Validate Search Request

POST {{cb_url}}/api/alerts/v7/orgs/{{cb_org_key}}/alerts/_validate

Check if the search reqeust is valid.

RBAC Permissions Required

Permission (.notation name)Operation(s)
org.alertsREAD

Request Schema

{
  "query": "<string>",
  "time_range": {
    "start": "<dateTime>",
    "end": "<dateTime>",
    "range": "<string>"
  },
  "criteria": {
    "org_key": [
      "<string>"    
    ],
    "id": [
      "<string>"
    ],
    "type": [
      "<string>"
    ],
    "backend_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "user_update_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "backend_update_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "detection_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "first_event_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "last_event_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "category": [
      "<string>"
    ],
    "minimum_severity": <integer>,
    "reason_code": [
      "<string>"
    ],
    "threat_id": [
      "<string>"
    ],
    "primary_event_id": [
      "<string>"
    ],
    "policy_applied": [
      "<string>"
    ],
    "run_state": [
      "<string>"
    ],
    "sensor_action": [
      "<string>"
    ],
    "workflow_status": [
      "<string>"
    ],
    "workflow_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "workflow_changed_by_type": [
      "<string>"
    ],
    "workflow_changed_by_autoclose_rule_id": [
      "<string>"
    ],
    "workflow_closure_reason": [
      "<string>"
    ],
    "determination_value": [
      "<string>"
    ],
    "determination_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "determination_changed_by_type": [
      "<string>"
    ],
    "tags": [
      "<string>"
    ],
    "alert_notes_present": <boolean>,
    "threat_notes_present": <boolean>,
    "device_id": [
      <long>
    ],
    "device_name": [
      "<string>"
    ],
    "device_uem_id": [
      "<string>"
    ],
    "device_policy": [
      "<string>"
    ],
    "device_policy_id": [
      <long>
    ],
    "device_target_value": [
      "<string>"
    ],
    "device_os": [
      "<string>"
    ],
    "device_os_version": [
      "<string>"
    ],
    "device_username": [
      "<string>"
    ],
    "device_location": [
      "<string>"
    ],
    "device_external_ip": [
      "<string>"
    ],
    "device_internal_ip": [
      "<string>"
    ],
    "rule_config_type": [
      "<string>"
    ],
    "rule_config_name": [
      "<string>"
    ],
    "rule_config_id": [
      "<string>"
    ],
    "rule_category_id": [
      "<string>"
    ],
    "rule_id": [
      "<string>"
    ],
    "process_guid": [
      "<string>"
    ],
    "process_pid": [
      <integer>
    ],
    "process_name": [
      "<string>"
    ],
    "process_sha256": [
      "<string>"
    ],
    "process_md5": [
      "<string>"
    ],
    "process_effective_reputation": [
      "<string>"
    ],
    "process_reputation": [
      "<string>"
    ],
    "process_cmdline": [
      "<string>"
    ],
    "process_username": [
      "<string>"
    ],
    "process_signatures_certificate_authority": [
      "<string>"
    ],
    "process_signatures_publisher": [
      "<string>"
    ],
    "parent_guid": [
      "<string>"
    ],
    "parent_pid": [
      <integer>
    ],
    "parent_name": [
      "<string>"
    ],
    "parent_sha256": [
      "<string>"
    ],
    "parent_md5": [
      "<string>"
    ],
    "parent_effective_reputation": [
      "<string>"
    ],
    "parent_reputation": [
      "<string>"
    ],
    "parent_cmdline": [
      "<string>"
    ],
    "parent_username": [
      "<string>"
    ],
    "childproc_guid": [
      "<string>"
    ],
    "childproc_name": [
      "<string>"
    ],
    "childproc_sha256": [
      "<string>"
    ],
    "childproc_md5": [
      "<string>"
    ],
    "childproc_effective_reputation": [
      "<string>"
    ],
    "childproc_username": [
      "<string>"
    ],
    "childproc_cmdline": [
      "<string>"
    ],
    "netconn_remote_port": [
      <integer>
    ],
    "netconn_local_port": [
      <integer>
    ],
    "netconn_protocol": [
      "<string>"
    ],
    "netconn_remote_domain": [
      "<string>"
    ],
    "netconn_remote_ip": [
      "<string>"
    ],
    "netconn_local_ip": [
      "<string>"
    ],
    "netconn_remote_ipv4": [
      "<string>"
    ],
    "netconn_local_ipv4": [
      "<string>"
    ],
    "netconn_remote_ipv6": [
      "<string>"
    ],
    "netconn_local_ipv6": [
      "<string>"
    ],
    "threat_category": [
      "<string>"
    ],
    "ttps": [
      "<string>"
    ],
    "attack_tactic": [
      "<string>"
    ],
    "attack_technique": [
      "<string>"
    ],
    "report_id": [
      "<string>"
    ],
    "report_name": [
      "<string>"
    ],
    "report_link": [
      "<string>"
    ],
    "watchlists_id": [
      "<string>"    
    ],
    "watchlists_name": [
      "<string>"    
    ],
    "k8s_policy_id": [
      "<string>"    
    ],
    "k8s_policy": [
      "<string>"    
    ],
    "k8s_rule_id": [
      "<string>"    
    ],
    "k8s_rule": [
      "<string>"    
    ],
    "cluster_name": [
      "<string>"    
    ],
    "namespace": [
      "<string>"    
    ],
    "workload_kind": [
      "<string>"    
    ],
    "workload_name": [
      "<string>"    
    ],
    "replica_id": [
      "<string>"    
    ],
    "connection_type": [
      "<string>"
    ],
    "egress_group_id": [
      "<string>"    
    ],
    "egress_group_name": [
      "<string>"    
    ],
    "ip_reputation": [
      <integer>
    ],r
    "remote_is_private": <boolean>,
    "remote_namespace": [
      "<string>"    
    ],
    "remote_replica_id": [
      "<string>"    
    ],
    "remote_workload_kind": [
      "<string>"    
    ],
    "remote_workload_name": [
      "<string>"    
    ],
    "tms_rule_id": [
      "<string>"    
    ],
    "threat_name": [
      "<string>"    
    ],
    "vendor_name": [
      "<string>"    
    ],
    "vendor_id": [
      "<string>"    
    ],
    "product_name": [
      "<string>"    
    ],
    "product_id": [
      "<string>"    
    ],
    "external_device_friendly_name": [
      "<string>"    
    ],
    "serial_number": [
      "<string>"    
    ],
    "blocked_name": [
      "<string>"    
    ],
    "blocked_sha256": [
      "<string>"    
    ],
    "blocked_md5": [
      "<string>"    
    ],
    "blocked_effective_reputation": [
      "<string>"
    ],
    "ml_classification_final_verdict": [
      "<string>"
    ],
    "ml_classification_global_prevalence": [
      "<string>"
    ],
    "ml_classification_org_prevalence": [
      "<string>"
    ],
    "mdr_alert": <boolean>,
    "mdr_workflow_status": [
      "<string>"
    ],
    "mdr_workflow_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "mdr_workflow_is_assigned": <boolean>,
    "mdr_determination_value": [
      "<string>"
    ],
    "mdr_determination_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "mdr_alert_notes_present": <boolean>,
    "mdr_threat_notes_present": <boolean>
  },
  "exclusions": {
    "org_key": [
      "<string>"    
    ],
    "id": [
      "<string>"    
    ],
    "type": [
      "<string>"
    ],
    "backend_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "user_update_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "backend_update_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "detection_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "first_event_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "last_event_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "category": [
      "<string>"
    ],
    "minimum_severity": <integer>,
    "reason_code": [
      "<string>"    
    ],
    "threat_id": [
      "<string>"    
    ],
    "primary_event_id": [
      "<string>"    
    ],
    "policy_applied": [
      "<string>"
    ],
    "run_state": [
      "<string>"
    ],
    "sensor_action": [
      "<string>"
    ],
    "workflow_status": [
      "<string>"
    ],
    "workflow_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "workflow_changed_by_type": [
      "<string>"
    ],
    "workflow_changed_by_autoclose_rule_id": [
      "<string>"    
    ],
    "workflow_closure_reason": [
      "<string>"    
    ],
    "determination_value": [
      "FALSE_POSITIVE",
      "NONE"
    ],
    "determination_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "determination_changed_by_type": [
      "API",
      "MDR"
    ],
    "tags": [
      "<string>"    
    ],
    "alert_notes_present": <boolean>,
    "threat_notes_present": <boolean>,
    "device_id": [
      <long>
    ],
    "device_name": [
      "<string>"    
    ],
    "device_uem_id": [
      "<string>"    
    ],
    "device_policy": [
      "<string>"    
    ],
    "device_policy_id": [
      <long>
    ],
    "device_target_value": [
      "<string>"
    ],
    "device_os": [
      "<string>"
    ],
    "device_os_version": [
      "<string>"    
    ],
    "device_username": [
      "<string>"    
    ],
    "device_location": [
      "<string>"
    ],
    "device_external_ip": [
      "<string>"    
    ],
    "device_internal_ip": [
      "<string>"    
    ],
    "rule_config_type": [
      "<string>"    
    ],
    "rule_config_name": [
      "<string>"    
    ],
    "rule_config_id": [
      "<string>"    
    ],
    "rule_category_id": [
      "<string>"    
    ],
    "rule_id": [
      "<string>"    
    ],
    "process_guid": [
      "<string>"    
    ],
    "process_pid": [
      <integer>
    ],
    "process_name": [
      "<string>"    
    ],
    "process_sha256": [
      "<string>"    
    ],
    "process_md5": [
      "<string>"    
    ],
    "process_effective_reputation": [
      "<string>"
    ],
    "process_reputation": [
      "<string>"
    ],
    "process_cmdline": [
      "<string>"    
    ],
    "process_username": [
      "<string>"    
    ],
    "process_signatures_certificate_authority": [
      "<string>"    
    ],
    "process_signatures_publisher": [
      "<string>"    
    ],
    "parent_guid": [
      "<string>"    
    ],
    "parent_pid": [
      <integer>
    ],
    "parent_name": [
      "<string>"    
    ],
    "parent_sha256": [
      "<string>"    
    ],
    "parent_md5": [
      "<string>"    
    ],
    "parent_effective_reputation": [
      "<string>"
    ],
    "parent_reputation": [
      "<string>"
    ],
    "parent_cmdline": [
      "<string>"    
    ],
    "parent_username": [
      "<string>"    
    ],
    "childproc_guid": [
      "<string>"    
    ],
    "childproc_name": [
      "<string>"    
    ],
    "childproc_sha256": [
      "<string>"    
    ],
    "childproc_md5": [
      "<string>"    
    ],
    "childproc_effective_reputation": [
      "<string>"
    ],
    "childproc_username": [
      "<string>"    
    ],
    "childproc_cmdline": [
      "<string>"    
    ],
    "netconn_remote_port": [
      <integer>
    ],
    "netconn_local_port": [
      <integer>
    ],
    "netconn_protocol": [
      "<string>"    
    ],
    "netconn_remote_domain": [
      "<string>"    
    ],
    "netconn_remote_ip": [
      "<string>"    
    ],
    "netconn_local_ip": [
      "<string>"    
    ],
    "netconn_remote_ipv4": [
      "<string>"    
    ],
    "netconn_local_ipv4": [
      "<string>"    
    ],
    "netconn_remote_ipv6": [
      "<string>"    
    ],
    "netconn_local_ipv6": [
      "<string>"    
    ],
    "threat_category": [
      "<string>"
    ],
    "ttps": [
      "<string>"    
    ],
    "attack_tactic": [
      "<string>"    
    ],
    "attack_technique": [
      "<string>"    
    ],
    "report_id": [
      "<string>"    
    ],
    "report_name": [
      "<string>"    
    ],
    "report_link": [
      "<string>"    
    ],
    "watchlists_id": [
      "<string>"    
    ],
    "watchlists_name": [
      "<string>"    
    ],
    "k8s_policy_id": [
      "<string>"    
    ],
    "k8s_policy": [
      "<string>"    
    ],
    "k8s_rule_id": [
      "<string>"    
    ],
    "k8s_rule": [
      "<string>"    
    ],
    "cluster_name": [
      "<string>"
    ],
    "namespace": [
      "<string>"    
    ],
    "workload_kind": [
      "<string>"    
    ],
    "workload_name": [
      "<string>"    
    ],
    "replica_id": [
      "<string>"
    ],
    "connection_type": [
      "INGRESS"
    ],
    "egress_group_id": [
      "<string>"
    ],
    "egress_group_name": [
      "<string>"
    ],
    "ip_reputation": [
      <integer>
    ],
    "remote_is_private": <boolean>,
    "remote_namespace": [
      "<string>"
    ],
    "remote_replica_id": [
      "<string>""
    ],
    "remote_workload_kind": [
      "<string>"
    ],
    "remote_workload_name": [
      "<string>"
    ],
    "tms_rule_id": [
      "<string>"
    ],
    "threat_name": [
      "<string>"
    ],
    "vendor_name": [
      "<string>"
    ],
    "vendor_id": [
      "<string>"
    ],
    "product_name": [
      "<string>"
    ],
    "product_id": [
      "<string>"
    ],
    "external_device_friendly_name": [
      "<string>"
    ],
    "serial_number": [
      "<string>"
    ],
    "blocked_name": [
      "<string>"
    ],
    "blocked_sha256": [
      "<string>"
    ],
    "blocked_md5": [
      "<string>"
    ],
    "blocked_effective_reputation": [
      "<string>"
    ],
    "ml_classification_final_verdict": [
      "<string>"
    ],
    "ml_classification_global_prevalence": [
      "<string>"
    ],
    "ml_classification_org_prevalence": [
      "<string>"
    ],
    "mdr_alert": <boolean>,
    "mdr_workflow_status": [
      "<string>"
    ],
    "mdr_workflow_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "mdr_workflow_is_assigned": <boolean>,
    "mdr_determination_value": [
      "<string>"
    ],
    "mdr_determination_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    }
  },
  "start": <long>,
  "rows": <long>,
  "sort": [
    {
      "field": "<string>",
      "order": "<string>"
    },
    {
      "field": "<string>",
      "order": "<string>"
    }
  ]
}

Request Body

{"time_range"=>{"range"=>"-10d"}, "type"=>["WATCHLIST"], "category"=>["THREAT", "MONITORED"], "minimum_severity"=>"1", "start"=>1, "rows"=>100, "sort"=>[{"field"=>"backend_update_timestamp", "order"=>"desc"}]}

HEADERS

KeyDatatypeRequiredDescription
Content-Typestring
Acceptstring

RESPONSES

status: OK

{&quot;errorMessage&quot;:null,&quot;valid&quot;:true}