Get Auth Events Search Job Results

GET {{cb_url}}/api/investigate/v2/orgs/{{cb_org_key}}/auth_events/search_jobs/{{cb_job_id}}/results

Retrieves the auth events search results for a given job_id. Results will be sorted based on the sort parameter used when starting the search. Results may be available immediately but will be complete once the job finishes, as this call is asynchronous. The job will be complete when contacted == completed in the response.

RBAC Permissions Required

Permission (.notation name)Operation(s)
org.search.eventsREAD

See Documentation about the APIs

Information on Fields

RESPONSES

status: OK

{"results":[{"auth_domain_name":"NT AUTHORITY","auth_event_action":"LOGON_SUCCESS","auth_remote_device":"-","auth_remote_port":0,"auth_username":"SYSTEM","backend_timestamp":"2023-01-13T17:19:01.013Z","childproc_count":0,"crossproc_count":48,"device_group_id":0,"device_id":17686136,"device_name":"test_name","device_policy_id":20622246,"device_timestamp":"2023-01-13T17:17:45.322Z","event_id":"DA9E269E-421D-469D-A212-9062888A02F4","filemod_count":3,"ingress_time":1673630293265,"modload_count":1,"netconn_count":35,"org_id":"ABCD1234","parent_guid":"ABCD1234-010dde78-00000260-00000000-1d9275de5e5b262","parent_pid":608,"process_guid":"ABCD1234-010dde78-00000308-00000000-1d9275de6169dd7","process_hash":["15a556def233f112d127025ab51ac2d3","362ab9743ff5d0f95831306a780fc3e418990f535013c80212dd85cb88ef7427"],"process_name":"c:\\windows\\system32\\lsass.exe","process_pid":[776],"process_username":["NT AUTHORITY\\SYSTEM"],"regmod_count":11,"scriptload_count":0,"windows_event_id":4624}],"num_found":175,"num_available":175,"approximate_unaggregated":175,"num_aggregated":175,"contacted":12,"completed":12}