Get Blocklist Items

description retrieves all items in the sentinelone blocklist that meet specified filter criteria, such as hash values or threat ids endpoint url /web/api/v2 1/restrictions method get inputs parameters (object) accountids (string) list of account ids to filter by countonly (boolean) if true, only total number of items will be returned, without any of the actual objects createdat between (string) date range for creation time (format \<from timestamp> \<to timestamp>, inclusive) createdat gt (string) created after this timestamp createdat gte (string) created after or at this timestamp createdat lt (string) created before this timestamp createdat lte (string) created before or at this timestamp cursor (string) cursor position returned by the last request use to iterate over more than 1000 items description contains (string) free text filter by description groupids (string) list of group ids to filter by ids (string) list of ids to filter by imported (boolean) indication whether the hash was imported by a bulk operation or not includechildren (boolean) return filters from children scope levels includeparents (boolean) return filters from parent scope levels limit (string) limit number of returned items (1 1000) modes (string) list of modes to filter by (path exclusions only) ostypes (string) list of os types to filter by query (string) a free text search term, will match applicable attributes recommendations (string) list of recommendations to filter by siteids (string) list of site ids to filter by skip (string) skip first number of items (0 1000) to iterate over more than 1000 items, use "cursor" skipcount (boolean) if true, total number of items will not be calculated, which speeds up execution time sortby (string) the column to sort the results by sortorder (string) sort direction source (string) list sources to filter by tenant (string) indicates a tenant scope request type (string) type types (string) type in unified (string) unified updatedat between (string) date range for update time (format \<from timestamp> \<to timestamp>, inclusive) updatedat gt (string) updated after this timestamp updatedat gte (string) updated after or at this timestamp updatedat lt (string) updated before this timestamp updatedat lte (string) updated before or at this timestamp user contains (string) free text filter by user name userids (string) list of user ids to filter by value (string) value value contains (string) free text filter by value output output parameters status code (number) reason (string) json body (object) data (array) createdat (string) description (string) id (string) imported (boolean) includechildren (boolean) includeparents (boolean) notrecommended (string) ostype (string) scope (object) accountids (array) groupids (array) siteids (array) tenant (boolean) scopename (string) scopepath (string) source (string) type (string) updatedat (string) userid (string) username (string) value (string) errors (array) pagination (object) nextcursor (string) totalitems (number) response headers header type server string date string content type string transfer encoding string connection string x rqid string access control allow origin string access control allow credentials string vary string strict transport security string x frame options string x content type options string content security policy string cache control string pragma string expires string content encoding string