Lists SentinelOne activities.
Parameter | Description |
---|---|
Cursor | Cursor position returned by the last request. Use to iterate over more than 1000 items. Example: “YWdlbnRfaWQ6NTgwMjkzODE=”. |
Filter | List accounts that match this filter. For more information visit: https://your-subdomain.sentinelone.net/api-doc/api-details?category=activities&api=get-activities. |
Limit | Limit number of returned items (1-1000). Example: “10”. |
Return All Pages | Automatically fetch all resources, page by page. |
{
"data": [
{
"accountId": "<string>",
"accountName": "<string>",
"activityType": 28,
"activityUuid": "<string>",
"agentId": null,
"agentUpdatedVersion": null,
"comments": null,
"createdAt": "2025-01-01T15:56:21.535992Z",
"data": {
"accountName": "<string>",
"byUser": "<string>",
"externalServiceId": null,
"fullScopeDetails": "<string>",
"fullScopeDetailsPath": "<string>",
"groupName": null,
"ipAddress": "<string>",
"realUser": null,
"role": "<string>",
"roleName": "<string>",
"scopeLevel": "<string>",
"scopeLevelName": "<string>",
"scopeName": "<string>",
"siteName": "<string>",
"sourceType": "<string>",
"userScope": "<string>",
"username": "<string>"
},
"description": null,
"groupId": null,
"groupName": null,
"hash": null,
"id": "<string>",
"osFamily": null,
"primaryDescription": "<string>",
"secondaryDescription": "<string>",
"siteId": "<string>",
"siteName": "<string>",
"threatId": null,
"updatedAt": "2025-01-01T15:56:21.535999Z",
"userId": "<string>"
},
{
"accountId": "<string>",
"accountName": "<string>",
"activityType": 7,
"activityUuid": "<string>",
"agentId": null,
"agentUpdatedVersion": null,
"comments": null,
"createdAt": "2025-01-01T15:56:21.535999Z",
"data": {
"accountName": "<string>",
"byUser": "<string>",
"externalServiceId": null,
"fullScopeDetails": "<string>",
"fullScopeDetailsPath": "<string>",
"groupName": null,
"ipAddress": "<string>",
"realUser": null,
"role": "<string>",
"roleName": "<string>",
"scopeLevel": "<string>",
"scopeLevelName": "<string>",
"scopeName": "<string>",
"siteName": "<string>",
"sourceType": "<string>",
"userScope": "<string>",
"username": "<string>"
},
"description": null,
"groupId": null,
"groupName": null,
"hash": null,
"id": "<string>",
"osFamily": null,
"primaryDescription": "<string>",
"secondaryDescription": "<string>",
"siteId": "<string>",
"siteName": "<string>",
"threatId": null,
"updatedAt": "2025-01-01T15:56:21.535999Z",
"userId": "<string>"
}
],
"pagination": {
"nextCursor": null,
"totalItems": 0
}
}
List Activities with Sentinelone and Send Results Via Email
Preview this Workflow on desktop
Was this page helpful?