Start Auth Events Search Job

POST {{cb_url}}/api/investigate/v2/orgs/{{cb_org_key}}/auth_events/search_jobs

Creates an Auth Events Search job. The results for the search job may be requested using the job_id returned. This route will not request facets.

RBAC Permissions Required

Permission (.notation name)Operation(s)
org.search.eventsREAD, CREATE

Request Schema:

{
  "collapse": ,
  "criteria": {
    "additionalProp1": [ { "": ""} ]
  },
  "exclusions": {
    "additionalProp1": [ { "": ""} ]
  },
  "fields": [ "" ],
  "query": "",
  "rows": ,
  "sort": [
    {
      "field": "",
      "order": ""
    }
  ],
  "start": ,
  "time_range": {
    "end": "",
    "start": "",
    "window": ""
  }
}

[See Documentation about the APIs]

[Information on Fields]

Request Body

{"query"=>"auth_username:SYSTEM", "time_range"=>{"window"=>"-7d"}}

RESPONSES

status: OK

{"job_id":"1efc2a3d-f1b2-46fd-b1a1-ded953030c11-sqs"}