Evaluate Processes for a Watchlist (v1)
POST {{cb_url}}/api/investigate/v1/orgs/{{cb_org_key}}/processes/watchlist_evaluation
Instructs the Carbon Black Cloud to look for โhitsโ across all processes reported for the organizationโs endpoints within the time range for the given watchlist, report and IOC. Watchlist hits will be available in subsequent search results asynchronously and are not guaranteed to be visible directly after this call.
RBAC PERMISSIONS REQUIRED
Permission (.notation name) | Operation(s) |
---|---|
org.search.events | UPDATE |
Request Body
{"watchlist_id"=>"<string>", "report_id"=>"<string>", "cb.max_backend_timestamp"=>"<integer>", "cb.min_backend_timestamp"=>"<integer>", "ioc_id"=>"<string>"}
HEADERS
Key | Datatype | Required | Description |
---|---|---|---|
Content-Type | string |