⚠️ Get Events Associated with a Given Process
POST {{cb_url}}/api/investigate/v2/orgs/{{cb_org_key}}/events/{{cb_process_guid}}/_search
Fetch the events associated with a given process. These events are often more complete the the enriched event documents but, unlike the enriched event searches, must be focused on a single process. This route will not request facets.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
| threathunter.events | READ |
Request Body
{"criteria"=>"<object>", "exclusions"=>"<object>", "fields"=>["<string>", "<string>"], "query"=>"<string>", "rows"=>"<long>", "sort"=>[{"field"=>"<string>", "order"=>"<string>"}, {"field"=>"<string>", "order"=>"<string>"}], "start"=>"<long>", "time_range"=>{"end"=>"<string>", "start"=>"<string>", "window"=>"<string>"}}