Get Auth Events Detail Job Results

GET {{cb_url}}/api/investigate/v2/orgs/{{cb_org_key}}/auth_events/detail_jobs/{{cb_job_id}}/results
Retrieves the Auth Events Detail Job results for a given job ID.
Results may be available immediately but will be complete once the job finishes, as this call is asynchronous. The job will be complete when contacted == completed in the response.
RBAC Permissions Required

Permission (.notation name)	Operation(s)
org.search.events	READ
See Documentation about the APIs
Information on Fields
RESPONSES

status: OK
{&quot;results&quot;:[{&quot;auth_cleartext_credentials_logon&quot;:false,&quot;auth_daemon_logon&quot;:true,&quot;auth_domain_name&quot;:&quot;NT AUTHORITY&quot;,&quot;auth_elevated_token_logon&quot;:true,&quot;auth_event_action&quot;:&quot;LOGON_SUCCESS&quot;,&quot;auth_failed_logon_count&quot;:0,&quot;auth_impersonation_level&quot;:&quot;IMPERSONATION_LOCAL_ONLY&quot;,&quot;auth_interactive_logon&quot;:false,&quot;auth_key_length&quot;:0,&quot;auth_logon_id&quot;:&quot;00000000-000003E7&quot;,&quot;auth_logon_type&quot;:5,&quot;auth_package&quot;:&quot;Negotiate&quot;,&quot;auth_remote_device&quot;:&quot;-&quot;,&quot;auth_remote_logon&quot;:false,&quot;auth_remote_port&quot;:0,&quot;auth_restricted_admin_logon&quot;:false,&quot;auth_user_id&quot;:&quot;S-1-5-18&quot;,&quot;auth_username&quot;:&quot;SYSTEM&quot;,&quot;auth_virtual_account_logon&quot;:false,&quot;backend_timestamp&quot;:&quot;2023-01-13T17:18:36.195Z&quot;,&quot;childproc_count&quot;:0,&quot;crossproc_count&quot;:48,&quot;device_external_ip&quot;:&quot;52.116.18.136&quot;,&quot;device_group_id&quot;:0,&quot;device_id&quot;:12345678,&quot;device_installed_by&quot;:&quot;CBAWTD\\Administrator&quot;,&quot;device_internal_ip&quot;:&quot;192.168.231.164&quot;,&quot;device_location&quot;:&quot;UNKNOWN&quot;,&quot;device_name&quot;:&quot;test_name&quot;,&quot;device_os&quot;:&quot;WINDOWS&quot;,&quot;device_os_version&quot;:&quot;Windows 10 x64&quot;,&quot;device_policy&quot;:&quot;test-monitor&quot;,&quot;device_policy_id&quot;:20622246,&quot;device_sensor_version&quot;:&quot;3.9.0.2352&quot;,&quot;device_target_priority&quot;:&quot;MEDIUM&quot;,&quot;device_timestamp&quot;:&quot;2023-01-13T17:17:45.322Z&quot;,&quot;document_guid&quot;:&quot;e0Huct8dQRyYfOEHImpfkA&quot;,&quot;event_id&quot;:&quot;DA9E269E-421D-469D-A212-9062888A02F4&quot;,&quot;event_report_code&quot;:&quot;SUB_RPT_NONE&quot;,&quot;filemod_count&quot;:3,&quot;ingress_time&quot;:1673630293265,&quot;modload_count&quot;:1,&quot;netconn_count&quot;:35,&quot;org_id&quot;:&quot;ABCD1234&quot;,&quot;parent_cmdline&quot;:&quot;wininit.exe&quot;,&quot;parent_cmdline_length&quot;:11,&quot;parent_effective_reputation&quot;:&quot;TRUSTED_WHITE_LIST&quot;,&quot;parent_effective_reputation_source&quot;:&quot;IGNORE&quot;,&quot;parent_guid&quot;:&quot;ABCD1234-010dde78-00000260-00000000-1d9275de5e5b262&quot;,&quot;parent_hash&quot;:[&quot;9ef51c8ad595c5e2a123c06ad39fccd7&quot;,&quot;268ca325c8f12e68b6728ff24d6536030aab6e05603d0179033b1e51d8476d86&quot;],&quot;parent_name&quot;:&quot;c:\\windows\\system32\\wininit.exe&quot;,&quot;parent_pid&quot;:608,&quot;parent_publisher&quot;:[&quot;Microsoft Windows Publisher&quot;],&quot;parent_publisher_state&quot;:[&quot;FILE_SIGNATURE_STATE_VERIFIED&quot;,&quot;FILE_SIGNATURE_STATE_OS&quot;,&quot;FILE_SIGNATURE_STATE_TRUSTED&quot;,&quot;FILE_SIGNATURE_STATE_SIGNED&quot;],&quot;parent_reputation&quot;:&quot;TRUSTED_WHITE_LIST&quot;,&quot;process_cmdline&quot;:[&quot;C:\\Windows\\system32\\lsass.exe&quot;],&quot;process_cmdline_length&quot;:[29],&quot;process_company_name&quot;:&quot;Microsoft Corporation&quot;,&quot;process_effective_reputation&quot;:&quot;TRUSTED_WHITE_LIST&quot;,&quot;process_effective_reputation_source&quot;:&quot;IGNORE&quot;,&quot;process_elevated&quot;:true,&quot;process_file_description&quot;:&quot;Local Security Authority Process&quot;,&quot;process_guid&quot;:&quot;ABCD1234-010dde78-00000308-00000000-1d9275de6169dd7&quot;,&quot;process_hash&quot;:[&quot;15a556def233f112d127025ab51ac2d3&quot;,&quot;362ab9743ff5d0f95831306a780fc3e418990f535013c80212dd85cb88ef7427&quot;],&quot;process_integrity_level&quot;:&quot;SYSTEM&quot;,&quot;process_internal_name&quot;:&quot;lsass.exe&quot;,&quot;process_name&quot;:&quot;c:\\windows\\system32\\lsass.exe&quot;,&quot;process_original_filename&quot;:&quot;lsass.exe&quot;,&quot;process_pid&quot;:[776],&quot;process_privileges&quot;:[&quot;SeIncreaseBasePriorityPrivilege&quot;,&quot;SeCreateGlobalPrivilege&quot;,&quot;SeChangeNotifyPrivilege&quot;,&quot;SeCreateSymbolicLinkPrivilege&quot;,&quot;SeDelegateSessionUserImpersonatePrivilege&quot;,&quot;SeSystemProfilePrivilege&quot;,&quot;SeDebugPrivilege&quot;,&quot;SeProfileSingleProcessPrivilege&quot;,&quot;SeLockMemoryPrivilege&quot;,&quot;SeCreatePagefilePrivilege&quot;,&quot;SeTimeZonePrivilege&quot;,&quot;SeTcbPrivilege&quot;,&quot;SeIncreaseWorkingSetPrivilege&quot;,&quot;SeImpersonatePrivilege&quot;,&quot;SeCreatePermanentPrivilege&quot;,&quot;SeAuditPrivilege&quot;],&quot;process_product_name&quot;:&quot;Microsoft® Windows® Operating System&quot;,&quot;process_product_version&quot;:&quot;10.0.19041.906&quot;,&quot;process_publisher&quot;:[&quot;Microsoft Windows Publisher&quot;],&quot;process_publisher_state&quot;:[&quot;FILE_SIGNATURE_STATE_VERIFIED&quot;,&quot;FILE_SIGNATURE_STATE_OS&quot;,&quot;FILE_SIGNATURE_STATE_TRUSTED&quot;,&quot;FILE_SIGNATURE_STATE_SIGNED&quot;],&quot;process_reputation&quot;:&quot;TRUSTED_WHITE_LIST&quot;,&quot;process_sha256&quot;:&quot;362ab9743ff5d0f95831306a780fc3e418990f535013c80212dd85cb88ef7427&quot;,&quot;process_start_time&quot;:&quot;2023-01-13T14:47:02.982Z&quot;,&quot;process_username&quot;:[&quot;NT AUTHORITY\\SYSTEM&quot;],&quot;regmod_count&quot;:11,&quot;scriptload_count&quot;:0,&quot;windows_event_id&quot;:4624}],&quot;num_found&quot;:1,&quot;num_available&quot;:1,&quot;approximate_unaggregated&quot;:1,&quot;num_aggregated&quot;:1,&quot;contacted&quot;:11,&quot;completed&quot;:11}