Get Threat Timeline

description retrieve a detailed timeline for a specific threat in sentinelone using the provided unique threat id endpoint url web/api/v2 1/threats/{{threat id}}/timeline method get inputs path parameters (object) – required threat id (string) – required parameters (object) sortorder (string) skipcount (boolean) activitytypes (number) sortby (string) countonly (boolean) output example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 14 nov 2022 22 05 11 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x rqid" "2a863e30 2f72 4519 9162 4e198dcb768d", "access control allow origin" "https //attivo us sentinelone net", "access control allow credentials" "true", "vary" "origin", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "sameorigin", "x content type options" "nosniff", "content security policy" "default src 'self' ; connect src 'self' cdn pendo io app pendo io pendo io data pendo io storage googleapis com sentry io sentry io google analytics com gstatic com unpkg com cdn auth0 com wss\ // sentinelone net https //www googletagmanager com https //cdnjs cloudflare com data ; script src 'self' 'unsafe inline' 'unsafe eval' cdn pendo io app pendo io pendo io static storage googleapis com cdn pendo io storage googleapis com data pendo io https //www google analytics com https //www googletagmanager com https //unpkg com https //cdnjs cloudflare com ; img src 'self' data https //www google analytics com cdn pendo io app pendo io sentinelone com storage googleapis com data pendo io ; style src 'self' 'unsafe inline' app pendo io cdn pendo io storage googleapis com https //fonts googleapis com https //cdnjs cloudflare com ; font src 'self' data https //fonts gstatic com https //cdn auth0 com ; frame src 'self' blob https //receptive io https // pendo io https //pendo io extensions storage googleapis com/ https // youtube com ; frame ancestors 'self' app pendo io ; object src 'none'", "cache control" "no store", "pragma" "no cache", "expires" " 1", "content encoding" "gzip" }, "reason" "ok", "json body" { "data" \[ { "accountid" "1286405255240245908", "activitytype" 4003, "agentid" "1286438987267469377", "agentupdatedversion" null, "createdat" "2022 09 07t02 38 56 730789z", "data" { "accountname" "swimlane", "computername" "localhost localdomain", "confidencelevel" "suspicious", "escapedmaliciousprocessarguments" null, "filecontenthash" "b691598c45658e76b2c328275db988baed3b8689", "filedisplayname" "wildfire test pe file(1) exe", "filepath" "/home/swimlane host/wildfire test pe file(1) exe", "fullscopedetails" "group default group in site default site of account swimlane", "fullscopedetailspath" "global / swimlane / default site / default group", "groupname" "default group", "sitename" "default site", "threatclassification" "malware", "threatclassificationsource" "engine", "username" null }, "groupid" "1286405255265411734", "hash" null, "id" "1503989642143092180", "osfamily" null, "primarydescription" "threat with confidence level suspicious detected wildfire test pe file(1) exe ", "secondarydescription" "b691598c45658e76b2c328275db988baed3b8689", "siteid" "1286405255257023125", "threatid" "1503989642042428880", "updatedat" "2022 09 07t02 38 56 725244z", "userid" null }, { "accountid" "1286405255240245908", "activitytype" 71, "agentid" "1286438987267469377", "agentupdatedversion" null, "createdat" "2022 11 14t20🕙56 882863z", "data" { "accountname" "swimlane", "computername" "localhost localdomain", "externalip" "96 79 235 37", "fullscopedetails" "group default group in site default site of account swimlane", "fullscopedetailspath" "global / swimlane / default site / default group", "groupname" "default group", "grouptype" "manual", "scopelevel" "group", "scopename" "default group", "sitename" "default site", "system" false, "username" "travis riley", "uuid" "33b3a892 d388 d3e6 6ead a98acb5d054c" }, "groupid" "1286405255265411734", "hash" null, "id" "1553803882072530508", "osfamily" null, "primarydescription" "the management user travis riley initiated a full disk scan to the agent localhost localdomain (96 79 235 37) ", "secondarydescription" null, "siteid" "1286405255257023125", "threatid" null, "updatedat" "2022 11 14t20🕙56 882868z", "userid" "1286405906565325677" }, { "accountid" "1286405255240245908", "activitytype" 2030, "agentid" "1286438987267469377", "agentupdatedversion" null, "createdat" "2022 11 14t22 01 32 904992z", "data" { "accountname" "swimlane", "computername" "localhost localdomain", "escapedmaliciousprocessarguments" null, "filedisplayname" "wildfire test pe file(1) exe", "filepath" "/home/swimlane host/wildfire test pe file(1) exe", "fullscopedetails" "group default group in site default site of account swimlane", "fullscopedetailspath" "global / swimlane / default site / default group", "groupname" "default group", "newanalystverdict" "true positive", "newanalystverdicttitle" "true positive", "oldanalystverdict" "undefined", "oldanalystverdicttitle" "undefined", "sitename" "default site", "threatclassification" "malware", "threatclassificationsource" "engine", "username" "travis riley" }, "groupid" "1286405255265411734", "hash" null, "id" "1553859549076555381", "osfamily" null, "primarydescription" "the management user travis riley changed the analyst verdict for wildfire test pe file(1) exe from undefined to true positive ", "secondarydescription" null, "siteid" "1286405255257023125", "threatid" "1503989642042428880", "updatedat" "2022 11 14t22 01 32 904993z", "userid" "1286405906565325677" }, { "accountid" "1286405255240245908", "activitytype" 3002, "agentid" null, "agentupdatedversion" null, "createdat" "2022 11 14t22 01 32 962480z", "data" { "accountname" "swimlane", "description" null, "filecontenthash" "b691598c45658e76b2c328275db988baed3b8689", "fullscopedetails" "group default group in site default site of account swimlane", "fullscopedetailspath" "global / swimlane / default site / default group", "groupname" "default group", "osfamily" "linux", "scopelevel" "group", "scopename" "default group", "sitename" "default site", "username" "travis riley" }, "groupid" "1286405255265411734", "hash" "b691598c45658e76b2c328275db988baed3b8689", "id" "1553859549537928826", "osfamily" "linux", "primarydescription" "the management user travis riley added / modified linux blacklist hash ", "secondarydescription" "b691598c45658e76b2c328275db988baed3b8689", "siteid" "1286405255257023125", "threatid" null, "updatedat" "2022 11 14t22 01 32 886298z", "userid" "1286405906565325677" }, { "accountid" "1286405255240245908", "activitytype" 2028, "agentid" "1286438987267469377", "agentupdatedversion" null, "createdat" "2022 11 14t22 03 17 939520z", "data" { "accountname" "swimlane", "computername" "localhost localdomain", "escapedmaliciousprocessarguments" null, "filedisplayname" "wildfire test pe file(1) exe", "filepath" "/home/swimlane host/wildfire test pe file(1) exe", "fullscopedetails" "group default group in site default site of account swimlane", "fullscopedetailspath" "global / swimlane / default site / default group", "groupname" "default group", "newincidentstatus" "in progress", "newincidentstatustitle" "in progress", "oldincidentstatus" "unresolved", "oldincidentstatustitle" "unresolved", "sitename" "default site", "threatclassification" "malware", "threatclassificationsource" "engine", "username" "travis riley" }, "groupid" "1286405255265411734", "hash" null, "id" "1553860430148830999", "osfamily" null, "primarydescription" "the management user travis riley changed the incident status for wildfire test pe file(1) exe from unresolved to in progress", "secondarydescription" null, "siteid" "1286405255257023125", "threatid" "1503989642042428880", "updatedat" "2022 11 14t22 03 17 939526z", "userid" "1286405906565325677" }, { "accountid" "1286405255240245908", "activitytype" 2014, "agentid" "1286438987267469377", "agentupdatedversion" null, "createdat" "2022 11 14t22 03 29 996397z", "data" { "accountname" "swimlane", "computername" "localhost localdomain", "filecontenthash" "b691598c45658e76b2c328275db988baed3b8689", "filedisplayname" "wildfire test pe file(1) exe", "filepath" "/home/swimlane host/wildfire test pe file(1) exe", "fullscopedetails" "group default group in site default site of account swimlane", "fullscopedetailspath" "global / swimlane / default site / default group", "groupname" "default group", "newstatus" null, "originalstatus" "not mitigated", "sitename" "default site", "threatclassification" "malware", "threatclassificationsource" "engine", "username" "travis riley" }, "groupid" "1286405255265411734", "hash" null, "id" "1553860531298666283", "osfamily" null, "primarydescription" "the management user travis riley issued a quarantine command to threat wildfire test pe file(1) exe on agent localhost localdomain ", "secondarydescription" "/home/swimlane host/wildfire test pe file(1) exe", "siteid" "1286405255257023125", "threatid" "1503989642042428880", "updatedat" "2022 11 14t22 03 29 996398z", "userid" "1286405906565325677" } ], "pagination" { "nextcursor" null, "totalitems" 6 } } } ] output parameters status code (number) reason (string) json body (object) data (array) accountid (string) activitytype (number) agentid (string) agentupdatedversion (object) createdat (string) data (object) accountname (string) computername (string) filecontenthash (string) filedisplayname (string) filepath (string) fullscopedetails (string) fullscopedetailspath (string) groupname (string) newstatus (object) originalstatus (string) sitename (string) threatclassification (string) threatclassificationsource (string) username (string) groupid (string) hash (object) id (string) osfamily (object) primarydescription (string) secondarydescription (string) siteid (string) threatid (string) updatedat (string) userid (string) pagination (object) nextcursor (object) totalitems (number) response headers header type server string date string content type string transfer encoding string connection string x rqid string access control allow origin string access control allow credentials string vary string strict transport security string x frame options string x content type options string content security policy string cache control string pragma string expires string content encoding string