Get Auth Events Search Suggestions

GET {{cb_url}}/api/investigate/v2/orgs/{org_key}/auth_events/search_suggestions?suggest.q=auth

Returns suggestions for an Auth Events Search based on fields in the organizationโ€™s system. Will return field names if the โ€œsuggest.qโ€ parameter does not yet contain a colon and will return no suggestion otherwise.

RBAC Permissions Required

Permission (.notation name)Operation(s)
org.search.eventsREAD

See Documentation about the APIs

Information on Fields

Request Params

KeyDatatypeRequiredDescription
suggest.qstringThe query to generate suggestions for
suggest.countnullThe number of suggestions to return, default 50

RESPONSES

status: OK

{"suggestions":[{"term":"auth_cleartext_credentials_logon","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_daemon_logon","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_domain_name","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_elevated_token_logon","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_event_action","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_failed_logon_count","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_failure_status","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_failure_sub_status","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_interactive_logon","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_logon_id","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_logon_type","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_privileges","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_remote_device","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_remote_ipv4","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_remote_ipv6","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_remote_location","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_remote_logon","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_remote_port","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_restricted_admin_logon","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_user_id","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_user_principal_name","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_username","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_virtual_account_logon","weight":350,"required_skus_all":["auth"],"required_skus_some":[]}]}