Alert Search

POST {{cb_url}}/appservices/v6/orgs/{{cb_org_key}}/alerts/_search

Alert search request. Multiple pathways support similar request body schemas.

RBAC Permissions Required

Permission (.notation name)Operation(s)
org.alertsREAD

See Documentation


πŸ”Έ Examples provided

Request Body

{"criteria"=>{"group_results"=>true, "minimum_severity"=>3, "create_time"=>{"start"=>"2020-01-27T23:10:20.814Z", "end"=>"2020-01-27T23:10:25.814Z"}}, "sort"=>[{"field"=>"first_event_time", "order"=>"DESC"}], "rows"=>10, "start"=>0}

HEADERS

KeyDatatypeRequiredDescription
Content-Typestring
``null

RESPONSES

status: OK

{"results":[{"id":"4A0AD9BAE59E5187729FB63115807BC3","legacy_alert_id":"7DESJ9GN-00313c93-0000017c-00000000-1d5d56636374838-MLRtPcpQGKFh5OE4BT3tQ-19d3af31-5dbd-4b9f-9b1d-e8ddca6af991","org_key":"7DESJ9GN","create_time":"2020-01-27T23:10:21.814Z","last_update_time":null,"first_event_time":"2020-01-27T23:05:09.029Z","last_event_time":"2020-01-27T23:05:09.029Z","threat_id":"7BF2B848FE2936224483F214414EFDFB","severity":9,"category":"THREAT","device_id":3226771,"device_os":"WINDOWS","device_os_version":null,"device_name":"CIGENT-DGC7","device_username":"IEUser","policy_id":33819,"policy_name":"Cigent Policy 1","target_value":"HIGH","workflow":{"state":"OPEN","remediation":null,"last_update_time":"2020-01-27T23:10:21.847Z","comment":null,"changed_by":"Carbon Black"},"notes_present":false,"tags":null,"group_details":{"total_devices":1,"count":1},"reason":"Script Processors Renamed - Powershell","count":0,"report_id":"MLRtPcpQGKFh5OE4BT3tQ-19d3af31-5dbd-4b9f-9b1d-e8ddca6af991","report_name":"Script Processors Renamed - Powershell","ioc_id":"19d3af31-5dbd-4b9f-9b1d-e8ddca6af991-0","ioc_field":null,"ioc_hit":"(process_original_filename:PowerShell.EXE* -process_name:powershell.exe) -legacy:true","watchlists":[{"id":"MXzJPzWYRuuKBEsy0UXImA","name":"Cigent Watchlist"},{"id":"mrTB06fAQbeNfvl47cQiGg","name":"Carbon Black Advanced Threats"}],"process_guid":"7DESJ9GN-00313c93-0000017c-00000000-1d5d56636374838","process_name":"localpowershell.exe","run_state":"RAN","threat_indicators":[{"process_name":"localpowershell.exe","sha256":"de96a6e69944335375dc1ac238336066889d9ffc7d73628ef4fe1b1b160ab32c","ttps":["19d3af31-5dbd-4b9f-9b1d-e8ddca6af991-0"]}],"threat_cause_actor_sha256":"de96a6e69944335375dc1ac238336066889d9ffc7d73628ef4fe1b1b160ab32c","threat_cause_actor_md5":"7353f60b1739074eb17c5f4dddefe239","threat_cause_actor_name":"localpowershell.exe","threat_cause_reputation":"TRUSTED_WHITE_LIST","threat_cause_threat_category":null,"threat_cause_vector":"UNKNOWN","document_guid":"rkjzBzTEQtmMxxF5s7eREQ","type":"WATCHLIST"},{"id":"B170C3298FC24F16897CF06BBFF0CD22","legacy_alert_id":"7DESJ9GN-002efa5e-000018ec-00000000-1d5cda0addb718b-A59huyinQSmAr8t1a2hpg","org_key":"7DESJ9GN","create_time":"2020-01-27T23:10:21.647Z","last_update_time":null,"first_event_time":"2020-01-27T22:59:40.121Z","last_event_time":"2020-01-27T23:00:16.755Z","threat_id":"AD523AEB5432A41F4BD3B483720B932E","severity":8,"category":"THREAT","device_id":3078750,"device_os":"WINDOWS","device_os_version":null,"device_name":"Windows-10-32bit","device_username":"manwin1032","policy_id":6525,"policy_name":"default","target_value":"MEDIUM","workflow":{"state":"OPEN","remediation":null,"last_update_time":"2020-01-27T23:10:21.683Z","comment":null,"changed_by":"Carbon Black"},"notes_present":false,"tags":null,"group_details":{"total_devices":2,"count":6},"reason":"badfile.exe.exe","count":0,"report_id":"A59huyinQSmAr8t1a2hpg","report_name":"badfile.exe.exe","ioc_id":"860ececb-2a2e-4dc5-bdbd-f6f45657cf7c","ioc_field":null,"ioc_hit":"(process_name:chrome.exe)","watchlists":[{"id":"JI5wCDVTPGEgbWlDCoGgQ","name":"Sample badfile.exe.exe Watchlist"}],"process_guid":"7DESJ9GN-002efa5e-000018ec-00000000-1d5cda0addb718b","process_name":"chrome.exe","run_state":"RAN","threat_indicators":[{"process_name":"chrome.exe","sha256":"7cca896c76e30f6286fb01c8b2d9b56afd3eca3e24cf7ad42e5a929d44457a07","ttps":["860ececb-2a2e-4dc5-bdbd-f6f45657cf7c"]}],"threat_cause_actor_sha256":"7cca896c76e30f6286fb01c8b2d9b56afd3eca3e24cf7ad42e5a929d44457a07","threat_cause_actor_md5":"70d6971cfc8b736116e9aa60b6cc6fd2","threat_cause_actor_name":"chrome.exe","threat_cause_reputation":"TRUSTED_WHITE_LIST","threat_cause_threat_category":null,"threat_cause_vector":"UNKNOWN","document_guid":"z0C5W_roQf2wTlnBUlId3Q","type":"WATCHLIST"}],"num_found":2}