⚠️ Start a Process Search Job
POST {{cb_url}}/api/investigate/v2/orgs/{{cb_org_key}}/processes/search_jobs
Creates a process search job. The results for the search job may be requested using the job ID returned. This route will not request facets.
RBAC Permissions Required
Permission (.notation name) | Operation(s) |
---|---|
threathunter.events | CREATE |
Note: See the Process Search Fields for details on how to populate the search query.
Request Body
{"query"=>"process_name:cmd.exe", "time_range"=>{"end"=>"2020-04-21T00:00:00Z", "start"=>"2020-04-19T00:00:00Z"}, "rows"=>10000, "fields"=>["*", "document_guid"], "sort"=>[{"field"=>"device_timestamp", "order"=>"DESC"}]}
RESPONSES
status: OK
{"job_id":"538d1137-642b-44b0-8c1f-a8c77d0662b6"}