Skip to main content
Retrieve a paginated list of accounts with optional filtering.
External DocumentationTo learn more, visit the Vectra Detect documentation.

Basic Parameters

ParameterDescription
FieldsA comma-separated list of fields to include in the response. When omitted all fields are returned.
NameFilter accounts by their name.
PageThe page number to return.
Page SizeThe maximum number of results to return.
Return All PagesAutomatically fetch all resources, page by page.
SortOrder results by a specific attribute.

Note: Results are sorted in ascending order by default. Add a leading - (minus sign) to sort in descending order instead.
StateFilter accounts by their state.

Advanced Parameters

ParameterDescription
Certainty ScoreFilter accounts by their certainty score.
Certainty Score Greater Than or Equal ToOnly return accounts with a certainty score greater than or equal to the specified value.
Maximum IDReturn only accounts whose ID is less than or equal to the specified value.
Minimum IDReturn only accounts whose ID is greater than or equal to the specified value.
Note Modified Timestamp Greater Than or Equal ToOnly return accounts with a note modified timestamp greater than or equal to the specified value.
Privilege CategoryFilter accounts by their privilege category.
Privilege LevelFilter accounts by their exact privilege level.
Privilege Level Greater Than or Equal ToOnly return accounts with a privilege level greater than or equal to the specified value.
T ScoreFilter accounts by their threat score.
TagsFilter accounts based on their tags.

Note: Accounts that match any of the specified tags will be returned.
Threat Score Greater Than or Equal ToOnly return accounts with a threat score greater than or equal to the specified value.

Example Output

{
	"count": 0,
	"next": "https://dummy.link",
	"previous": "https://dummy.link",
	"results": [
		{
			"id": 1,
			"url": "https://dummy.link",
			"name": "string",
			"state": "active",
			"threat": 80,
			"certainty": 80,
			"severity": "medium",
			"account_type": [
				"kerberos"
			],
			"tags": [
				"string"
			],
			"note": "string",
			"note_modified_by": "string",
			"note_modified_timestamp": "2022-01-01T00:00:00Z",
			"notes": [
				{
					"id": 1,
					"date_created": "2022-01-01T00:00:00Z",
					"date_modified": "2022-01-01T00:00:00Z",
					"created_by": "string",
					"modified_by": "string",
					"note": "string"
				}
			],
			"privilege_level": 8,
			"privilege_category": "Medium",
			"last_detection_timestamp": "2022-01-01T00:00:00Z",
			"detection_set": [
				"https://dummy.link"
			],
			"probable_home": "string",
			"assignment": {
				"id": 1,
				"assigned_by": {
					"id": 123,
					"username": "SAML:[email protected]"
				},
				"date_assigned": "2022-01-01T00:00:00Z",
				"date_resolved": "2022-01-01T00:00:00Z",
				"events": [
					{
						"assignment_id": 1,
						"actor": 1,
						"event_type": "created",
						"datetime": "2022-01-01T00:00:00Z",
						"context": {
							"from": 1,
							"to": 1,
							"entity_c_score": 80,
							"entity_t_score": 80,
							"triage_as": "string",
							"triaged_detection_ids": [
								1
							],
							"fixed_detection_ids": [
								1
							],
							"created_rule_ids": [
								1
							]
						}
					}
				],
				"outcome": {
					"id": 1,
					"builtin": true,
					"user_selectable": true,
					"title": "string",
					"category": "benign_true_positive"
				},
				"resolved_by": {
					"id": 123,
					"username": "SAML:[email protected]"
				},
				"triaged_detections": [
					1
				],
				"host_id": 1,
				"account_id": 1,
				"assigned_to": {
					"id": 123,
					"username": "SAML:[email protected]"
				}
			},
			"past_assignments": [
				{
					"id": 1,
					"assigned_by": {
						"id": 123,
						"username": "SAML:[email protected]"
					},
					"date_assigned": "2022-01-01T00:00:00Z",
					"date_resolved": "2022-01-01T00:00:00Z",
					"events": [
						{
							"assignment_id": 1,
							"actor": 1,
							"event_type": "created",
							"datetime": "2022-01-01T00:00:00Z",
							"context": {
								"from": 1,
								"to": 1,
								"entity_c_score": 80,
								"entity_t_score": 80,
								"triage_as": "string",
								"triaged_detection_ids": [
									1
								],
								"fixed_detection_ids": [
									1
								],
								"created_rule_ids": [
									1
								]
							}
						}
					],
					"outcome": {
						"id": 1,
						"builtin": true,
						"user_selectable": true,
						"title": "string",
						"category": "benign_true_positive"
					},
					"resolved_by": {
						"id": 123,
						"username": "SAML:[email protected]"
					},
					"triaged_detections": [
						1
					],
					"host_id": 1,
					"account_id": 1,
					"assigned_to": {
						"id": 123,
						"username": "SAML:[email protected]"
					}
				}
			],
			"sensors": [
				"string"
			]
		}
	]
}

Workflow Library Example

List Accounts with Vectra Detect and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop