Skip to main content
Lists SentinelOne activities.

Parameters

ParameterDescription
CursorCursor position returned by the last request. Use to iterate over more than 1000 items. Example: “YWdlbnRfaWQ6NTgwMjkzODE=”.
FilterList accounts that match this filter.
For more information visit: https://your-subdomain.sentinelone.net/api-doc/api-details?category=activities&api=get-activities.
LimitLimit number of returned items (1-1000). Example: “10”.
Return All PagesAutomatically fetch all resources, page by page.

Example Output

{
	"data": [
		{
			"accountId": "<string>",
			"accountName": "<string>",
			"activityType": 28,
			"activityUuid": "<string>",
			"agentId": null,
			"agentUpdatedVersion": null,
			"comments": null,
			"createdAt": "2025-01-01T15:56:21.535992Z",
			"data": {
				"accountName": "<string>",
				"byUser": "<string>",
				"externalServiceId": null,
				"fullScopeDetails": "<string>",
				"fullScopeDetailsPath": "<string>",
				"groupName": null,
				"ipAddress": "<string>",
				"realUser": null,
				"role": "<string>",
				"roleName": "<string>",
				"scopeLevel": "<string>",
				"scopeLevelName": "<string>",
				"scopeName": "<string>",
				"siteName": "<string>",
				"sourceType": "<string>",
				"userScope": "<string>",
				"username": "<string>"
			},
			"description": null,
			"groupId": null,
			"groupName": null,
			"hash": null,
			"id": "<string>",
			"osFamily": null,
			"primaryDescription": "<string>",
			"secondaryDescription": "<string>",
			"siteId": "<string>",
			"siteName": "<string>",
			"threatId": null,
			"updatedAt": "2025-01-01T15:56:21.535999Z",
			"userId": "<string>"
		},
		{
			"accountId": "<string>",
			"accountName": "<string>",
			"activityType": 7,
			"activityUuid": "<string>",
			"agentId": null,
			"agentUpdatedVersion": null,
			"comments": null,
			"createdAt": "2025-01-01T15:56:21.535999Z",
			"data": {
				"accountName": "<string>",
				"byUser": "<string>",
				"externalServiceId": null,
				"fullScopeDetails": "<string>",
				"fullScopeDetailsPath": "<string>",
				"groupName": null,
				"ipAddress": "<string>",
				"realUser": null,
				"role": "<string>",
				"roleName": "<string>",
				"scopeLevel": "<string>",
				"scopeLevelName": "<string>",
				"scopeName": "<string>",
				"siteName": "<string>",
				"sourceType": "<string>",
				"userScope": "<string>",
				"username": "<string>"
			},
			"description": null,
			"groupId": null,
			"groupName": null,
			"hash": null,
			"id": "<string>",
			"osFamily": null,
			"primaryDescription": "<string>",
			"secondaryDescription": "<string>",
			"siteId": "<string>",
			"siteName": "<string>",
			"threatId": null,
			"updatedAt": "2025-01-01T15:56:21.535999Z",
			"userId": "<string>"
		}
	],
	"pagination": {
		"nextCursor": null,
		"totalItems": 0
	}
}

Workflow Library Example

List Activities with Sentinelone and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop
I