Skip to main content

Get Threats

Get data of threats that match the filter.

Basic Parameters

ParameterDescription
Analyst VerdictsFilter alerts by an analyst verdict.Options:
  false_positive  suspicious  true_positive  undefined
Count OnlyIf true, only total number of items will be returned, without any of the actual objects.
Created AfterCreated after a specified timestamp.
Created BeforeCreated before a specified timestamp.
CursorCursor position returned by the last request. Use to iterate over more than 1000 items. Example: "YWdlbnRfaWQ6NTgwMjkzODE=".
Incident StatusesFilter alerts by a specific incident status. Options:
  in_progress  resolved  unresolved
LimitLimit number of returned items (1-1000). Example: 10.
Return All PagesAutomatically fetch all resources, page by page.
Sort ByThe column to sort the results by.
Threats IDsFilter by a list of threats IDs.

Advanced Parameters

ParameterDescription
Account IDsList of account IDs to filter by. Example: 225494730938493804,225494730938493915.

Example Output

{
"errors": [
{
"type": "object"
}
],
"pagination": {
"nextCursor": "YWdlbnRfaWQ6NTgwMjkzODE=",
"totalItems": 580
},
"data": [
{
"containerInfo": {
"id": "string",
"isContainerQuarantine": "boolean",
"image": "string",
"name": "string",
"labels": [
{
"type": "string"
}
]
},
"whiteningOptions": [
{
"type": "string"
}
],
"id": "225494730938493804",
"agentDetectionInfo": {
"siteName": "string",
"agentRegisteredAt": "2018-02-27T04:49:26.257525Z",
"groupName": "string",
"agentMitigationMode": "detect",
"agentIpV6": "string",
"agentIpV4": "string",
"siteId": "225494730938493804",
"accountName": "string",
"agentDomain": "mybusiness.net",
"cloudProviders": "object",
"agentOsName": "string",
"agentLastLoggedInUserName": "janedoe3",
"groupId": "225494730938493804",
"agentDetectionState": "string",
"agentOsRevision": "string",
"externalIp": "string",
"agentLastLoggedInUserMail": "string",
"agentLastLoggedInUpn": "string",
"accountId": "225494730938493804",
"agentVersion": "3.6.1.14",
"agentUuid": "string"
},
"threatInfo": {
"md5": "string",
"initiatedByDescription": {
"readOnly": true,
"description": "Initiated by description"
},
"sha256": "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c",
"threatName": "string",
"automaticallyResolved": "boolean",
"processUser": "string",
"mitigationStatusDescription": {
"readOnly": true,
"description": "Mitigation status description"
},
"classification": "string",
"filePath": {
"readOnly": true,
"description": "File path"
},
"initiatingUserId": "225494730938493804",
"originatorProcess": "string",
"engines": [
"reputation",
"pre_execution"
],
"pendingActions": "boolean",
"reachedEventsLimit": "boolean",
"fileVerificationType": "string",
"initiatedBy": "agent_policy",
"createdAt": "2018-02-27T04:49:26.257525Z",
"analystVerdictDescription": {
"readOnly": true,
"description": "Analyst verdict description"
},
"initiatingUsername": "string",
"publisherName": "string",
"identifiedAt": "2018-02-27T04:49:26.257525Z",
"storyline": "a00637fa-e18d-9b80-e803-f370524f8085",
"detectionEngines": [
"reputation",
"pre_execution"
],
"cloudFilesHashVerdict": "string",
"mitigatedPreemptively": "boolean",
"maliciousProcessArguments": "string",
"isFileless": {
"readOnly": true,
"description": "Is fileless"
},
"isValidCertificate": "boolean",
"mitigationStatus": "not_mitigated",
"sha1": "ddd5030a3d029f3845fc1052419829f08f312240",
"updatedAt": "2018-02-27T04:49:26.257525Z",
"detectionType": "static",
"incidentStatusDescription": {
"readOnly": true,
"description": "Incident status description"
},
"classificationSource": "Cloud",
"certificateId": "string",
"macroModules": [
{
"moduleName": "string",
"sha1": "string"
}
],
"browserType": "string",
"analystVerdict": "undefined",
"confidenceLevel": "malicious",
"incidentStatus": "unresolved",
"externalTicketId": "string",
"externalTicketExists": {
"readOnly": true,
"description": "External ticket exists"
},
"rebootRequired": "boolean",
"failedActions": "boolean",
"collectionId": "225494730938493804",
"threatId": "225494730938493804",
"fileExtensionType": "string",
"fileExtension": "string",
"fileSize": "integer"
},
}
]
}

Workflow Library Example

Get Threats with Sentinelone and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop