⚠️ Start Enriched Events Facet Job
POST {{cb_url}}/api/investigate/v2/orgs/{{cb_org_key}}/enriched_events/facet_jobs
Creates an enriched events facet job. The results for the facet job may be requested using the job ID returned. This route will not request processes.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
| threathunter.events | READ |
Request Body
{"query"=>"(event_id:{{cb_event_id}})", "terms"=>{"fields"=>["event_type", "process_name", "process_effective_reputation", "process_hash", "device_name", "process_username", "parent_effective_reputation", "ttp", "netconn_location"], "rows"=>50, "time_range"=>{"start"=>"2020-05-01T14:48:03-07:00"}, "start"=>"2020-05-01T14:48:03-07:00"}}
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Content-Type | string |