Skip to main content
Retrieve a paginated list of hosts with optional filtering.
External DocumentationTo learn more, visit the Vectra Detect documentation.

Basic Parameters

ParameterDescription
FieldsA comma-separated list of fields to include in the response. When omitted all fields are returned.
Mac AddressFilter hosts by their MAC address.
NameFilter hosts by their name.
PageThe page number to return.
Page SizeThe maximum number of results to return.
Return All PagesAutomatically fetch all resources, page by page.
SortOrder results by a specific attribute.

Note: Results are sorted in ascending order by default. Add a leading - (minus sign) to sort in descending order instead.
StateFilter hosts by their state.

Advanced Parameters

ParameterDescription
Active TrafficSelect to filter hosts that have generated active traffic within the last 2 hours.
Certainty ScoreFilter hosts by their certainty score.
Certainty Score Greater Than or Equal ToOnly return hosts with a certainty score greater than or equal to the specified value.
Key AssetSelect to filter by key asset.
Last Detection TimestampFilter hosts by their last detection timestamp.
Last Source IPFilter hosts by the IP address of their last source.
Maximum IDReturn only hosts whose ID is less than or equal to the specified value.
Minimum IDReturn only hosts whose ID is greater than or equal to the specified value.
Note Modified Timestamp Greater Than or Equal ToOnly return hosts with a note_modified_timestamp field value greater than or equal to the specified value.
Privilege CategoryFilter hosts by their privilege category.
Privilege LevelFilter hosts by their exact privilege level.
Privilege Level Greater Than or Equal ToOnly return hosts with a privilege level greater than or equal to the specified value.
TagsFilter hosts based on their tags.

Note: Hosts that match any of the specified tags will be returned.
Target Key AssetSelect to filter hosts by targeting key assets.
Threat ScoreFilter hosts by their threat score.
Threat Score Greater Than or Equal ToOnly return hosts with a threat score greater than or equal to the specified value.

Example Output

{
	"count": 0,
	"next": "https://dummy.link",
	"previous": "https://dummy.link",
	"results": [
		{
			"id": 1,
			"name": "string",
			"active_traffic": true,
			"threat": 80,
			"t_score": 80,
			"certainty": 80,
			"c_score": 80,
			"severity": "medium",
			"last_source": "192.168.1.55",
			"ip": "192.168.1.55",
			"previous_ips": [
				"string"
			],
			"last_detection_timestamp": "2022-01-01T00:00:00Z",
			"is_key_asset": true,
			"state": "active",
			"is_targeting_key_asset": true,
			"detection_set": [
				"https://dummy.link"
			],
			"host_artifact_set": [
				"string"
			],
			"sensor": "string",
			"sensor_name": "string",
			"tags": [
				"string"
			],
			"note": "string",
			"note_modified_by": "string",
			"note_modified_timestamp": "2022-01-01T00:00:00Z",
			"notes": [
				{
					"id": 1,
					"date_created": "2022-01-01T00:00:00Z",
					"date_modified": "2022-01-01T00:00:00Z",
					"created_by": "string",
					"modified_by": "string",
					"note": "string"
				}
			],
			"url": "https://dummy.link",
			"host_url": "https://dummy.link",
			"last_modified": "2022-01-01T00:00:00Z",
			"assigned_to": "string",
			"assigned_date": "2022-01-01T00:00:00Z",
			"groups": [
				"string"
			],
			"has_custom_model": true,
			"privilege_level": 8,
			"privilege_category": "Medium",
			"probable_owner": "string",
			"detection_profile": "string",
			"assignment": {
				"id": 1,
				"assigned_by": {
					"id": 123,
					"username": "SAML:[email protected]"
				},
				"date_assigned": "2022-01-01T00:00:00Z",
				"date_resolved": "2022-01-01T00:00:00Z",
				"events": [
					{
						"assignment_id": 1,
						"actor": 1,
						"event_type": "created",
						"datetime": "2022-01-01T00:00:00Z",
						"context": {
							"from": 1,
							"to": 1,
							"entity_c_score": 80,
							"entity_t_score": 80,
							"triage_as": "string",
							"triaged_detection_ids": [
								1
							],
							"fixed_detection_ids": [
								1
							],
							"created_rule_ids": [
								1
							]
						}
					}
				],
				"outcome": {
					"id": 1,
					"builtin": true,
					"user_selectable": true,
					"title": "string",
					"category": "benign_true_positive"
				},
				"resolved_by": {
					"id": 123,
					"username": "SAML:[email protected]"
				},
				"triaged_detections": [
					1
				],
				"host_id": 1,
				"account_id": 1,
				"assigned_to": {
					"id": 123,
					"username": "SAML:[email protected]"
				}
			},
			"past_assignments": [
				{
					"id": 1,
					"assigned_by": {
						"id": 123,
						"username": "SAML:[email protected]"
					},
					"date_assigned": "2022-01-01T00:00:00Z",
					"date_resolved": "2022-01-01T00:00:00Z",
					"events": [
						{
							"assignment_id": 1,
							"actor": 1,
							"event_type": "created",
							"datetime": "2022-01-01T00:00:00Z",
							"context": {
								"from": 1,
								"to": 1,
								"entity_c_score": 80,
								"entity_t_score": 80,
								"triage_as": "string",
								"triaged_detection_ids": [
									1
								],
								"fixed_detection_ids": [
									1
								],
								"created_rule_ids": [
									1
								]
							}
						}
					],
					"outcome": {
						"id": 1,
						"builtin": true,
						"user_selectable": true,
						"title": "string",
						"category": "benign_true_positive"
					},
					"resolved_by": {
						"id": 123,
						"username": "SAML:[email protected]"
					},
					"triaged_detections": [
						1
					],
					"host_id": 1,
					"account_id": 1,
					"assigned_to": {
						"id": 123,
						"username": "SAML:[email protected]"
					}
				}
			],
			"host_session_luids": [
				"string"
			],
			"host_luid": "string"
		}
	]
}

Workflow Library Example

List Hosts with Vectra Detect and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop