Start Auth Events Search Job
POST {{cb_url}}/api/investigate/v2/orgs/{{cb_org_key}}/auth_events/search_jobs
Creates an Auth Events Search job. The results for the search job may be requested using the job_id returned. This route will not request facets.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
| org.search.events | READ, CREATE |
Request Schema:
{
"collapse": ,
"criteria": {
"additionalProp1": [ { "": ""} ]
},
"exclusions": {
"additionalProp1": [ { "": ""} ]
},
"fields": [ "" ],
"query": "",
"rows": ,
"sort": [
{
"field": "",
"order": ""
}
],
"start": ,
"time_range": {
"end": "",
"start": "",
"window": ""
}
}
[See Documentation about the APIs]
[Information on Fields]
Request Body
{"query"=>"auth_username:SYSTEM", "time_range"=>{"window"=>"-7d"}}
RESPONSES
status: OK
{"job_id":"1efc2a3d-f1b2-46fd-b1a1-ded953030c11-sqs"}