Actions
List Security Events
Integrations
- Integrations
- 1Password
- Abnormal
- Absolute
- AbuseIPDB
- Acronis
- Adaptive Shield
- Adobe Cloud
- ADP
- Agari Phishing Response
- Airlock
- Airlock Digital
- Akamai Identity Cloud Social
- Alert Logic
- AlgoSec Firewall Analyzer
- Alienvault OTX
- Alienvault USM
- Anthropic
- Anodot
- Any Run
- Ansible
- Anvilogic
- Apex One
- ArcSight ESM
- Area 1
- Asana
- Asset Panda
- Atlassian Crowd
- Atlassian User Management
- Atlassian User Provisioning
- AuditBoard
- auth0
- Authentik
- Authomize
- Automox
- AWS
- AWS IAM Identity Center
- Axonius
- Azure
- Azure Data Explorer
- Azure DevOps
- Azure Log Analytics
- Azure Storage
- BambooHR
- Big Fix
- BigPanda
- Bitbucket
- Bitdefender
- Bitsight
- Bitwarden
- Black Duck
- Black Kite
- Blink
- BMC Remedy
- Box
- Brinqa
- Cato Networks
- Censys
- Chorus
- Cisco Advanced Phishing Protection
- Cisco Domain Protection
- Cisco Meraki
- Cisco Talos
- Cisco Umbrella
- Cisco Webex
- Claroty xDome
- ClearPass
- ClickHouse
- ClickUp
- Cloud Custodian
- Cloudflare
- Cloudflare R2
- Cobalt.io
- Check Point Harmony
- Check Point Infinity Events
- Check Point Management
- Check Point XDR/XPR
- Checkmarx SAST
- Checkmarx One
- Chronicle
- Compass
- Confluence
- Confluence Data Center
- Coralogix
- Coralogix Incident Management
- Cortex XDR
- Cortex Xpanse
- CredStash
- Cribl
- CrowdStrike
- CyberArk
- Cybersixgill
- CyCognito
- Cyera
- Cylance
- Cyware CTIX
- Darktrace
- Dasera
- Databricks
- Datadog
- DataSet
- Discord
- Docusign
- Delighted
- Delinea
- Devo
- Domo
- Drata
- Dropbox
- Dropbox Business
- druva
- Duo
- Duo Auth
- Dynatrace
- EasyVista
- EchoTrail
- Egnyte
- Egnyte Secure Govern
- Elasticsearch
- Entro
- Ermetic
- Exabeam
- Exchange Online
- Expel
- F5
- Falcon LogScale
- Falcon Surface
- Flare.io
- Forcepoint DLP
- Forescout
- FortiGate
- Freshservice
- GCP
- Gemini
- Ghostwriter
- Git
- GitHub
- GitLab
- Glean
- Gmail
- Google Calendar
- Google Chat
- Google Docs
- Google Drive
- Google Forms
- Google Meet
- Google Looker
- Google Sheets
- Google Workspace
- Grafana
- Greenhouse
- GreyNoise
- Grip Security
- GYTPOL
- Have I Been Pwned
- HackerOne
- Halo Service Desk
- HiBob
- HubSpot
- Hunters
- Hybrid Analysis
- Hyperproof
- IBM CLoud
- IBM NS1 Connect
- IBM X Force
- Imperva
- Incident.io
- Infobip
- Infoblox Cloud Services Portal
- Intercom
- Intezer
- IP API
- IPinfo
- IPWHOIS
- Ivanti RiskSense
- Ironscales
- Jamf
- JetBrains
- JFrog
- Jira
- Jira Data Center
- Joe Sandbox
- JumpCloud
- Kandji
- Keeper Secrets Manager
- Kenna Security
- KnowBe4
- KnowBe4 Events
- Kubernetes
- Lacework
- LaunchDarkly
- Linear
- Litmos
- LogicMonitor
- LogRhythm
- Manage Engine ServiceDesk Plus
- Mattermost
- Maven
- Microsoft Defender For Cloud
- Microsoft Defender For Cloud Apps
- Microsoft Defender For Endpoints
- Microsoft Defender XDR
- Microsoft E-Discovery
- Microsoft Entra ID
- Microsoft Graph
- Microsoft Intune
- Microsoft Office 365 Management Activity
- Microsoft Outlook
- Microsoft Purview
- Microsoft Sentinel
- Microsoft SQL Server
- Microsoft Teams
- Mimecast
- MISP
- Monday
- MongoDB Atlas
- MxToolbox
- Neo4j
- NetBox
- Netography
- Netskope
- New Relic
- Nightfall AI
- NinjaOne
- Notion
- Nozomi Networks
- Nuclei
- Nucleus
- Nutanix Hypervisor
- Obsidian
- Okta
- OneDrive
- OneLogin
- OneTrust
- Oort
- OpenAI
- OpenCTI
- Opsgenie
- OPSWAT
- Oracle Cloud
- Oracle HCM
- Orca Security
- OWASP ZAP
- PagerDuty
- Palo Alto NGFW
- Palo Alto Firewall
- Panther
- Pentera
- Perception Point
- PhishLabs
- PhishLabs Incident Data
- PhishLabs Open Web Monitoring
- Pingdom
- PingID
- PingOne
- PlexTrac
- PortSwigger
- Power BI
- PowerShell
- Postman
- Postman SCIM
- Prisma Access
- Prisma Cloud
- Prisma Cloud CWP
- Prometheus
- Proofpoint
- Proofpoint ITM
- Proofpoint Protection Server
- Proofpoint Security Awareness Training
- Proofpoint TAP
- Proofpoint TRAP
- Pub-Sub
- QRadar
- Qualys
- Rapid7
- Rapid7 InsightIDR
- Rapid7 InsightVM Cloud
- Rapid7 Threat Command
- Reco
- Recorded Future
- Recorded Future Triage Cloud
- Red Hat IDM
- Rippling
- runZero
- SafeBase
- Sage HR
- SailPoint
- SailPoint IdentityIQ
- Salesforce
- SAP Ariba
- ScienceLogic
- Securin
- Securin VI
- SecurityScorecard
- Securonix
- Sekoia.io
- SemGrep
- SentinelOne
- ServiceNow
- SharePoint
- Shodan
- Shopify
- Silverfort
- Slack
- Smartsheet
- Snipe IT
- Snowflake
- Snyk
- SolarWinds Service Desk
- SonarQube
- Sophos
- Split
- Splunk
- Splunk Observability
- Splunk SOAR
- Spur
- StrongDM
- Sumo Logic
- Symantec EDR
- Sysdig
- Tableau
- Tanium
- TeamCity
- TeamViewer
- Telegram
- Tenable
- Tenable Security Center
- Terraform
- Terraform Cloud
- Tessian
- TheHive
- Thinkst Canary
- ThreatQuotient
- Trellix Email Security
- Trello
- Trend Vision One
- Twilio
- UKG HR
- Uptycs
- URLScan
- Vault
- Veracode
- Verkada
- Vertica
- VMware vSphere
- VMware Carbon Black
- VirusTotal
- WeChat
- WhatsApp
- WhoIs
- WildFire
- Wiz
- Workday
- Workspace ONE UEM
- YesWeHack
- Zendesk
- Zero Networks
- Zoom
- Zscaler Internet Access
- Zscaler Private Access
Actions
List Security Events
List security events from Defender, Guardian, and Architect.
External Documentation
To learn more, visit the Tessian documentation.
Parameters
Parameter | Description |
---|---|
Created After | Only include events that were created after this time. You should use either this parameter, or the after_checkpoint parameter, but not both at once.If this parameter is provided, but no events are returned, the checkpoint will behave as if no checkpoint was provided at all. |
Limit | The maximum number of events to return. |
Pagination Cursor | Use with the output of the checkpoint field to retrieve the next set of events. |
Example Output
{
"additional_results": false,
"checkpoint": "This value can be provided to a subsequent request via the `after_checkpoint` query parameter to ensure that events from this request are not returned in future responses. This allows clients to paginate through results.\n",
"results": [
{
"created_at": "When the event was created in UTC.",
"guardian_details": {
"admin_action": "The most recent action taken by an admin on this event.",
"anomalous_attachments": [
"string"
],
"anomalous_recipients": [
"email"
],
"breach_prevented": false,
"final_outcome": "The final outcome of the email. `null` if it has not yet been determined.",
"flag_reason": "The reason that Guardian flagged this email as being misdirected.",
"justifications": [
"string"
],
"misattached_file_reasons": [
"string"
],
"suggested_recipients": [
"email"
],
"triggered_filter_ids": [
"string"
],
"triggered_filter_names": [
"string"
],
"type": "The type of Guardian event.",
"user_responses": [
"string"
],
"user_shown_message": false
},
"id": "A unique identifier for the event.",
"outbound_email_details": {
"attachments": {
"bytes": 0,
"count": 0,
"names": [
"string"
]
},
"changes_made": {},
"final_outcome": "The final outcome of the email. `null` if it has not yet been determined.",
"from": "email",
"message_id": "The email's Message-ID. This field is `null` if no Message-ID was ever assigned to the email (for example if the Tessian outlook addin prevented the email from ever being sent).\n",
"recipients": {
"all": [
"email"
],
"bcc": [
"email"
],
"cc": [
"email"
],
"count": 0,
"to": [
"email"
]
},
"reply_to": [
"email"
],
"send_time": "The time that the email was sent or a send attempt was made in UTC.",
"subject": "The subject of the email.",
"subsequent_action": "The user's subsequent action after responding to the Tessian warning message.",
"tessian_action": "The action Tessian took when the user tried to send the email. If multiple modules triggered, the action might be the result of another module (i.e. not the module described by this event).\n",
"tessian_id": "A unique identifier assigned to the email by Tessian. Similar in concept to an email's Message-ID except it is guaranteed to always be assigned (even if the email was never sent).\n",
"transmitter": "email"
},
"portal_link": "A HTTP link to the Tessian portal where further information about to this event can be viewed.\n",
"type": "The type of event.",
"updated_at": "When the event was last updated in UTC. Creation is counted as an update."
}
]
}
Workflow Library Example
List Security Events with Tessian and Send Results Via Email
Preview this Workflow on desktop
Was this page helpful?
On this page