Skip to main content
Retrieve a list of detections with optional filtering.
External DocumentationTo learn more, visit the Upwind documentation.

Basic Parameters

ParameterDescription
CategoryThe category to filter results by.
Organization IDThe ID of the organization.
PageThe page number to get results from.
Per PageThe maximum number of results to return per page.
Return All PagesAutomatically fetch all resources, page by page.
SeverityThe severity of the detection to filter results by.
TypeThe type of detection to filter results by.

Advanced Parameters

ParameterDescription
Max First Seen TimeThe date and time used to filter results that were first seen on or before this value.
Max Last Seen TimeThe date and time used to filter results that were last seen on or before this value.
Min First Seen TimeThe date and time used to filter results that were first seen on or after this value.
Min Last Seen TimeThe date and time used to filter results that were last seen on or after this value.

Example Output

[
	{
		"id": "string",
		"type": "string",
		"category": "NETWORK",
		"severity": "LOW",
		"status": "PENDING",
		"title": "string",
		"description": "string",
		"resource": {
			"id": "string",
			"external_id": "string",
			"name": "string",
			"type": "string",
			"cloud_provider": "AWS",
			"region": "string",
			"cluster_id": "string",
			"cloud_account_id": "string",
			"cloud_account_name": "string",
			"namespace": "string",
			"internet_exposure": {
				"ingress": {
					"active_communication": true
				}
			},
			"cloud_account_tags": [
				{
					"key": "string",
					"value": "string"
				}
			],
			"risk_categories": [
				"string"
			]
		},
		"triggers": [
			{
				"events": [
					{
						"id": "string",
						"description": "string",
						"event_type": "string",
						"event_time": "2024-07-29T15:51:28.071Z",
						"type": "string",
						"data": {
							"initiator": {
								"type": "string",
								"data": {
									"uid": "string",
									"groups": [
										"string"
									],
									"user_name": "string",
									"user_agent": "string",
									"source_ips": [
										"string"
									]
								}
							}
						}
					}
				],
				"policy_id": "string",
				"policy_name": "string"
			}
		],
		"first_seen_time": "2024-07-29T15:51:28.071Z",
		"last_seen_time": "2024-07-29T15:51:28.071Z",
		"occurrence_count": 0,
		"mitre_attacks": [
			{
				"tactic_id": "string",
				"tactic_name": "string",
				"technique_id": "string",
				"technique_name": "string"
			}
		]
	}
]

Workflow Library Example

List Detections with Upwind and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop