Skip to main content
Retrieve a paginated list of detections with optional filtering.
External DocumentationTo learn more, visit the Vectra Detect documentation.

Basic Parameters

ParameterDescription
DestinationFilter detections by the destination in the detection details set.
FieldsThe fields to include in the response.
PageThe page number to return.
Page SizeThe maximum number of results to return.
ProtocolFilter detections by the protocol in the detection details set.
Return All PagesAutomatically fetch all resources, page by page.
SortOrder results by a specific attribute.

Note: Results are sorted in ascending order by default. Add a leading - (minus sign) to sort in descending order instead.
StateFilter detections by their state.

Advanced Parameters

ParameterDescription
C-ScoreFilter detections by their c_score field.
C-Score Greater Than or Equal ToOnly return detections with a c_score field value greater than or equal to the specified value.
CategoryFilter detections by their category field.
CertaintyFilter detections by their certainty field.
Certainty Greater Than or Equal ToOnly return detections with a certainty field value greater than or equal to the specified value.
Detection CategoryFilter detections by their detection_category field.
Detection TypeFilter detections by their detection_type field.
Host IDFilter detections by the ID of the host object the detection is attributed to.
Is Targeting Key AssetFilters on detections targeting key assets.
Last TimestampFilter detections by their last_timestamp field.
Last Timestamp Greater Than or Equal ToOnly return detections with a last_timestamp field value greater than or equal to the specified value.
Maximum IDReturn only detections whose ID is less than or equal to the specified value.
Minimum IDReturn only detections whose ID is greater than or equal to the specified value.
Note Modified Timestamp Greater Than or Equal ToOnly return detections with a note_modified_timestamp field value greater than or equal to the specified value.
Source IPFilter detections by their source IP address.
T-ScoreFilter detections by their t_score field.
T-Score Greater Than or Equal ToOnly return detections with a t_score field value greater than or equal to the specified value.
TagsFilter detections based on their tags.

Note: Detections that match any of the specified tags will be returned.
ThreatFilter detections by their threat field.
Threat Greater Than or Equal ToOnly return detections with a threat field value greater than or equal to the specified value.

Example Output

{
	"count": 0,
	"next": "https://dummy.link",
	"previous": "https://dummy.link",
	"results": [
		{
			"id": 1,
			"url": "https://dummy.link",
			"detection_url": "https://dummy.link",
			"category": "INFO",
			"detection_category": "INFO",
			"detection": "Hidden HTTP Tunnel",
			"detection_type": "Hidden HTTP Tunnel",
			"custom_detection": "string",
			"description": "string",
			"src_ip": "192.168.1.55",
			"state": "active",
			"t_score": 80,
			"threat": 80,
			"c_score": 80,
			"certainty": 80,
			"created_timestamp": "2022-01-01T00:00:00Z",
			"first_timestamp": "2022-01-01T00:00:00Z",
			"last_timestamp": "2022-01-01T00:00:00Z",
			"targets_key_asset": true,
			"is_targeting_key_asset": true,
			"src_account": {},
			"src_host": {
				"id": 1,
				"ip": "192.168.1.55",
				"name": "string",
				"url": "https://dummy.link",
				"is_key_asset": true,
				"threat": 80,
				"certainty": 80,
				"groups": [
					"string"
				]
			},
			"note": "string",
			"note_modified_by": "string",
			"note_modified_timestamp": "2022-01-01T00:00:00Z",
			"notes": [
				{
					"id": 1,
					"date_created": "2022-01-01T00:00:00Z",
					"date_modified": "2022-01-01T00:00:00Z",
					"created_by": "string",
					"modified_by": "string",
					"note": "string"
				}
			],
			"sensor": 80,
			"sensor_name": 80,
			"tags": [
				"string"
			],
			"triage_rule_id": 0,
			"assigned_to": "string",
			"assigned_date": "2022-01-01T00:00:00Z",
			"groups": [
				"string"
			],
			"is_marked_custom": true,
			"is_custom_model": true,
			"filtered_by_ai": true,
			"filtered_by_user": true,
			"filtered_by_rule": true,
			"grouped_details": [
				"string"
			],
			"summary": {
				"uuids": [
					"string"
				],
				"num_attempts": 0
			}
		}
	]
}

Workflow Library Example

List Detections with Vectra Detect and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop