": "<string>",
        "agentId": "<string>",
        "agentInfected": false,
        "agentIsActive": false,
        "agentIsDecommissioned": false,
        "agentMachineType": "<string>",
        "agentMitigationMode": "<string>",
        "agentNetworkStatus": "<string>",
        "agentOsName": "<string>",
        "agentOsRevision": "<string>",
        "agentOsType": "<string>",
        "agentUuid": "<string>",
        "agentVersion": "<string>",
        "groupId": "<string>",
        "groupName": "<string>",
        "networkInterfaces": [
          {
            "id": "<string>",
            "inet": [],
            "inet6": [
              "<string>"
            ],
            "name": "<string>",
            "physical": "<string>"
          },
          {
            "id": "<string>",
            "inet": [
              "<string>"
            ],
            "inet6": [
              "<string>"
            ],
            "name": "<string>",
            "physical": "<string>"
          }
        ],
        "operationalState": "<string>",
        "rebootRequired": false,
        "scanAbortedAt": null,
        "scanFinishedAt": "2025-01-01T15:56:21.535999Z",
        "scanStartedAt": "2025-01-01T15:56:21.535999Z",
        "scanStatus": "<string>",
        "siteId": "<string>",
        "siteName": "<string>",
        "storageName": null,
        "storageType": null,
        "userActionsNeeded": []
      },
      "containerInfo": {
        "id": null,
        "image": null,
        "isContainerQuarantine": null,
        "labels": null,
        "name": null
      },
      "ecsInfo": {
        "clusterName": null,
        "serviceArn": null,
        "serviceName": null,
        "taskArn": null,
        "taskAvailabilityZone": null,
        "taskDefinitionArn": null,
        "taskDefinitionFamily": null,
        "taskDefinitionRevision": null,
        "type": null,
        "version": null
      },
      "id": "<string>",
      "indicators": [],
      "kubernetesInfo": {
        "cluster": null,
        "controllerKind": null,
        "controllerLabels": null,
        "controllerName": null,
        "isContainerQuarantine": null,
        "namespace": null,
        "namespaceLabels": null,
        "node": null,
        "nodeLabels": null,
        "pod": null,
        "podLabels": null
      },
      "mitigationStatus": [
        {
          "action": "<string>",
          "actionsCounters": {
            "failed": 2,
            "notFound": 1,
            "pendingReboot": 2,
            "success": 1,
            "total": 1
          },
          "agentSupportsReport": true,
          "groupNotFound": false,
          "lastUpDate": "2025-03-24T07:44:25Z",
          "latestReport": "<string>",
          "mitigationEndedAt": "2025-01-01T15:56:21.535999Z",
          "mitigationStartedAt": "2025-01-01T15:56:21.535999Z",
          "reportId": "<string>",
          "status": "<string>"
        },
        {
          "action": "<string>",
          "actionsCounters": {
            "failed": 0,
            "notFound": 1,
            "pendingReboot": 1,
            "success": 2,
            "total": 0
          },
          "agentSupportsReport": true,
          "groupNotFound": false,
          "lastUpDate": "2025-03-24T07:44:25Z",
          "latestReport": "<string>",
          "mitigationEndedAt": "2025-01-01T15:56:21.535999Z",
          "mitigationStartedAt": "2025-01-01T15:56:21.535999Z",
          "reportId": "<string>",
          "status": "<string>"
        }
      ],
      "threatInfo": {
        "analystVerdict": "<string>",
        "analystVerdictDescription": "<string>",
        "automaticallyResolved": false,
        "browserType": null,
        "certificateId": "<string>",
        "classification": "<string>",
        "classificationSource": "<string>",
        "cloudFilesHashVerdict": "<string>",
        "collectionId": "<string>",
        "confidenceLevel": "<string>",
        "createdAt": "2025-01-01T15:56:21.535999Z",
        "detectionEngines": [
          {
            "key": "<string>",
            "title": "<string>"
          }
        ],
        "detectionType": "<string>",
        "engines": [
          "<string>"
        ],
        "externalTicketExists": false,
        "externalTicketId": null,
        "failedActions": false,
        "fileExtension": null,
        "fileExtensionType": null,
        "filePath": "<string>",
        "fileSize": 2,
        "fileVerificationType": null,
        "identifiedAt": "2025-01-01T15:56:21.535999Z",
        "incidentStatus": "<string>",
        "incidentStatusDescription": "<string>",
        "initiatedBy": "<string>",
        "initiatedByDescription": "<string>",
        "initiatingUserId": null,
        "initiatingUsername": null,
        "isFileless": false,
        "isValidCertificate": true,
        "macroModules": null,
        "maliciousProcessArguments": null,
        "md5": null,
        "mitigatedPreemptively": true,
        "mitigationStatus": "<string>",
        "mitigationStatusDescription": "<string>",
        "originatorProcess": "<string>",
        "pendingActions": false,
        "processUser": "<string>",
        "publisherName": "<string>",
        "reachedEventsLimit": null,
        "rebootRequired": false,
        "rootProcessUpn": null,
        "sha1": "<string>",
        "sha256": null,
        "storyline": "<string>",
        "threatId": "<string>",
        "threatName": "<string>",
        "updatedAt": "2025-01-01T15:56:21.535999Z",
      },
      "whiteningOptions": [
        "<string>"
      ]
    }
  ],
  "pagination": {
    "nextCursor": "<string>",
    "totalItems": 160
  }
}

Workflow Library Example

Get Threats with Sentinelone and Send Results Via Email

Preview this Workflow on desktop