⚠️ Start a Process Search Job

POST {{cb_url}}/api/investigate/v2/orgs/{{cb_org_key}}/processes/search_jobs

Creates a process search job. The results for the search job may be requested using the job ID returned. This route will not request facets.

RBAC Permissions Required

Permission (.notation name)Operation(s)
threathunter.eventsCREATE

Note: See the Process Search Fields for details on how to populate the search query.

See the Documentation

Request Body

{"query"=>"process_name:cmd.exe", "time_range"=>{"end"=>"2020-04-21T00:00:00Z", "start"=>"2020-04-19T00:00:00Z"}, "rows"=>10000, "fields"=>["*", "document_guid"], "sort"=>[{"field"=>"device_timestamp", "order"=>"DESC"}]}

RESPONSES

status: OK

{"job_id":"538d1137-642b-44b0-8c1f-a8c77d0662b6"}