Get Auth Events Search Suggestions
GET {{cb_url}}/api/investigate/v2/orgs/{org_key}/auth_events/search_suggestions?suggest.q=auth
Returns suggestions for an Auth Events Search based on fields in the organizationโs system. Will return field names if the โsuggest.qโ parameter does not yet contain a colon and will return no suggestion otherwise.
RBAC Permissions Required
Permission (.notation name) | Operation(s) |
---|---|
org.search.events | READ |
See Documentation about the APIs
Request Params
Key | Datatype | Required | Description |
---|---|---|---|
suggest.q | string | The query to generate suggestions for | |
suggest.count | null | The number of suggestions to return, default 50 |
RESPONSES
status: OK
{"suggestions":[{"term":"auth_cleartext_credentials_logon","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_daemon_logon","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_domain_name","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_elevated_token_logon","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_event_action","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_failed_logon_count","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_failure_status","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_failure_sub_status","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_interactive_logon","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_logon_id","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_logon_type","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_privileges","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_remote_device","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_remote_ipv4","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_remote_ipv6","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_remote_location","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_remote_logon","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_remote_port","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_restricted_admin_logon","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_user_id","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_user_principal_name","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_username","weight":350,"required_skus_all":["auth"],"required_skus_some":[]},{"term":"auth_virtual_account_logon","weight":350,"required_skus_all":["auth"],"required_skus_some":[]}]}