Get Threats

8 min

description retrieve a comprehensive list of all identified threats from sentinelone endpoint url web/api/v2 1/threats method get inputs parameters (object) accountids (array) agentids (array) agentisactive (boolean) agentmachinetypes (array) agentmachinetypesnin (array) agentversions (array) agentversionsnin (array) analystverdicts (array) analystverdictsnin (array) awsrole contains (array) awssecuritygroups contains (array) awssubnetids contains (array) azureresourcegroup contains (array) classifications (array) classificationsnin (array) classificationsources (array) classificationsourcesnin (array) cloudaccount contains (array) cloudimage contains (array) cloudinstanceid contains (array) cloudinstancesize contains (array) cloudlocation contains (array) cloudnetwork contains (array) cloudprovider (array) cloudprovidernin (array) collectionids (array) commandlinearguments contains (array) computername contains (array) confidencelevels (array) confidencelevelsnin (array) containerimagename contains (array) containerlabels contains (array) containername contains (array) contenthash contains (array) contenthashes (array) countonly (boolean) countsfor (string) createdat gt (string) createdat gte (string) createdat lt (string) createdat lte (string) cursor (string) detectionagentdomain contains (array) detectionagentversion contains (array) detectionengines (array) detectionenginesnin (array) displayname (string) engines (array) enginesnin (array) externalticketexists (boolean) externalticketid contains (array) externalticketids (array) failedactions (boolean) filepath contains (array) gcpserviceaccount contains (array) groupids (array) ids (array) incidentstatuses (array) incidentstatusesnin (array) initiatedby (array) initiatedbynin (array) initiatedbyusername contains (array) k8sclustername contains (array) k8scontrollerlabels contains (array) k8scontrollername contains (array) k8snamespacelabels contains (array) k8snamespacename contains (array) k8snodelabels contains (array) k8snodename contains (array) k8spodlabels contains (array) k8spodname contains (array) limit (number) mitigatedpreemptively (boolean) mitigationstatuses (array) mitigationstatusesnin (array) noteexists (boolean) originatedprocess contains (array) osarchs (array) osnames (array) osnamesnin (array) ostypes (array) ostypesnin (array) pendingactions (boolean) publishername contains (array) query (string) realtimeagentversion contains (array) rebootrequired (boolean) resolved (boolean) siteids (array) skip (number) skipcount (boolean) sortby (string) sortorder (string) storyline contains (array) storylines (array) tenant (boolean) threatdetails contains (array) updatedat gt (string) updatedat gte (string) updatedat lt (string) updatedat lte (string) uuid contains (array) output example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 03 jul 2023 03 42 11 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x rqid" "96f7b37b 0e6b 4cb7 ba52 1c6bffa6d0fe", "access control allow origin" "https //usea1 identity sentinelone net", "access control allow credentials" "true", "vary" "origin", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "sameorigin", "x content type options" "nosniff", "content security policy" "default src 'self' ; connect src 'self' pendo io storage googleapis com cdn auth0 com sentinelone net wss\ // sentinelone net https //cdnjs cloudflare com data ; script src 'self' 'unsafe eval' sentinelone net cdn pendo io app pendo io data pendo io pendo io static storage googleapis com storage googleapis com https //cdnjs cloudflare com ; img src 'self' data pendo io sentinelone com sentinelone net storage googleapis com; style src 'self' 'unsafe inline' sentinelone net app pendo io cdn pendo io storage googleapis com https //cdnjs cloudflare com ; font src 'self' data sentinelone net; frame src 'self' blob https // sentinelone net https // scalyr com https //receptive io https // pendo io https //pendo io extensions storage googleapis com/ https //www youtube com/; object src 'none'; frame ancestors 'self' app pendo io sentinelone net", "cache control" "no store", "pragma" "no cache", "expires" " 1", "content encoding" "gzip" }, "reason" "ok", "json body" { "errors" \[ { "type" "object" } ], "pagination" { "totalitems" 580, "nextcursor" "ywdlbnrfawq6ntgwmjkzode=" }, "data" \[ { "mitigationstatus" \[ { "lastupdate" "2018 02 27t04 49 26 257525z", "agentsupportsreport" "boolean", "latestreport" "string", "groupnotfound" "boolean", "mitigationendedat" "2018 02 27t04 49 26 257525z", "action" "kill", "actionscounters" { "pendingreboot" "integer", "failed" "integer", "total" "integer", "notfound" "integer", "success" "integer" }, "status" "success", "mitigationstartedat" "2018 02 27t04 49 26 257525z" } ], "kubernetesinfo" { "controllerkind" "string", "namespace" "string", "iscontainerquarantine" "boolean", "controllerlabels" \[ { "type" "string" } ], "nodelabels" \[ { "type" "string" } ], "namespacelabels" \[ { "type" "string" } ], "controllername" "string", "pod" "string", "podlabels" \[ { "type" "string" } ], "node" "string", "cluster" "string" }, "whiteningoptions" \[ { "type" "string" } ], "agentdetectioninfo" { "accountid" "225494730938493804", "sitename" "string", "groupid" "225494730938493804", "agentversion" "3 6 1 14", "accountname" "string", "agentipv4" "string", "siteid" "225494730938493804", "agentlastloggedinusermail" "string", "agentosname" "string", "agentregisteredat" "2018 02 27t04 49 26 257525z", "cloudproviders" "object", "agentmitigationmode" "detect", "externalip" "string", "agentosrevision" "string", "agentuuid" "string", "groupname" "string", "agentipv6" "string", "agentlastloggedinusername" "janedoe3", "agentdomain" "mybusiness net", "agentdetectionstate" "string", "agentlastloggedinupn" "string" }, "agentrealtimeinfo" { "siteid" "225494730938493804", "groupname" "string", "agentversion" "3 6 1 14", "agentdecommissionedat" "boolean", "agentcomputername" "string", "scanstartedat" "2018 02 27t04 49 26 257525z", "agentdomain" "string", "agentmitigationmode" "detect", "agentid" "225494730938493804", "operationalstate" "string", "useractionsneeded" \[ { "type" "string", "example" "none", "enum" \[ "none", "reboot needed", "upgrade needed", "incompatible os", "unprotected", "rebootless without dynamic detection", "extended exclusions partially accepted", "reboot required", "pending deprecation", "user action needed", "user action needed fda", "user action needed rs fda", "user action needed fda helper", "user action needed bluetooth per", "user action needed network", "user action needed notifications", "user action needed login items" ] } ], "agentostype" "linux", "networkinterfaces" \[ { "inet6" \[ { "type" "string" } ], "id" "225494730938493804", "inet" \[ { "type" "string" } ], "name" "string", "physical" "00 25 96\ ff\ fe🕛34 56" } ], "rebootrequired" "boolean", "sitename" "string", "groupid" "225494730938493804", "agentinfected" "boolean", "agentosname" "string", "scanstatus" "none", "agentnetworkstatus" "connected", "activethreats" "integer", "agentuuid" "string", "agentmachinetype" "unknown", "agentisactive" "boolean", "accountid" "225494730938493804", "storagetype" "string", "agentosrevision" "string", "storagename" "string", "agentisdecommissioned" "boolean", "scanfinishedat" "2018 02 27t04 49 26 257525z", "scanabortedat" "2018 02 27t04 49 26 257525z", "accountname" "string" }, "id" "225494730938493804", "containerinfo" { "iscontainerquarantine" "boolean", "id" "string", "image" "string", "labels" \[ { "type" "string" } ], "name" "string" }, "indicators" \[ { "ids" \[ { "type" "integer", "format" "int32" } ], "categoryid" "integer", "category" "string", "tactics" \[ { "name" "string", "techniques" \[ { "link" "string", "name" "string" } ], "source" "string" } ], "description" "string" } ], "threatinfo" { "publishername" "string", "updatedat" "2018 02 27t04 49 26 257525z", "threatid" "225494730938493804", "initiatedby" "agent policy", "fileextensiontype" "string", "classification" "string", "confidencelevel" "malicious", "filepath" { "readonly" true, "description" "file path" }, "maliciousprocessarguments" "string", "threatname" "string", "failedactions" "boolean", "initiatingusername" "string", "sha1" "ddd5030a3d029f3845fc1052419829f08f312240", "storyline" "a00637fa e18d 9b80 e803 f370524f8085", "isfileless" { "readonly" true, "description" "is fileless" }, "isvalidcertificate" "boolean", "certificateid" "string", "classificationsource" "cloud", "incidentstatusdescription" { "readonly" true, "description" "incident status description" }, "identifiedat" "2018 02 27t04 49 26 257525z", "browsertype" "string", "automaticallyresolved" "boolean", "filesize" "integer", "mitigationstatus" "not mitigated", "engines" \[ "reputation", "pre execution" ], "rebootrequired" "boolean", "processuser" "string", "detectionengines" \[ "reputation", "pre execution" ], "analystverdictdescription" { "readonly" true, "description" "analyst verdict description" }, "initiatinguserid" "225494730938493804", "analystverdict" "undefined", "initiatedbydescription" { "readonly" true, "description" "initiated by description" }, "mitigatedpreemptively" "boolean", "incidentstatus" "unresolved", "detectiontype" "static", "mitigationstatusdescription" { "readonly" true, "description" "mitigation status description" }, "collectionid" "225494730938493804", "fileverificationtype" "string", "externalticketid" "string", "reachedeventslimit" "boolean", "originatorprocess" "string", "externalticketexists" { "readonly" true, "description" "external ticket exists" }, "fileextension" "string", "md5" "string", "pendingactions" "boolean", "cloudfileshashverdict" "string", "sha256" "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c", "createdat" "2018 02 27t04 49 26 257525z" } } ] } } ] output parameters status code (number) reason (string) json body (object) errors (array) type (string) pagination (object) totalitems (number) nextcursor (string) data (array) mitigationstatus (array) lastupdate (string) agentsupportsreport (string) latestreport (string) groupnotfound (string) mitigationendedat (string) action (string) actionscounters (object) pendingreboot (string) failed (string) total (string) notfound (string) success (string) status (string) mitigationstartedat (string) kubernetesinfo (object) controllerkind (string) namespace (string) iscontainerquarantine (string) controllerlabels (array) type (string) nodelabels (array) type (string) namespacelabels (array) type (string) controllername (string) pod (string) podlabels (array) type (string) node (string) cluster (string) whiteningoptions (array) type (string) agentdetectioninfo (object) accountid (string) sitename (string) groupid (string) agentversion (string) accountname (string) agentipv4 (string) siteid (string) agentlastloggedinusermail (string) agentosname (string) agentregisteredat (string) cloudproviders (string) agentmitigationmode (string) externalip (string) agentosrevision (string) agentuuid (string) groupname (string) agentipv6 (string) agentlastloggedinusername (string) agentdomain (string) agentdetectionstate (string) agentlastloggedinupn (string) agentrealtimeinfo (object) siteid (string) groupname (string) agentversion (string) agentdecommissionedat (string) agentcomputername (string) scanstartedat (string) agentdomain (string) agentmitigationmode (string) agentid (string) operationalstate (string) useractionsneeded (array) type (string) example (string) enum (array) agentostype (string) networkinterfaces (array) inet6 (array) type (string) id (string) inet (array) type (string) name (string) physical (string) rebootrequired (string) sitename (string) groupid (string) agentinfected (string) agentosname (string) scanstatus (string) agentnetworkstatus (string) activethreats (string) agentuuid (string) agentmachinetype (string) agentisactive (string) accountid (string) storagetype (string) agentosrevision (string) storagename (string) agentisdecommissioned (string) scanfinishedat (string) scanabortedat (string) accountname (string) id (string) containerinfo (object) iscontainerquarantine (string) id (string) image (string) labels (array) type (string) name (string) indicators (array) ids (array) type (string) format (string) categoryid (string) category (string) tactics (array) name (string) techniques (array) link (string) name (string) source (string) description (string) threatinfo (object) publishername (string) updatedat (string) threatid (string) initiatedby (string) fileextensiontype (string) classification (string) confidencelevel (string) filepath (object) readonly (boolean) description (string) maliciousprocessarguments (string) threatname (string) failedactions (string) initiatingusername (string) sha1 (string) storyline (string) isfileless (object) readonly (boolean) description (string) isvalidcertificate (string) certificateid (string) classificationsource (string) incidentstatusdescription (object) readonly (boolean) description (string) identifiedat (string) browsertype (string) automaticallyresolved (string) filesize (string) mitigationstatus (string) engines (array) rebootrequired (string) processuser (string) detectionengines (array) analystverdictdescription (object) readonly (boolean) description (string) initiatinguserid (string) analystverdict (string) initiatedbydescription (object) readonly (boolean) description (string) mitigatedpreemptively (string) incidentstatus (string) detectiontype (string) mitigationstatusdescription (object) readonly (boolean) description (string) collectionid (string) fileverificationtype (string) externalticketid (string) reachedeventslimit (string) originatorprocess (string) externalticketexists (object) readonly (boolean) description (string) fileextension (string) md5 (string) pendingactions (string) cloudfileshashverdict (string) sha256 (string) createdat (string) response headers header type server string date string content type string transfer encoding string connection string x rqid string access control allow origin string access control allow credentials string vary string strict transport security string x frame options string x content type options string content security policy string cache control string pragma string expires string content encoding string

Get Threat Timeline

Initiate Scan