Cybereason

the cybereason connector enables seamless integration with swimlane turbine, allowing automated threat detection and response workflows cybereason is a leader in endpoint protection and cyber attack prevention the cybereason turbine connector enables users to automate the management of isolation rules, retrieve detailed threat intelligence, and conduct comprehensive scans across endpoints by integrating with cybereason, swimlane turbine users can enhance their security posture with streamlined incident response and proactive threat hunting capabilities, leveraging cybereason's powerful ai hunting engine and endpoint security features directly within their security workflows limitations none to date supported versions this cybereason connector uses the latest version api additional docs cybereason authentication link https //nest cybereason com/documentation/api documentation/all versions/log apicybereason api documentation link https //nest cybereason com/documentation/api documentation/all versions/cybereason api guide configuration prerequisites to effectively utilize the cybereason connector within swimlane turbine, ensure you have the following prerequisites cybereason custom authentication with the following parameters url endpoint url for the cybereason api username your cybereason account username password your cybereason account password authentication methods custom authentication url the base url for your server, including port 8443, should be in the format https // 8443 username your cybereason username password the password for your cybereason username capabilities this cybereason connector provides the following capabilities create an isolation rule delete an isolation rule get ai hunting malops only get all malops get all malops for environments query sensors retrieve a list of isolation rules retrieve all malops of all types set anti malware mode set anti ransomware mode start or stop a full or quick scan update an isolation rule create an isolation rule creates an isolation exception rule you must have the l3 analyst or system admin role assigned to use this request cybereason documentation for this action can be found here https //nest cybereason com/documentation/api documentation/all versions/create isolation exception rule delete an isolation rule deletes an isolation exception rule you must have the l3 analyst or system admin role assigned to use this request cybereason documentation for this action can be found here https //nest cybereason com/documentation/api documentation/all versions/delete isolation exception rule get ai hunting malops only retrieve only the malops results from cybereason's ai hunting engine, using specified criteria in the json body when you are monitoring security threats in your environment, it is important to regularly view and respond to new or existing malops the cybereason api enables you to obtain a list of malops and see details about these malicious operations cybereason documentation for this action can be found here https //developer atlassian com/cloud/jira/service desk/rest/api group request/#api rest servicedeskapi request post get all malops retrieve all malicious operation data from cybereason, including details and status for analysis and response cybereason documentation for this action can be found here https //developer atlassian com/cloud/jira/service desk/rest/api group request/#api rest servicedeskapi request post get all malops for environments retrieve all malicious operations (malops) for environments using cybereason's new data platform infrastructure cybereason documentation for this action can be found here https //developer atlassian com/cloud/jira/service desk/rest/api group request/#api rest servicedeskapi request post query sensors sends a request to return details on all or a selected group of sensors you are limited to retrieving 30,000 sensors in a single request you must be assigned the system admin role, system viewer, policy admin, sensor admin l1, or sensor viewer role (if your cybereason environment uses sensor grouping) to send requests to this endpoint url cybereason documentation for this action can be found here https //nest cybereason com/documentation/api documentation/all versions/query sensors retrieve a list of isolation rules retrieves a list of all rules for isolating specific machines you must have the l3 analyst, system admin, system viewer, or sensor admin l1 role assigned to use this request cybereason documentation for this action can be found here https //nest cybereason com/documentation/api documentation/all versions/retrieve isolation exeption rules retrieve all malops of all types returns details about all ai hunt malops and endpoint protection malops in your environment cybereason documentation for this action can be found here https //nest cybereason com/documentation/api documentation/all versions/retrieve all malops all types legacy set anti malware mode sets the anti ransomware mode for all sensors or a group of filtered sensors you must be assigned the system admin role, policy admin, or sensor admin l1 role (if your cybereason environment uses sensor grouping) to send requests to this endpoint url cybereason documentation for this action can be found here https //nest cybereason com/documentation/api documentation/all versions/set anti malware mode set anti ransomware mode sets the anti malware mode for all sensors or a group of filtered sensors you must be assigned the system admin role, policy admin, or sensor admin l1 role (if your cybereason environment uses sensor grouping) to send requests to this endpoint url cybereason documentation for this action can be found here https //nest cybereason com/documentation/api documentation/all versions/set anti ransomware mode start or stop a full or quick scan retrieve only the malops results from cybereason's ai hunting engine, using specified criteria in the json body when you are monitoring security threats in your environment, it is important to regularly view and respond to new or existing malops the cybereason api enables you to obtain a list of malops and see details about these malicious operations cybereason documentation for this action can be found here https //nest cybereason com/documentation/api documentation/all versions/start or stop full or quick scan update an isolation rule updates an isolation exception rule you must have the l3 analyst or system admin role assigned to use this request cybereason documentation for this action can be found here https //nest cybereason com/documentation/api documentation/all versions/update isolation exception rule configurations cybereason custom authentication cybereason custom authentication using username and password configuration parameters parameter description type required url the base url for your server, including port 8443, should be in the format https // 8443 string required username your cybereason username string required password the password for your cybereason username string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create an isolation rule create an isolation exception rule in cybereason for a specified ip address, requiring an ip address string endpoint url /rest/settings/isolation rule method post input argument name type required description ipaddress string optional the ip address of the machine to which the rule applies ipaddressstring string required the ip address of the machine to which the rule applies domain string optional domain port number optional optional if the ipaddressstring parameter exists the port by which cybereason communicates with an isolated machine, according to the rule direction string optional the direction of the allowed communication lastupdated number optional the epoch timestamp for the last update time for the rule blocking boolean optional states whether communication with the given ip or port is allowed set to true if communication is blocked output parameter type description status code number http status code of the response reason string response reason phrase ruleid string unique identifier ipaddress string output field ipaddress ipaddressstring string output field ipaddressstring domain string output field domain ports string output field ports direction string output field direction lastupdated number output field lastupdated groupids array unique identifier description string output field description lastupdatedby string output field lastupdatedby blocking boolean output field blocking example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31536000;includesubdomains", "x frame options" "deny", "x content type options" "nosniff", "cache control" "no cache, no store, must revalidate", "vary" "accept encoding", "content encoding" "gzip", "content type" "application/json", "content length" "205", "date" "mon, 03 feb 2025 10 41 08 gmt", "keep alive" "timeout=60", "connection" "keep alive" }, "reason" "", "json body" { "ruleid" "67a09d441cefd54a538189be", "ipaddress" "aqebag==", "ipaddressstring" "1 1 1 2", "domain" null, "ports" "0", "direction" "all", "lastupdated" 1738579268053, "groupids" null, "description" null, "lastupdatedby" "greg sherman\@swimlane com", "blocking" false } } ] delete an isolation rule removes a specific isolation exception rule in cybereason by utilizing the provided ruleid and lastupdated values endpoint url /rest/settings/isolation rule/delete method post input argument name type required description ruleid string required id of isolation exception rule port number optional optional if the ipaddressstring parameter exists the port by which cybereason communicates with an isolated machine, according to the rule blocking boolean optional states whether communication with the given ip or port is allowed set to true if communication is blocked direction string optional the direction of the allowed communication lastupdated number required the epoch timestamp for the last update time for the rule ipaddressstring string optional the ip address of the machine to which the rule applies output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31536000;includesubdomains", "x frame options" "deny", "x content type options" "nosniff", "cache control" "no cache, no store, must revalidate", "content length" "0", "date" "mon, 03 feb 2025 10 27 10 gmt", "keep alive" "timeout=60", "connection" "keep alive" }, "reason" "", "response text" "" } ] get ai hunting malops only retrieve only the malops results from cybereason's ai hunting engine using specified criteria endpoint url /rest/crimes/unified method post input argument name type required description totalresultlimit number optional this parameter limits the total number of malops returned in the response if you want to speed up the response time and limit the stress on your servers, set this limit appropriately pergrouplimit number optional in some responses, if the response contains a large number of similar responses, these items are grouped accordingly to help you aggregate and view the results in a more efficient way perfeaturelimit number optional this is the number of responses for a specific feature templatecontext string optional parameter for get ai hunting malops only querypath array optional parameter for get ai hunting malops only requestedtype string optional type of the resource isresult boolean optional result of the operation filters array optional parameter for get ai hunting malops only facetname string optional name of the resource filtertype string optional type of the resource values array optional value for the parameter output parameter type description status code number http status code of the response reason string response reason phrase data object response data resultidtoelementdatamap object response data 11 5133381726858807240 object output field 11 5133381726858807240 simplevalues object value for the parameter hasransomwaresuspendedprocesses object output field hasransomwaresuspendedprocesses decisionfeature object output field decisionfeature rootcauseelementcompanyproduct object output field rootcauseelementcompanyproduct malopstarttime object time value detectiontype object type of the resource malopactivitytypes object type of the resource elementdisplayname object name of the resource creationtime object time value isblocked object output field isblocked rootcauseelementtypes object type of the resource rootcauseelementnames object name of the resource maloplastupdatetime object time value allransomwareprocessessuspended object output field allransomwareprocessessuspended rootcauseelementhashes object output field rootcauseelementhashes managementstatus object status value closetime object time value closername object name of the resource customclassification object output field customclassification elementvalues object value for the parameter example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "data" {}, "status" "active", "hidepartialsuccess" true, "message" "string", "expectedresults" 123, "failures" 123, "failedserversinfo" {} } } ] get all malops gather comprehensive malicious operation data from cybereason, providing essential details for analysis and incident response endpoint url /rest/detection/inbox method post input argument name type required description starttime number optional time value endtime number optional time value output parameter type description status code number http status code of the response reason string response reason phrase malops array output field malops machinecountermodel object output field machinecountermodel totalmachines number output field totalmachines onlineinfectedcount number count value onlinecleancount number count value offlineinfectedcount number count value offlinecleancount number count value example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31536000;includesubdomains", "x frame options" "deny", "x content type options" "nosniff", "cache control" "no cache, no store, must revalidate", "vary" "accept encoding", "content encoding" "gzip", "content type" "application/json", "content length" "113", "date" "mon, 03 feb 2025 09 59 43 gmt", "keep alive" "timeout=60", "connection" "keep alive" }, "reason" "", "json body" { "malops" \[], "machinecountermodel" {} } } ] get all malops for environments retrieve all malicious operations (malops) across environments from cybereason's data platform infrastructure endpoint url /rest/mmng/v2/malops method post input argument name type required description search object optional parameter for get all malops for environments malop object optional parameter for get all malops for environments guid string optional unique identifier range object optional parameter for get all malops for environments from number optional parameter for get all malops for environments to number optional parameter for get all malops for environments pagination object optional parameter for get all malops for environments pagesize number optional parameter for get all malops for environments offset number optional parameter for get all malops for environments federation object optional parameter for get all malops for environments groups array optional parameter for get all malops for environments sort array optional parameter for get all malops for environments field string optional parameter for get all malops for environments order string optional parameter for get all malops for environments output parameter type description status code number http status code of the response reason string response reason phrase data object response data pagesize number output field pagesize pages number output field pages offset number output field offset totalhits number output field totalhits token string output field token data array response data guid string unique identifier displayname string name of the resource creationtime number time value lastupdatetime number time value metadataupdatetime number response data decisionstatuses array status value detectionengines array output field detectionengines mitretactics array output field mitretactics mitretechniques array output field mitretechniques mitresubtechniques array output field mitresubtechniques rootcauseelementhashes array output field rootcauseelementhashes iocs array output field iocs detectiontypes array type of the resource labels array output field labels investigationstatus string status value closername object name of the resource example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "data" {}, "status" "active" } } ] query sensors retrieve a specific subset of sensor details from cybereason using limit and offset parameters, with a maximum of 30,000 sensors endpoint url /rest/sensors/query method post input argument name type required description limit number required the number of sensors to return in the list of sensors for the response the maximum limit for this parameter is 30,000 offset number required the position in the list of sensors on which to start retrieving sensors for example, if you set the limit parameter to 100, if you set the offset parameter to 1, the list of sensors returned will begin with the sensor in the position 101 in the list set to 0 to receive the first limit set of sensors sortdirection string optional the order in which to receive results valid values are asc (ascending) or desc (descending) filters array optional an object containing details on the filter to apply to return a select group of sensors see readme for more details fieldname string optional name of the resource operator string optional use the following operators with the respective filters object, depending on the parameter you use in the filters object values array optional value for the parameter output parameter type description status code number http status code of the response reason string response reason phrase totalresults number result of the operation sensorsstatus object status value @class string output field @class onlinecount number count value offlinecount number count value stalecount number count value archivedcount number count value turnedoncount number count value turnedoffcount number count value suspendedcount number count value advancedcount number count value outdatedcount number count value serviceerrorcount number error message if any sensors array output field sensors sensorid string unique identifier pylumid string unique identifier guid string unique identifier fqdn string output field fqdn machinename string name of the resource internalipaddress string output field internalipaddress externalipaddress string output field externalipaddress sitename string name of the resource siteid number unique identifier example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "totalresults" 123, "sensorsstatus" {}, "sensors" \[], "hasmoreresults" true } } ] retrieve a list of isolation rules retrieve a comprehensive list of isolation rules configured within the cybereason platform endpoint url /rest/settings/isolation rule method get output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "cache control" "no cache, no store, must revalidate", "strict transport security" "max age=31536000;includesubdomains", "x frame options" "deny", "x content type options" "nosniff", "vary" "accept encoding", "content encoding" "gzip", "content type" "application/json", "content length" "1049", "date" "mon, 03 feb 2025 10 17 37 gmt", "keep alive" "timeout=60", "connection" "keep alive" }, "reason" "", "json body" \[ { "ruleid" "5e859886e4b0ce8c6bed5012", "ipaddress" "ndvlyw==", "ipaddressstring" "52 59 229 203", "domain" null, "ports" "0", "direction" "incoming", "lastupdated" 1585813712900, "groupids" null, "description" null, "lastupdatedby" null, "blocking" false }, { "ruleid" "5f07942fe4b042b46acf4c5f", "ipaddress" "wkizeq==", "ipaddressstring" "192 168 153 17", "domain" null, "ports" "443", "direction" "all", "lastupdated" 1594332207330, "groupids" null, "description" null, "lastupdatedby" null, "blocking" true }, { "ruleid" "602eeb24e4b0d3b4e2404132", "ipaddress" "e3t7ew==", "ipaddressstring" "123 123 123 123", "domain" null, "ports" "1", "direction" "incoming", "lastupdated" 1613687588215, "groupids" null, "description" null, "lastupdatedby" null, "blocking" true } ] } ] retrieve all malops of all types retrieves all ai hunt and endpoint protection malops from cybereason within a specified time range, using starttime and endtime parameters endpoint url /rest/detection/inbox method post input argument name type required description starttime number required the beginning time (in milliseconds) from which you want to retrieve malop that were active (both created and updated) endtime number required the ending time (in milliseconds) to which you want to retrieve malops (both created and updated) groupids string optional the group id(s) if the sensors from which you want to retrieve malops (from version 21 1 21 and later, for soc federation customers only) output parameter type description status code number http status code of the response reason string response reason phrase malops array output field malops guid string unique identifier status string status value displayname string name of the resource rootcauseelementtype string type of the resource rootcauseelementnamescount number name of the resource detectionengines array output field detectionengines detectiontypes array type of the resource malopdetectiontype string type of the resource machines array output field machines guid string unique identifier displayname string name of the resource ostype string type of the resource connected boolean output field connected isolated boolean output field isolated lastconnected number output field lastconnected users array output field users guid string unique identifier displayname string name of the resource admin boolean output field admin localsystem boolean output field localsystem domainuser boolean output field domainuser creationtime number time value example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31536000;includesubdomains", "x frame options" "deny", "x content type options" "nosniff", "cache control" "no cache, no store, must revalidate", "vary" "accept encoding", "content encoding" "gzip", "content type" "application/json", "content length" "113", "date" "mon, 03 feb 2025 05 23 13 gmt", "keep alive" "timeout=60", "connection" "keep alive" }, "reason" "", "json body" { "malops" \[], "machinecountermodel" {} } } ] set anti malware mode configures the anti malware mode in cybereason across sensors, utilizing the 'argument' parameter for specificity endpoint url /rest/sensors/action/set antimalware status method post input argument name type required description sensorsids array optional add the unique pylum id string value used for the sensor in the sensors ids filters array optional an object containing details on the filter to apply to return a select group of sensors see readme for more details fieldname string optional name of the resource operator string optional use the following operators with the respective filters object, depending on the parameter you use in the filters object values array optional value for the parameter argument object required parameter for set anti malware mode ammode string required setting for the general anti malware mode possible values include disabled, enabled, set by policy avmode string required the setting for the anti malware signatures mode possible values include disabled, detect, disinfect, set by policy aidetectmode string required the setting for the ai (artificial intelligence) detect mode possible values include disabled, cautious, moderate, aggressive, set by policy aipreventmode string required the setting for the ai prevent mode possible values include disabled, cautious, moderate, aggressive output parameter type description status code number http status code of the response reason string response reason phrase batchid number unique identifier actiontype string type of the resource actionarguments object output field actionarguments @class string output field @class configurationitemlist array output field configurationitemlist type string type of the resource name string name of the resource lastupdated number output field lastupdated modelsconfiguration array output field modelsconfiguration detectthresholdsmap object output field detectthresholdsmap disabled number output field disabled cautious number output field cautious moderate number output field moderate aggressive number output field aggressive preventthresholdsmap object output field preventthresholdsmap disabled number output field disabled cautious number output field cautious moderate number output field moderate aggressive number output field aggressive modelid string unique identifier reportthreshold number output field reportthreshold detectsensitivitylevel string output field detectsensitivitylevel preventsensitivitylevel string output field preventsensitivitylevel example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "batchid" 123, "actiontype" "string", "actionarguments" {}, "globalstats" {}, "finalstate" true, "totalnumberofprobes" 123, "initiatoruser" "string", "starttime" 123, "aborteruser" "string", "aborttime" 123, "aborttimeout" true, "aborthttpstatuscode" "active" } } ] set anti ransomware mode configures the anti ransomware mode on cybereason sensors or a specific group with a given 'argument' endpoint url /rest/sensors/action/setransomwaremode method post input argument name type required description sensorsids array optional add the unique pylum id string value used for the sensor in the sensors ids filters array optional an object containing details on the filter to apply to return a select group of sensors see readme for more details fieldname string optional name of the resource operator string optional use the following operators with the respective filters object, depending on the parameter you use in the filters object values array optional value for the parameter argument string required possible values include disable, detection only, suspend, remediate and default the default value is supported only for versions 17 5 and later output parameter type description status code number http status code of the response reason string response reason phrase batchid number unique identifier actiontype string type of the resource actionarguments array output field actionarguments globalstats object output field globalstats stats object output field stats failedsending number output field failedsending invalidstate number unique identifier proberemoved number output field proberemoved timeoutsending number output field timeoutsending pending number output field pending chunksrequired number output field chunksrequired msifilecorrupted number output field msifilecorrupted sendingmsi number output field sendingmsi newerinstalled number output field newerinstalled msisendfail number output field msisendfail partialresponse number output field partialresponse endedwithsensortimeout number output field endedwithsensortimeout failedsendingtoserver number output field failedsendingtoserver gettingchunks number output field gettingchunks aborted number output field aborted started number output field started inprogress number output field inprogress disconnected number output field disconnected example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31536000;includesubdomains", "x frame options" "deny", "x content type options" "nosniff", "cache control" "no cache, no store, must revalidate", "vary" "accept encoding", "content encoding" "gzip", "content type" "application/json", "content length" "2371", "date" "mon, 03 feb 2025 07 16 22 gmt", "keep alive" "timeout=60", "connection" "keep alive" }, "reason" "", "json body" { "batchid" 1305541032, "actiontype" "setransomewaremode", "actionarguments" \[], "globalstats" {}, "finalstate" false, "totalnumberofprobes" 1, "initiatoruser" "admin\@myserver com", "starttime" 1523876258432, "aborteruser" "", "aborttime" 0, "aborttimeout" false, "aborthttpstatuscode" "" } } ] start or stop a full or quick scan initiates or halts a full or quick scan on cybereason sensors for all, groups, or specific targets endpoint url /rest/sensors/action/schedulerscan method post input argument name type required description sensorsids array optional add the unique pylum id string value used for the sensor in the sensors ids filters array optional an object containing details on the filter to apply to return a select group of sensors see readme for more details fieldname string optional name of the resource operator string optional use the following operators with the respective filters object, depending on the parameter you use in the filters object values array optional value for the parameter argument string required possible values include full, quick, stop output parameter type description status code number http status code of the response reason string response reason phrase batchid number unique identifier actiontype string type of the resource actionarguments array output field actionarguments globalstats object output field globalstats stats object output field stats chunksrequired number output field chunksrequired succeeded number output field succeeded proberemoved number output field proberemoved endedwithtoomanyresults number result of the operation failedsending number output field failedsending timeoutsending number output field timeoutsending unknownprobe number output field unknownprobe failedsendingtoserver number output field failedsendingtoserver sendingplatform number output field sendingplatform badargument number output field badargument endedwithsensortimeout number output field endedwithsensortimeout uninstallerlaunchfailure number output field uninstallerlaunchfailure aborting number output field aborting osnotsupportedforuninstallation number output field osnotsupportedforuninstallation msifilecorrupted number output field msifilecorrupted upgradepackagedownloaded number output field upgradepackagedownloaded none number output field none missingpackagefromfilesystem number output field missingpackagefromfilesystem example \[ { "status code" 200, "response headers" { "strict transport security" "max age=31536000;includesubdomains", "x frame options" "deny", "x content type options" "nosniff", "cache control" "no cache, no store, must revalidate", "vary" "accept encoding", "content encoding" "gzip", "content type" "application/json", "content length" "660", "date" "mon, 03 feb 2025 09 44 40 gmt", "keep alive" "timeout=60", "connection" "keep alive" }, "reason" "", "json body" { "batchid" 458665084, "actiontype" "schedulerscan", "actionarguments" \[], "globalstats" {}, "finalstate" false, "totalnumberofprobes" 1, "initiatoruser" "greg sherman\@swimlane com", "starttime" 1738575880935, "aborteruser" "", "aborttime" 0, "aborttimeout" false, "aborthttpstatuscode" "", "creatoruser" "greg sherman\@swimlane com" } } ] update an isolation rule updates an existing isolation exception rule in cybereason with a given rule id, ip address, and timestamp endpoint url /rest/settings/isolation rule method put input argument name type required description ruleid string required a unique identifier for the rule ipaddressstring string required the ip address of the machine to which the rule applies port number optional optional if the ipaddressstring parameter exists the port by which cybereason communicates with an isolated machine, according to the rule direction string optional the direction of the allowed communication lastupdated number required the epoch timestamp for the last update time for the rule blocking boolean optional states whether communication with the given ip or port is allowed set to true if communication is blocked output parameter type description status code number http status code of the response reason string response reason phrase ruleid string unique identifier ipaddress string output field ipaddress ipaddressstring string output field ipaddressstring domain string output field domain ports string output field ports direction string output field direction lastupdated number output field lastupdated groupids array unique identifier description string output field description lastupdatedby string output field lastupdatedby blocking boolean output field blocking example \[ { "status code" 200, "response headers" { "cache control" "no cache, no store, must revalidate", "strict transport security" "max age=31536000;includesubdomains", "x frame options" "deny", "x content type options" "nosniff", "vary" "accept encoding", "content encoding" "gzip", "content type" "application/json", "content length" "203", "date" "mon, 03 feb 2025 11 23 59 gmt", "keep alive" "timeout=60", "connection" "keep alive" }, "reason" "", "json body" { "ruleid" "67a09d441cefd54a538189be", "ipaddress" "aqebag==", "ipaddressstring" "1 1 1 2", "domain" null, "ports" "0", "direction" "all", "lastupdated" 1738581840168, "groupids" null, "description" null, "lastupdatedby" "greg sherman\@swimlane com", "blocking" true } } ] response headers header description example cache control directives for caching mechanisms no cache, no store, must revalidate connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 660 content type the media type of the resource application/json date the date and time at which the message was originated mon, 03 feb 2025 11 23 59 gmt duration http response header duration 198 keep alive http response header keep alive timeout=60 strict transport security http response header strict transport security max age=31536000;includesubdomains transfer encoding http response header transfer encoding chunked vary http response header vary accept encoding x content type options http response header x content type options nosniff x frame options http response header x frame options deny notes filter field example the filters field allows users to apply specific conditions when querying data each filter consists of the following attributes fieldname the name of the field to filter on (e g , "outdated") operator the comparison operator used for filtering (e g , "equals") values an array of values to compare against (e g , \["true"]) example "filters" \[ { "fieldname" "outdated", "operator" "equals", "values" \["true"] } ] for additional filter options, please check the action documentation under the request parameters section