> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Threats

Get data of threats that match the filter.

## Basic Parameters

<div className="integrations-table">
  | Parameter         | Description                                                                                                                                                      |
  | ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
  | Analyst Verdicts  | Filter alerts by an analyst verdict.<br />Options:<br />  <pre><code>false\_positive<br />  suspicious<br />  true\_positive<br />  undefined<br /></code></pre> |
  | Count Only        | If true, only total number of items will be returned, without any of the actual objects.                                                                         |
  | Created After     | Created after a specified timestamp.                                                                                                                             |
  | Created Before    | Created before a specified timestamp.                                                                                                                            |
  | Cursor            | Cursor position returned by the last request. Use to iterate over more than 1000 items. Example: "YWdlbnRfaWQ6NTgwMjkzODE=".                                     |
  | Incident Statuses | Filter alerts by a specific incident status.<br /> Options:<br />  <pre><code>in\_progress<br />  resolved<br />  unresolved<br /></code></pre>                  |
  | Limit             | Limit number of returned items (1-1000). Example: 10.                                                                                                            |
  | Return All Pages  | Automatically fetch all resources, page by page.                                                                                                                 |
  | Sort By           | The column to sort the results by.                                                                                                                               |
  | Threats IDs       | Filter by a list of threats IDs.                                                                                                                                 |
</div>

## Advanced Parameters

<div className="integrations-table">
  | Parameter   | Description                                                                       |
  | ----------- | --------------------------------------------------------------------------------- |
  | Account IDs | List of account IDs to filter by. Example: 225494730938493804,225494730938493915. |
</div>

## Example Output

```json theme={"dark"}
{
  "data": [
    {
      "agentDetectionInfo": {
        "accountId": "<string>",
        "accountName": "<string>",
        "agentDetectionState": null,
        "agentDomain": "<string>",
        "agentIpV4": "<string>",
        "agentIpV6": "<string>",
        "agentLastLoggedInUpn": null,
        "agentLastLoggedInUserMail": null,
        "agentLastLoggedInUserName": "<string>",
        "agentMitigationMode": "<string>",
        "agentOsName": "<string>",
        "agentOsRevision": "<string>",
        "agentRegisteredAt": "2025-01-01T15:56:21.535999Z",
        "agentUuid": "<string>",
        "agentVersion": "<string>",
        "assetVersion": "<string>",
        "cloudProviders": {},
        "externalIp": "<string>",
        "groupId": "<string>",
        "groupName": "<string>",
        "siteId": "<string>",
        "siteName": "<string>"
      },
      "agentRealtimeInfo": {
        "accountId": "<string>",
        "accountName": "<string>",
        "activeThreats": 0,
        "agentComputerName": "<string>",
        "agentDecommissionedAt": true,
        "agentDomain": "<string>",
        "agentId": "<string>",
        "agentInfected": false,
        "agentIsActive": false,
        "agentIsDecommissioned": true,
        "agentMachineType": "<string>",
        "agentMitigationMode": "<string>",
        "agentNetworkStatus": "<string>",
        "agentOsName": "<string>",
        "agentOsRevision": "<string>",
        "agentOsType": "<string>",
        "agentUuid": "<string>",
        "agentVersion": "<string>",
        "groupId": "<string>",
        "groupName": "<string>",
        "networkInterfaces": [
          {
            "id": "<string>",
            "inet": [
              "<string>"
            ],
            "inet6": [],
            "name": "<string>",
            "physical": "<string>"
          },
          {
            "id": "<string>",
            "inet": [
              "<string>"
            ],
            "inet6": [],
            "name": "<string>",
            "physical": "<string>"
          }
        ],
        "operationalState": "<string>",
        "rebootRequired": false,
        "scanAbortedAt": null,
        "scanFinishedAt": "2025-01-01T15:56:21.535999Z",
        "scanStartedAt": "2025-01-01T15:56:21.535999Z",
        "scanStatus": "<string>",
        "siteId": "<string>",
        "siteName": "<string>",
        "storageName": null,
        "storageType": null,
        "userActionsNeeded": []
      },
      "containerInfo": {
        "id": null,
        "image": null,
        "isContainerQuarantine": null,
        "labels": null,
        "name": null
      },
      "ecsInfo": {
        "clusterName": null,
        "serviceArn": null,
        "serviceName": null,
        "taskArn": null,
        "taskAvailabilityZone": null,
        "taskDefinitionArn": null,
        "taskDefinitionFamily": null,
        "taskDefinitionRevision": null,
        "type": null,
        "version": null
      },
      "id": "<string>",
      "indicators": [
        {
          "category": "<string>",
          "description": "<string>",
          "ids": [
            110
          ],
          "tactics": [
            {
              "name": "<string>",
              "source": "<string>",
              "techniques": [
                {
                  "link": "<string>",
                  "name": "<string>"
                },
                {
                  "link": "<string>",
                  "name": "<string>"
                }
              ]
            },
            {
              "name": "<string>",
              "source": "<string>",
              "techniques": [
                {
                  "link": "<string>",
                  "name": "<string>"
                },
                {
                  "link": "<string>",
                  "name": "<string>"
                }
              ]
            }
          ]
        },
        {
          "category": "<string>",
          "description": "<string>",
          "ids": [
            229
          ],
          "tactics": [
            {
              "name": "<string>",
              "source": "<string>",
              "techniques": [
                {
                  "link": "<string>",
                  "name": "<string>"
                },
                {
                  "link": "<string>",
                  "name": "<string>"
                }
              ]
            }
          ]
        }
      ],
      "kubernetesInfo": {
        "cluster": null,
        "controllerKind": null,
        "controllerLabels": null,
        "controllerName": null,
        "isContainerQuarantine": null,
        "namespace": null,
        "namespaceLabels": null,
        "node": null,
        "nodeLabels": null,
        "pod": null,
        "podLabels": null
      },
      "mitigationStatus": [],
      "threatInfo": {
        "analystVerdict": "<string>",
        "analystVerdictDescription": "<string>",
        "automaticallyResolved": false,
        "browserType": null,
        "certificateId": "<string>",
        "classification": "<string>",
        "classificationSource": "<string>",
        "cloudFilesHashVerdict": null,
        "collectionId": "<string>",
        "confidenceLevel": "<string>",
        "createdAt": "2025-01-01T15:56:21.535999Z",
        "detectionEngines": [
          {
            "key": "<string>",
            "title": "<string>"
          }
        ],
        "detectionType": "<string>",
        "engines": [
          "<string>"
        ],
        "externalTicketExists": false,
        "externalTicketId": null,
        "failedActions": false,
        "fileExtension": "<string>",
        "fileExtensionType": "<string>",
        "filePath": "<string>",
        "fileSize": 98829,
        "fileVerificationType": "<string>",
        "identifiedAt": "2025-01-01T15:56:21.535999Z",
        "incidentStatus": "<string>",
        "incidentStatusDescription": "<string>",
        "initiatedBy": "<string>",
        "initiatedByDescription": "<string>",
        "initiatingUserId": null,
        "initiatingUsername": null,
        "isFileless": false,
        "isValidCertificate": true,
        "macroModules": null,
        "maliciousProcessArguments": "<string>",
        "md5": null,
        "mitigatedPreemptively": false,
        "mitigationStatus": "<string>",
        "mitigationStatusDescription": "<string>",
        "originatorProcess": "<string>",
        "pendingActions": false,
        "processUser": "<string>",
        "publisherName": "<string>",
        "reachedEventsLimit": false,
        "rebootRequired": false,
        "rootProcessUpn": null,
        "sha1": "<string>",
        "sha256": null,
        "storyline": "<string>",
        "threatId": "<string>",
        "threatName": "<string>",
        "updatedAt": "2025-01-01T15:56:21.535999Z",
      },
      "whiteningOptions": [
        "<string>",
        "<string>"
      ]
    },
    {
      "agentDetectionInfo": {
        "accountId": "<string>",
        "accountName": "<string>",
        "agentDetectionState": null,
        "agentDomain": "<string>",
        "agentIpV4": "<string>",
        "agentIpV6": "<string>",
        "agentLastLoggedInUpn": null,
        "agentLastLoggedInUserMail": null,
        "agentLastLoggedInUserName": "<string>",
        "agentMitigationMode": "<string>",
        "agentOsName": "<string>",
        "agentOsRevision": "<string>",
        "agentRegisteredAt": "2025-01-01T15:56:21.535999Z",
        "agentUuid": "<string>",
        "agentVersion": "<string>",
        "assetVersion": "<string>",
        "cloudProviders": {},
        "externalIp": "<string>",
        "groupId": "<string>",
        "groupName": "<string>",
        "siteId": "<string>",
        "siteName": "<string>"
      },
      "agentRealtimeInfo": {
        "accountId": "<string>",
        "accountName": "<string>",
        "activeThreats": 1,
        "agentComputerName": "<string>",
        "agentDecommissionedAt": null,
        "agentDomain": "<string>",
        "agentId": "<string>",
        "agentInfected": false,
        "agentIsActive": false,
        "agentIsDecommissioned": false,
        "agentMachineType": "<string>",
        "agentMitigationMode": "<string>",
        "agentNetworkStatus": "<string>",
        "agentOsName": "<string>",
        "agentOsRevision": "<string>",
        "agentOsType": "<string>",
        "agentUuid": "<string>",
        "agentVersion": "<string>",
        "groupId": "<string>",
        "groupName": "<string>",
        "networkInterfaces": [
          {
            "id": "<string>",
            "inet": [],
            "inet6": [
              "<string>"
            ],
            "name": "<string>",
            "physical": "<string>"
          },
          {
            "id": "<string>",
            "inet": [
              "<string>"
            ],
            "inet6": [
              "<string>"
            ],
            "name": "<string>",
            "physical": "<string>"
          }
        ],
        "operationalState": "<string>",
        "rebootRequired": false,
        "scanAbortedAt": null,
        "scanFinishedAt": "2025-01-01T15:56:21.535999Z",
        "scanStartedAt": "2025-01-01T15:56:21.535999Z",
        "scanStatus": "<string>",
        "siteId": "<string>",
        "siteName": "<string>",
        "storageName": null,
        "storageType": null,
        "userActionsNeeded": []
      },
      "containerInfo": {
        "id": null,
        "image": null,
        "isContainerQuarantine": null,
        "labels": null,
        "name": null
      },
      "ecsInfo": {
        "clusterName": null,
        "serviceArn": null,
        "serviceName": null,
        "taskArn": null,
        "taskAvailabilityZone": null,
        "taskDefinitionArn": null,
        "taskDefinitionFamily": null,
        "taskDefinitionRevision": null,
        "type": null,
        "version": null
      },
      "id": "<string>",
      "indicators": [],
      "kubernetesInfo": {
        "cluster": null,
        "controllerKind": null,
        "controllerLabels": null,
        "controllerName": null,
        "isContainerQuarantine": null,
        "namespace": null,
        "namespaceLabels": null,
        "node": null,
        "nodeLabels": null,
        "pod": null,
        "podLabels": null
      },
      "mitigationStatus": [
        {
          "action": "<string>",
          "actionsCounters": {
            "failed": 2,
            "notFound": 1,
            "pendingReboot": 2,
            "success": 1,
            "total": 1
          },
          "agentSupportsReport": true,
          "groupNotFound": false,
          "lastUpDate": "2025-03-24T07:44:25Z",
          "latestReport": "<string>",
          "mitigationEndedAt": "2025-01-01T15:56:21.535999Z",
          "mitigationStartedAt": "2025-01-01T15:56:21.535999Z",
          "reportId": "<string>",
          "status": "<string>"
        },
        {
          "action": "<string>",
          "actionsCounters": {
            "failed": 0,
            "notFound": 1,
            "pendingReboot": 1,
            "success": 2,
            "total": 0
          },
          "agentSupportsReport": true,
          "groupNotFound": false,
          "lastUpDate": "2025-03-24T07:44:25Z",
          "latestReport": "<string>",
          "mitigationEndedAt": "2025-01-01T15:56:21.535999Z",
          "mitigationStartedAt": "2025-01-01T15:56:21.535999Z",
          "reportId": "<string>",
          "status": "<string>"
        }
      ],
      "threatInfo": {
        "analystVerdict": "<string>",
        "analystVerdictDescription": "<string>",
        "automaticallyResolved": false,
        "browserType": null,
        "certificateId": "<string>",
        "classification": "<string>",
        "classificationSource": "<string>",
        "cloudFilesHashVerdict": "<string>",
        "collectionId": "<string>",
        "confidenceLevel": "<string>",
        "createdAt": "2025-01-01T15:56:21.535999Z",
        "detectionEngines": [
          {
            "key": "<string>",
            "title": "<string>"
          }
        ],
        "detectionType": "<string>",
        "engines": [
          "<string>"
        ],
        "externalTicketExists": false,
        "externalTicketId": null,
        "failedActions": false,
        "fileExtension": null,
        "fileExtensionType": null,
        "filePath": "<string>",
        "fileSize": 2,
        "fileVerificationType": null,
        "identifiedAt": "2025-01-01T15:56:21.535999Z",
        "incidentStatus": "<string>",
        "incidentStatusDescription": "<string>",
        "initiatedBy": "<string>",
        "initiatedByDescription": "<string>",
        "initiatingUserId": null,
        "initiatingUsername": null,
        "isFileless": false,
        "isValidCertificate": true,
        "macroModules": null,
        "maliciousProcessArguments": null,
        "md5": null,
        "mitigatedPreemptively": true,
        "mitigationStatus": "<string>",
        "mitigationStatusDescription": "<string>",
        "originatorProcess": "<string>",
        "pendingActions": false,
        "processUser": "<string>",
        "publisherName": "<string>",
        "reachedEventsLimit": null,
        "rebootRequired": false,
        "rootProcessUpn": null,
        "sha1": "<string>",
        "sha256": null,
        "storyline": "<string>",
        "threatId": "<string>",
        "threatName": "<string>",
        "updatedAt": "2025-01-01T15:56:21.535999Z",
      },
      "whiteningOptions": [
        "<string>"
      ]
    }
  ],
  "pagination": {
    "nextCursor": "<string>",
    "totalItems": 160
  }
}
```

## Workflow Library Example

[Get Threats with Sentinelone and Send Results Via Email](https://library.blinkops.com/workflows/get-threats-with-sentinelone-and-send-results-via-email)

<div className="iframe-wrapper">
  <div className="iframe-media">
    <img src="https://mintcdn.com/blinkops-2/ojHYuDeYX5FWuN8a/img/Icons/play-box.svg?fit=max&auto=format&n=ojHYuDeYX5FWuN8a&q=85&s=b8af968e71438a9499c3223c9bd29fb2" alt="Workflow Library" width="16" height="16" data-path="img/Icons/play-box.svg" />

    Preview this Workflow on desktop
  </div>

  <iframe className="iframe" src="https://library.blinkops.com/workflows/get-threats-with-sentinelone-and-send-results-via-email/canvas" />
</div>
