Get Auth Events Search Job Results
GET {{cb_url}}/api/investigate/v2/orgs/{{cb_org_key}}/auth_events/search_jobs/{{cb_job_id}}/results
Retrieves the auth events search results for a given job_id. Results will be sorted based on the sort parameter used when starting the search. Results may be available immediately but will be complete once the job finishes, as this call is asynchronous. The job will be complete when contacted == completed in the response.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
| org.search.events | READ |
See Documentation about the APIs
RESPONSES
status: OK
{"results":[{"auth_domain_name":"NT AUTHORITY","auth_event_action":"LOGON_SUCCESS","auth_remote_device":"-","auth_remote_port":0,"auth_username":"SYSTEM","backend_timestamp":"2023-01-13T17:19:01.013Z","childproc_count":0,"crossproc_count":48,"device_group_id":0,"device_id":17686136,"device_name":"test_name","device_policy_id":20622246,"device_timestamp":"2023-01-13T17:17:45.322Z","event_id":"DA9E269E-421D-469D-A212-9062888A02F4","filemod_count":3,"ingress_time":1673630293265,"modload_count":1,"netconn_count":35,"org_id":"ABCD1234","parent_guid":"ABCD1234-010dde78-00000260-00000000-1d9275de5e5b262","parent_pid":608,"process_guid":"ABCD1234-010dde78-00000308-00000000-1d9275de6169dd7","process_hash":["15a556def233f112d127025ab51ac2d3","362ab9743ff5d0f95831306a780fc3e418990f535013c80212dd85cb88ef7427"],"process_name":"c:\\windows\\system32\\lsass.exe","process_pid":[776],"process_username":["NT AUTHORITY\\SYSTEM"],"regmod_count":11,"scriptload_count":0,"windows_event_id":4624}],"num_found":175,"num_available":175,"approximate_unaggregated":175,"num_aggregated":175,"contacted":12,"completed":12}