Deep Visibility Get Events By Query ID

7 min

description retrieves all deep visibility events associated with a given queryid in sentinelone after an 'init query' operation endpoint url web/api/v2 1/dv/events method get inputs parameters (object) – required queryid (string) – required limit (number) sortorder (string) cursor (string) cursor position returned by the last request should be used instead of skip cursor currently supports sort by with createdat, pid, processstarttime skip (string) skip first number of items (0 1000) to iterate over more than 1000 items, use "cursor" sortby (string) events sorted by field subquery (string) create a sub query to run on the data that was already pulled output example \[ { "status code" 400, "response headers" { "server" "nginx", "date" "wed, 16 nov 2022 20 00 44 gmt", "content type" "application/json", "content length" "97", "connection" "keep alive", "access control allow origin" "https //attivo us sentinelone net", "access control allow credentials" "true", "vary" "origin", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "sameorigin", "x content type options" "nosniff", "content security policy" "default src 'self' ; connect src 'self' cdn pendo io app pendo io pendo io data pendo io storage googleapis com sentry io sentry io google analytics com gstatic com unpkg com cdn auth0 com wss\ // sentinelone net https //www googletagmanager com https //cdnjs cloudflare com data ; script src 'self' 'unsafe inline' 'unsafe eval' cdn pendo io app pendo io pendo io static storage googleapis com cdn pendo io storage googleapis com data pendo io https //www google analytics com https //www googletagmanager com https //unpkg com https //cdnjs cloudflare com ; img src 'self' data https //www google analytics com cdn pendo io app pendo io sentinelone com storage googleapis com data pendo io ; style src 'self' 'unsafe inline' app pendo io cdn pendo io storage googleapis com https //fonts googleapis com https //cdnjs cloudflare com ; font src 'self' data https //fonts gstatic com https //cdn auth0 com ; frame src 'self' blob https //receptive io https // pendo io https //pendo io extensions storage googleapis com/ https // youtube com ; frame ancestors 'self' app pendo io ; object src 'none'" }, "reason" "bad request", "json body" { "data" \[ { "networkmethod" "string", "indicatorcategory" "string", "agentversion" "string", "agentuuid" "string", "createdat" "2018 02 27t04 49 26 257525z", "agentmachinetype" "string", "forensicurl" "string", "filesize" "string", "parentprocessuniquekey" "string", "filetype" "string", "taskpath" "string", "oldfilemd5" "string", "filemd5" "string", "truecontext" "string", "verifiedstatus" "string", "processisredirectedcommandprocessor" "string", "agentisdecommissioned" true, "oldfilename" "string", "indicatormetadata" "string", "dstip" "string", "parentprocessname" "string", "processimagepath" "string", "sha1" "string", "srcprocdownloadtoken" "string", "parentprocessismalicious" true, "registryid" "string", "processsubsystem" "string", "filefullname" "string", "indicatorname" "string", "filesha256" "string", "rpid" "string", "fileid" "string", "indicatordescription" "string", "processname" "string", "agentinfected" true, "srcip" "string", "direction" "string", "eventtype" "string", "processuniquekey" "string", "parentpid" "string", "agentdomain" "string", "processcmd" "string", "srcport" 0, "agentname" "string", "registrypath" "string", "networksource" "string", "connectionstatus" "string", "processiswow64" "string", "agentisactive" true, "agentgroupid" "string", "dnsrequest" "string", "processintegritylevel" "string", "agentip" "string", "isagentversionfullysupportedforpg" true, "processusername" "string", "parentprocessgroupid" "string", "oldfilesha256" "string", "isagentversionfullysupportedforpgmessage" "string", "threatstatus" "string", "sitename" "string", "loginsbasetype" "string", "processdisplayname" "string", "parentprocessstarttime" "string", "taskname" "string", "filesha1" "string", "processstarttime" "string", "pid" "string", "md5" "string", "dnsresponse" "string", "sha256" "string", "objecttype" "string", "dstport" 0, "networkurl" "string", "publisher" "string", "processimagesha1hash" "string", "loginsusername" "string", "processsessionid" "string", "signedstatus" "string", "processroot" "string", "processgroupid" "string", "oldfilesha1" "string", "agentos" "windows legacy", "tid" "string", "user" "string", "agentnetworkstatus" "string", "id" "string", "relatedtothreat" "string", "processismalicious" true, "signaturesignedinvalidreason" "string", "agentid" "string" } ], "pagination" { "totalitems" 580, "nextcursor" "ywdlbnrfawq6ntgwmjkzode=" } } } ] output parameters status code (number) reason (string) json body (object) data (array) networkmethod (string) indicatorcategory (string) agentversion (string) agentuuid (string) createdat (string) agentmachinetype (string) forensicurl (string) filesize (string) parentprocessuniquekey (string) filetype (string) taskpath (string) oldfilemd5 (string) filemd5 (string) truecontext (string) verifiedstatus (string) processisredirectedcommandprocessor (string) agentisdecommissioned (boolean) oldfilename (string) indicatormetadata (string) dstip (string) parentprocessname (string) processimagepath (string) sha1 (string) srcprocdownloadtoken (string) parentprocessismalicious (boolean) registryid (string) processsubsystem (string) filefullname (string) indicatorname (string) filesha256 (string) rpid (string) fileid (string) indicatordescription (string) processname (string) agentinfected (boolean) srcip (string) direction (string) eventtype (string) processuniquekey (string) parentpid (string) agentdomain (string) processcmd (string) srcport (number) agentname (string) registrypath (string) networksource (string) connectionstatus (string) processiswow64 (string) agentisactive (boolean) agentgroupid (string) dnsrequest (string) processintegritylevel (string) agentip (string) isagentversionfullysupportedforpg (boolean) processusername (string) parentprocessgroupid (string) oldfilesha256 (string) isagentversionfullysupportedforpgmessage (string) threatstatus (string) sitename (string) loginsbasetype (string) processdisplayname (string) parentprocessstarttime (string) taskname (string) filesha1 (string) processstarttime (string) pid (string) md5 (string) dnsresponse (string) sha256 (string) objecttype (string) dstport (number) networkurl (string) publisher (string) processimagesha1hash (string) loginsusername (string) processsessionid (string) signedstatus (string) processroot (string) processgroupid (string) oldfilesha1 (string) agentos (string) tid (string) user (string) agentnetworkstatus (string) id (string) relatedtothreat (string) processismalicious (boolean) signaturesignedinvalidreason (string) agentid (string) pagination (object) totalitems (number) nextcursor (string) response headers header type server string date string content type string content length string connection string access control allow origin string access control allow credentials string vary string strict transport security string x frame options string x content type options string content security policy string

Deep Visibility Create Query and Get Query ID

Delete Blocklist Item