Evaluate Processes for a Watchlist (v1)

POST {{cb_url}}/api/investigate/v1/orgs/{{cb_org_key}}/processes/watchlist_evaluation

Instructs the Carbon Black Cloud to look for โ€œhitsโ€ across all processes reported for the organizationโ€™s endpoints within the time range for the given watchlist, report and IOC. Watchlist hits will be available in subsequent search results asynchronously and are not guaranteed to be visible directly after this call.

RBAC PERMISSIONS REQUIRED

Permission (.notation name)Operation(s)
org.search.eventsUPDATE

See Documentation

Request Body

{"watchlist_id"=>"<string>", "report_id"=>"<string>", "cb.max_backend_timestamp"=>"<integer>", "cb.min_backend_timestamp"=>"<integer>", "ioc_id"=>"<string>"}

HEADERS

KeyDatatypeRequiredDescription
Content-Typestring