Run Activity Query

6 min

description run simple searches from the unified defense siem interface on the activity collection "|" pipe or operator searches are not currently supported endpoint url snypr/ws/spotter/index/search method get inputs parameters (object) – required query (string) – required eventtime from (string) – required eventtime to (string) – required tz (string) prettyjson (boolean) max (number) this parameter is only available for version 6 2 cu4 sp4 and above queryid (string) this parameter is only available for version 6 2 cu4 sp4 and above output example \[ { "status code" 200, "response headers" { "date" "thu, 25 jan 2024 00 34 27 gmt", "content type" "text/plain", "transfer encoding" "chunked", "connection" "keep alive", "strict transport security" "max age=31536000 ; includesubdomains", "cache control" "private, no store, no cache, must revalidate", "x frame options" "deny", "pragma" "no cache", "x xss protection" "1 ;mode=block", "x content type options" "nosniff", "content security policy" "frame ancestors 'self' securonix net; default src 'self' securonix net; object src 'self' securonix net data blob ; script src 'unsafe inline' 'unsafe eval' 'self' securonix net https //edge fullstory com https //rs fullstory com http //iph zoominsoftware io/widget js data blob ; style src 'self' securonix net https //fonts googleapis com 'unsafe inline'; font src 'self' securonix net https //fonts gstatic com 'unsafe inline'; connect src 'self' securonix net https //edge fullstory com https //rs fullstory com https //securonix be prod zoominsoftware io http //documentation be securonix com wss\ //saaspoc5t16expo securonix net 443 data blob ; img src 'self' securonix net https //rs fullstory com data https ; child src 'self' securonix net blob ;" }, "reason" "", "json body" { "totaldocuments" 69490, "events" \[ { "timeline by month" "1588309200000", "rg timezoneoffset" "asia/kolkata", "resourcegroupname" "carbonblackalert 19mayrin", "eventid" "bcb2c382 a14f 4673 ae8e af64901d2d94", "ipaddress" "192 168 1 14", "week" "21", "year" "2020", "accountresourcekey" "root carbonblackalert 19mayrin carbonblackalert 19mayrin 815 1", "resourcehostname" "lm11197", "sourceprocessname" "bash", "rg functionality" "umesh", "userid" " 1", "customfield2" "1589916440853", "dayofmonth" "20", "jobid" " 5", "resourcegroupid" "815", "datetime" "1589916504386", "timeline by hour" "1589914800000", "collectiontimestamp" "1589915105445", "hour" "0", "accountname" "root", "tenantid" "54", "id" " 1", "rg resourcetypeid" "449", " indexed at tdt" "tue may 19 15 28 30 edt 2020", "timeline by minute" "1589916300000", "routekey" "54 202005190003", "collectionmethod" "carbonblackalerts", "receivedtime" "1589916504387", "publishedtime" "1589916440853", "categorizedtime" "night", "jobstarttime" "1589915105445", "dayofyear" "141", "minute" "58", "categoryseverity" "0", "rg vendor" "umesh", "month" "4", " version " "1667148295203454980", "timeline" "1589864400000", "dayofweek" "4", "timeline by week" "1589691600000", "tenantname" "cordala", "resourcename" "carbonblackalert 19mayrin", "ingestionnodeid" "umesh du 10 0 0 81 securonix com" } ], "error" false, "available" false, "queryid" "spotterwebservicee8904c76 b230 4ad7 990f eefd220a22b8", "applicationtz" "cst6cdt", "inputparams" { "eventtime from" " \\"05/19/2020 00 00 00\\"", "max" "1", "query" "index=activity and resourcegroupname = \\"carbonblackalert 19mayrin\\"", "eventtime to" " \\"05/19/2020 23 59 59\\"" }, "index" "activity" } } ] output parameters status code (number) reason (string) json body (object) totaldocuments (number) events (array) timeline by month (string) rg timezoneoffset (string) resourcegroupname (string) eventid (string) ipaddress (string) week (string) year (string) accountresourcekey (string) resourcehostname (string) sourceprocessname (string) rg functionality (string) userid (string) customfield2 (string) dayofmonth (string) jobid (string) resourcegroupid (string) datetime (string) timeline by hour (string) collectiontimestamp (string) hour (string) accountname (string) tenantid (string) id (string) rg resourcetypeid (string) indexed at tdt (string) timeline by minute (string) routekey (string) collectionmethod (string) receivedtime (string) publishedtime (string) categorizedtime (string) jobstarttime (string) dayofyear (string) minute (string) categoryseverity (string) rg vendor (string) month (string) version (string) timeline (string) dayofweek (string) timeline by week (string) tenantname (string) resourcename (string) ingestionnodeid (string) error (boolean) available (boolean) queryid (string) applicationtz (string) inputparams (object) eventtime from (string) max (string) query (string) eventtime to (string) index (string) response headers header type date string content type string transfer encoding string connection string strict transport security string cache control string x frame options string pragma string x xss protection string x content type options string content security policy string

Securonix SNYPR Authentication

Get Top Threats