Validate Search Request
POST {{cb_url}}/api/alerts/v7/orgs/{{cb_org_key}}/alerts/_validate
Check if the search reqeust is valid.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
| org.alerts | READ |
Request Schema
{
"query": "<string>",
"time_range": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"criteria": {
"org_key": [
"<string>"
],
"id": [
"<string>"
],
"type": [
"<string>"
],
"backend_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"user_update_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"backend_update_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"detection_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"first_event_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"last_event_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"category": [
"<string>"
],
"minimum_severity": <integer>,
"reason_code": [
"<string>"
],
"threat_id": [
"<string>"
],
"primary_event_id": [
"<string>"
],
"policy_applied": [
"<string>"
],
"run_state": [
"<string>"
],
"sensor_action": [
"<string>"
],
"workflow_status": [
"<string>"
],
"workflow_change_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"workflow_changed_by_type": [
"<string>"
],
"workflow_changed_by_autoclose_rule_id": [
"<string>"
],
"workflow_closure_reason": [
"<string>"
],
"determination_value": [
"<string>"
],
"determination_change_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"determination_changed_by_type": [
"<string>"
],
"tags": [
"<string>"
],
"alert_notes_present": <boolean>,
"threat_notes_present": <boolean>,
"device_id": [
<long>
],
"device_name": [
"<string>"
],
"device_uem_id": [
"<string>"
],
"device_policy": [
"<string>"
],
"device_policy_id": [
<long>
],
"device_target_value": [
"<string>"
],
"device_os": [
"<string>"
],
"device_os_version": [
"<string>"
],
"device_username": [
"<string>"
],
"device_location": [
"<string>"
],
"device_external_ip": [
"<string>"
],
"device_internal_ip": [
"<string>"
],
"rule_config_type": [
"<string>"
],
"rule_config_name": [
"<string>"
],
"rule_config_id": [
"<string>"
],
"rule_category_id": [
"<string>"
],
"rule_id": [
"<string>"
],
"process_guid": [
"<string>"
],
"process_pid": [
<integer>
],
"process_name": [
"<string>"
],
"process_sha256": [
"<string>"
],
"process_md5": [
"<string>"
],
"process_effective_reputation": [
"<string>"
],
"process_reputation": [
"<string>"
],
"process_cmdline": [
"<string>"
],
"process_username": [
"<string>"
],
"process_signatures_certificate_authority": [
"<string>"
],
"process_signatures_publisher": [
"<string>"
],
"parent_guid": [
"<string>"
],
"parent_pid": [
<integer>
],
"parent_name": [
"<string>"
],
"parent_sha256": [
"<string>"
],
"parent_md5": [
"<string>"
],
"parent_effective_reputation": [
"<string>"
],
"parent_reputation": [
"<string>"
],
"parent_cmdline": [
"<string>"
],
"parent_username": [
"<string>"
],
"childproc_guid": [
"<string>"
],
"childproc_name": [
"<string>"
],
"childproc_sha256": [
"<string>"
],
"childproc_md5": [
"<string>"
],
"childproc_effective_reputation": [
"<string>"
],
"childproc_username": [
"<string>"
],
"childproc_cmdline": [
"<string>"
],
"netconn_remote_port": [
<integer>
],
"netconn_local_port": [
<integer>
],
"netconn_protocol": [
"<string>"
],
"netconn_remote_domain": [
"<string>"
],
"netconn_remote_ip": [
"<string>"
],
"netconn_local_ip": [
"<string>"
],
"netconn_remote_ipv4": [
"<string>"
],
"netconn_local_ipv4": [
"<string>"
],
"netconn_remote_ipv6": [
"<string>"
],
"netconn_local_ipv6": [
"<string>"
],
"threat_category": [
"<string>"
],
"ttps": [
"<string>"
],
"attack_tactic": [
"<string>"
],
"attack_technique": [
"<string>"
],
"report_id": [
"<string>"
],
"report_name": [
"<string>"
],
"report_link": [
"<string>"
],
"watchlists_id": [
"<string>"
],
"watchlists_name": [
"<string>"
],
"k8s_policy_id": [
"<string>"
],
"k8s_policy": [
"<string>"
],
"k8s_rule_id": [
"<string>"
],
"k8s_rule": [
"<string>"
],
"cluster_name": [
"<string>"
],
"namespace": [
"<string>"
],
"workload_kind": [
"<string>"
],
"workload_name": [
"<string>"
],
"replica_id": [
"<string>"
],
"connection_type": [
"<string>"
],
"egress_group_id": [
"<string>"
],
"egress_group_name": [
"<string>"
],
"ip_reputation": [
<integer>
],r
"remote_is_private": <boolean>,
"remote_namespace": [
"<string>"
],
"remote_replica_id": [
"<string>"
],
"remote_workload_kind": [
"<string>"
],
"remote_workload_name": [
"<string>"
],
"tms_rule_id": [
"<string>"
],
"threat_name": [
"<string>"
],
"vendor_name": [
"<string>"
],
"vendor_id": [
"<string>"
],
"product_name": [
"<string>"
],
"product_id": [
"<string>"
],
"external_device_friendly_name": [
"<string>"
],
"serial_number": [
"<string>"
],
"blocked_name": [
"<string>"
],
"blocked_sha256": [
"<string>"
],
"blocked_md5": [
"<string>"
],
"blocked_effective_reputation": [
"<string>"
],
"ml_classification_final_verdict": [
"<string>"
],
"ml_classification_global_prevalence": [
"<string>"
],
"ml_classification_org_prevalence": [
"<string>"
],
"mdr_alert": <boolean>,
"mdr_workflow_status": [
"<string>"
],
"mdr_workflow_change_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"mdr_workflow_is_assigned": <boolean>,
"mdr_determination_value": [
"<string>"
],
"mdr_determination_change_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"mdr_alert_notes_present": <boolean>,
"mdr_threat_notes_present": <boolean>
},
"exclusions": {
"org_key": [
"<string>"
],
"id": [
"<string>"
],
"type": [
"<string>"
],
"backend_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"user_update_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"backend_update_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"detection_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"first_event_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"last_event_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"category": [
"<string>"
],
"minimum_severity": <integer>,
"reason_code": [
"<string>"
],
"threat_id": [
"<string>"
],
"primary_event_id": [
"<string>"
],
"policy_applied": [
"<string>"
],
"run_state": [
"<string>"
],
"sensor_action": [
"<string>"
],
"workflow_status": [
"<string>"
],
"workflow_change_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"workflow_changed_by_type": [
"<string>"
],
"workflow_changed_by_autoclose_rule_id": [
"<string>"
],
"workflow_closure_reason": [
"<string>"
],
"determination_value": [
"FALSE_POSITIVE",
"NONE"
],
"determination_change_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"determination_changed_by_type": [
"API",
"MDR"
],
"tags": [
"<string>"
],
"alert_notes_present": <boolean>,
"threat_notes_present": <boolean>,
"device_id": [
<long>
],
"device_name": [
"<string>"
],
"device_uem_id": [
"<string>"
],
"device_policy": [
"<string>"
],
"device_policy_id": [
<long>
],
"device_target_value": [
"<string>"
],
"device_os": [
"<string>"
],
"device_os_version": [
"<string>"
],
"device_username": [
"<string>"
],
"device_location": [
"<string>"
],
"device_external_ip": [
"<string>"
],
"device_internal_ip": [
"<string>"
],
"rule_config_type": [
"<string>"
],
"rule_config_name": [
"<string>"
],
"rule_config_id": [
"<string>"
],
"rule_category_id": [
"<string>"
],
"rule_id": [
"<string>"
],
"process_guid": [
"<string>"
],
"process_pid": [
<integer>
],
"process_name": [
"<string>"
],
"process_sha256": [
"<string>"
],
"process_md5": [
"<string>"
],
"process_effective_reputation": [
"<string>"
],
"process_reputation": [
"<string>"
],
"process_cmdline": [
"<string>"
],
"process_username": [
"<string>"
],
"process_signatures_certificate_authority": [
"<string>"
],
"process_signatures_publisher": [
"<string>"
],
"parent_guid": [
"<string>"
],
"parent_pid": [
<integer>
],
"parent_name": [
"<string>"
],
"parent_sha256": [
"<string>"
],
"parent_md5": [
"<string>"
],
"parent_effective_reputation": [
"<string>"
],
"parent_reputation": [
"<string>"
],
"parent_cmdline": [
"<string>"
],
"parent_username": [
"<string>"
],
"childproc_guid": [
"<string>"
],
"childproc_name": [
"<string>"
],
"childproc_sha256": [
"<string>"
],
"childproc_md5": [
"<string>"
],
"childproc_effective_reputation": [
"<string>"
],
"childproc_username": [
"<string>"
],
"childproc_cmdline": [
"<string>"
],
"netconn_remote_port": [
<integer>
],
"netconn_local_port": [
<integer>
],
"netconn_protocol": [
"<string>"
],
"netconn_remote_domain": [
"<string>"
],
"netconn_remote_ip": [
"<string>"
],
"netconn_local_ip": [
"<string>"
],
"netconn_remote_ipv4": [
"<string>"
],
"netconn_local_ipv4": [
"<string>"
],
"netconn_remote_ipv6": [
"<string>"
],
"netconn_local_ipv6": [
"<string>"
],
"threat_category": [
"<string>"
],
"ttps": [
"<string>"
],
"attack_tactic": [
"<string>"
],
"attack_technique": [
"<string>"
],
"report_id": [
"<string>"
],
"report_name": [
"<string>"
],
"report_link": [
"<string>"
],
"watchlists_id": [
"<string>"
],
"watchlists_name": [
"<string>"
],
"k8s_policy_id": [
"<string>"
],
"k8s_policy": [
"<string>"
],
"k8s_rule_id": [
"<string>"
],
"k8s_rule": [
"<string>"
],
"cluster_name": [
"<string>"
],
"namespace": [
"<string>"
],
"workload_kind": [
"<string>"
],
"workload_name": [
"<string>"
],
"replica_id": [
"<string>"
],
"connection_type": [
"INGRESS"
],
"egress_group_id": [
"<string>"
],
"egress_group_name": [
"<string>"
],
"ip_reputation": [
<integer>
],
"remote_is_private": <boolean>,
"remote_namespace": [
"<string>"
],
"remote_replica_id": [
"<string>""
],
"remote_workload_kind": [
"<string>"
],
"remote_workload_name": [
"<string>"
],
"tms_rule_id": [
"<string>"
],
"threat_name": [
"<string>"
],
"vendor_name": [
"<string>"
],
"vendor_id": [
"<string>"
],
"product_name": [
"<string>"
],
"product_id": [
"<string>"
],
"external_device_friendly_name": [
"<string>"
],
"serial_number": [
"<string>"
],
"blocked_name": [
"<string>"
],
"blocked_sha256": [
"<string>"
],
"blocked_md5": [
"<string>"
],
"blocked_effective_reputation": [
"<string>"
],
"ml_classification_final_verdict": [
"<string>"
],
"ml_classification_global_prevalence": [
"<string>"
],
"ml_classification_org_prevalence": [
"<string>"
],
"mdr_alert": <boolean>,
"mdr_workflow_status": [
"<string>"
],
"mdr_workflow_change_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"mdr_workflow_is_assigned": <boolean>,
"mdr_determination_value": [
"<string>"
],
"mdr_determination_change_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
}
},
"start": <long>,
"rows": <long>,
"sort": [
{
"field": "<string>",
"order": "<string>"
},
{
"field": "<string>",
"order": "<string>"
}
]
}
Request Body
{"time_range"=>{"range"=>"-10d"}, "type"=>["WATCHLIST"], "category"=>["THREAT", "MONITORED"], "minimum_severity"=>"1", "start"=>1, "rows"=>100, "sort"=>[{"field"=>"backend_update_timestamp", "order"=>"desc"}]}
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Content-Type | string | ||
Accept | string |
RESPONSES
status: OK
{"errorMessage":null,"valid":true}