Search Alerts
GET {{cb_url}}/api/v2/alert?q=created_time:[2020-01-01T09:45:00 TO *]&rows=&start=&sort=&facet=true
Alert search
Request Params
Key | Datatype | Required | Description |
---|---|---|---|
q | string | [REQUIRED] Query string. Accepts the same data as the alert search box on the Triage Alerts page | |
rows | null | [OPTIONAL] Return this many rows, 10 by default. | |
start | null | [OPTIONAL] Start at this row, 0 by default | |
sort | null | [OPTIONAL] Sort rows by this field and order. last_update desc by default | |
facet | boolean | [OPTIONAL] Return facet results. βfalseβ by default, set to βtrueβ for facets |
RESPONSES
status: OK
{"terms":["created_time:[2020-01-01T09:45:00 TO *]"],"results":[{"host_count":2,"alert_type":"watchlist.hit.feedsearch.binary","sensor_criticality":3,"digsig_result":"Unsigned","observed_filename":["c:\\users\\mark hunter\\downloads\\cygwin.exe","c:\\users\\mark hunter\\desktop\\new folder\\cygwin.exe","c:\\users\\jenny davis\\desktop\\new folder (2)\\setup-x86_64.exe"],"report_score":100,"watchlist_id":"tc-95785979","feed_id":107,"other_hostnames":["desktop-h8ogj26"],"created_time":"2020-01-01T11:50:06.739Z","report_ignored":false,"ioc_type":"md5","watchlist_name":"tc-95785979","ioc_confidence":0.5,"alert_severity":67.5,"hostname":"desktop-s5bo5mf","feed_name":"carbonblack","_version_":1654526476836405248,"sha256":"AE481452927771AF871E218C85252192E1448C48FBC54BFE38C1BD2303AF4AD0","status":"Unresolved","description":"EBF71EBF6C671238BCB023B91D25971C","link":"https://sandbox.threatconnect.com/auth/indicators/details/file.xhtml?file=EBF71EBF6C671238BCB023B91D25971C\u0026owner=Carbon+Black","md5":"EBF71EBF6C671238BCB023B91D25971C","segment_id":1,"observed_filename_total_count":3,"total_hosts":0,"ioc_value":"EBF71EBF6C671238BCB023B91D25971C","os_type":"Windows","unique_id":"f586db92-9f01-46b2-a795-39c8fd7f508d","feed_rating":3},{"host_count":2,"alert_type":"watchlist.hit.feedsearch.binary","sensor_criticality":3,"digsig_result":"Unsigned","observed_filename":["c:\\users\\mark hunter\\downloads\\cygwin.exe","c:\\users\\mark hunter\\desktop\\new folder\\cygwin.exe","c:\\users\\jenny davis\\desktop\\new folder (2)\\setup-x86_64.exe"],"report_score":100,"watchlist_id":"tc-95785979","feed_id":107,"other_hostnames":["desktop-h8ogj26"],"created_time":"2020-01-02T11:50:07.198Z","report_ignored":false,"ioc_type":"md5","watchlist_name":"tc-95785979","ioc_confidence":0.5,"alert_severity":67.5,"hostname":"desktop-s5bo5mf","feed_name":"carbonblack","_version_":1654617074305073152,"sha256":"AE481452927771AF871E218C85252192E1448C48FBC54BFE38C1BD2303AF4AD0","status":"Unresolved","description":"EBF71EBF6C671238BCB023B91D25971C","link":"https://sandbox.threatconnect.com/auth/indicators/details/file.xhtml?file=EBF71EBF6C671238BCB023B91D25971C\u0026owner=Carbon+Black","md5":"EBF71EBF6C671238BCB023B91D25971C","segment_id":1,"observed_filename_total_count":3,"total_hosts":0,"ioc_value":"EBF71EBF6C671238BCB023B91D25971C","os_type":"Windows","unique_id":"51d587e4-fd30-495c-aa16-752615271a63","feed_rating":3},{"username":"DESKTOP-H8OGJ26\\Jenny Davis","alert_type":"watchlist.hit.ingress.process","sensor_criticality":3,"modload_count":0,"report_score":89,"watchlist_id":"tc-104256559","sensor_id":2,"feed_name":"carbonblack","created_time":"2020-01-03T22:54:07.886Z","report_ignored":false,"ioc_type":"ipv4","watchlist_name":"tc-104256559","ioc_confidence":0.5,"ioc_attr":"{\"direction\": \"Outbound\", \"protocol\": \"TCP\", \"local_port\": \"50513\", \"dns_name\": \"mirrors.xmission.com\", \"remote_port\": \"30188\", \"local_ip\": \"168428245\", \"port\": \"50513\", \"remote_ip\": \"-969140723\"}","alert_severity":60.075,"crossproc_count":0,"group":"default group","hostname":"desktop-h8ogj26","filemod_count":10062,"comms_ip":"10.10.2.213","netconn_count":79,"interface_ip":"10.10.2.213","status":"Unresolved","process_path":"c:\\users\\jenny davis\\desktop\\new folder\\setup-x86_64.exe","description":"198.60.22.13","process_name":"setup-x86_64.exe","process_unique_id":"00000002-0000-1740-01d5-c28986c1ce63-016f6d9daa92","process_id":"00000002-0000-1740-01d5-c28986c1ce63","link":"https://sandbox.threatconnect.com/auth/indicators/details/address.xhtml?address=198.60.22.13\u0026owner=Carbon+Black","_version_":1654749449132441600,"regmod_count":1,"md5":"ebf71ebf6c671238bcb023b91d25971c","sha256":"ae481452927771af871e218c85252192e1448c48fbc54bfe38c1bd2303af4ad0","segment_id":1578092046994,"total_hosts":0,"feed_id":107,"ioc_value":"198.60.22.13","os_type":"windows","childproc_count":0,"unique_id":"03c2572e-9b3f-45c3-9249-ffc39eb80fe3","feed_rating":3},{"username":"DESKTOP-H8OGJ26\\Jenny Davis","alert_type":"watchlist.hit.ingress.process","sensor_criticality":3,"modload_count":0,"report_score":77,"watchlist_id":"tc-104256558","sensor_id":2,"feed_name":"carbonblack","created_time":"2020-01-03T22:54:07.928Z","report_ignored":false,"ioc_type":"dns","watchlist_name":"tc-104256558","ioc_confidence":0.5,"ioc_attr":"{\"direction\": \"Outbound\", \"protocol\": \"TCP\", \"local_port\": \"50513\", \"dns_name\": \"mirrors.xmission.com\", \"remote_port\": \"30188\", \"local_ip\": \"168428245\", \"port\": \"50513\", \"remote_ip\": \"-969140723\"}","alert_severity":51.975,"crossproc_count":0,"group":"default group","hostname":"desktop-h8ogj26","filemod_count":10062,"comms_ip":"10.10.2.213","netconn_count":79,"interface_ip":"10.10.2.213","status":"Unresolved","process_path":"c:\\users\\jenny davis\\desktop\\new folder\\setup-x86_64.exe","description":"mirrors.xmission.com","process_name":"setup-x86_64.exe","process_unique_id":"00000002-0000-1740-01d5-c28986c1ce63-016f6d9daa92","process_id":"00000002-0000-1740-01d5-c28986c1ce63","link":"https://sandbox.threatconnect.com/auth/indicators/details/host.xhtml?host=mirrors.xmission.com\u0026owner=Carbon+Black","_version_":1654749449133490176,"regmod_count":1,"md5":"ebf71ebf6c671238bcb023b91d25971c","sha256":"ae481452927771af871e218c85252192e1448c48fbc54bfe38c1bd2303af4ad0","segment_id":1578092046994,"total_hosts":0,"feed_id":107,"ioc_value":"mirrors.xmission.com","os_type":"windows","childproc_count":0,"unique_id":"8a2b706a-7c69-41ad-8550-f23f75ddaa17","feed_rating":3},{"username":"DESKTOP-H8OGJ26\\Jenny Davis","alert_type":"watchlist.hit.ingress.process","sensor_criticality":3,"modload_count":0,"report_score":89,"watchlist_id":"tc-104256559","sensor_id":2,"feed_name":"carbonblack","created_time":"2020-01-03T22:54:08.003Z","report_ignored":false,"ioc_type":"ipv4","watchlist_name":"tc-104256559","ioc_confidence":0.5,"ioc_attr":"{\"direction\": \"Outbound\", \"protocol\": \"TCP\", \"local_port\": \"50514\", \"dns_name\": \"mirrors.xmission.com\", \"remote_port\": \"30380\", \"local_ip\": \"168428245\", \"port\": \"50514\", \"remote_ip\": \"-969140723\"}","alert_severity":60.075,"crossproc_count":0,"group":"default group","hostname":"desktop-h8ogj26","filemod_count":10062,"comms_ip":"10.10.2.213","netconn_count":79,"interface_ip":"10.10.2.213","status":"Unresolved","process_path":"c:\\users\\jenny davis\\desktop\\new folder\\setup-x86_64.exe","description":"198.60.22.13","process_name":"setup-x86_64.exe","process_unique_id":"00000002-0000-1740-01d5-c28986c1ce63-016f6d9daa92","process_id":"00000002-0000-1740-01d5-c28986c1ce63","link":"https://sandbox.threatconnect.com/auth/indicators/details/address.xhtml?address=198.60.22.13\u0026owner=Carbon+Black","_version_":1654749449134538752,"regmod_count":1,"md5":"ebf71ebf6c671238bcb023b91d25971c","sha256":"ae481452927771af871e218c85252192e1448c48fbc54bfe38c1bd2303af4ad0","segment_id":1578092046994,"total_hosts":0,"feed_id":107,"ioc_value":"198.60.22.13","os_type":"windows","childproc_count":0,"unique_id":"d74145ef-76bb-4f3a-97b9-95fc5caeb370","feed_rating":3},{"username":"DESKTOP-H8OGJ26\\Jenny Davis","alert_type":"watchlist.hit.ingress.process","sensor_criticality":3,"modload_count":0,"report_score":77,"watchlist_id":"tc-104256558","sensor_id":2,"feed_name":"carbonblack","created_time":"2020-01-03T22:54:08.012Z","report_ignored":false,"ioc_type":"dns","watchlist_name":"tc-104256558","ioc_confidence":0.5,"ioc_attr":"{\"direction\": \"Outbound\", \"protocol\": \"TCP\", \"local_port\": \"50514\", \"dns_name\": \"mirrors.xmission.com\", \"remote_port\": \"30380\", \"local_ip\": \"168428245\", \"port\": \"50514\", \"remote_ip\": \"-969140723\"}","alert_severity":51.975,"crossproc_count":0,"group":"default group","hostname":"desktop-h8ogj26","filemod_count":10062,"comms_ip":"10.10.2.213","netconn_count":79,"interface_ip":"10.10.2.213","status":"Unresolved","process_path":"c:\\users\\jenny davis\\desktop\\new folder\\setup-x86_64.exe","description":"mirrors.xmission.com","process_name":"setup-x86_64.exe","process_unique_id":"00000002-0000-1740-01d5-c28986c1ce63-016f6d9daa92","process_id":"00000002-0000-1740-01d5-c28986c1ce63","link":"https://sandbox.threatconnect.com/auth/indicators/details/host.xhtml?host=mirrors.xmission.com\u0026owner=Carbon+Black","_version_":1654749449134538753,"regmod_count":1,"md5":"ebf71ebf6c671238bcb023b91d25971c","sha256":"ae481452927771af871e218c85252192e1448c48fbc54bfe38c1bd2303af4ad0","segment_id":1578092046994,"total_hosts":0,"feed_id":107,"ioc_value":"mirrors.xmission.com","os_type":"windows","childproc_count":0,"unique_id":"90e49500-39eb-455f-9c01-c9e1fc661f29","feed_rating":3},{"username":"DESKTOP-H8OGJ26\\Jenny Davis","alert_type":"watchlist.hit.ingress.process","sensor_criticality":3,"modload_count":0,"report_score":89,"watchlist_id":"tc-104256559","sensor_id":2,"feed_name":"carbonblack","created_time":"2020-01-03T22:54:08.032Z","report_ignored":false,"ioc_type":"ipv4","watchlist_name":"tc-104256559","ioc_confidence":0.5,"ioc_attr":"{\"direction\": \"Outbound\", \"protocol\": \"TCP\", \"local_port\": \"50523\", \"dns_name\": \"mirrors.xmission.com\", \"remote_port\": \"30446\", \"local_ip\": \"168428245\", \"port\": \"50523\", \"remote_ip\": \"-969140723\"}","alert_severity":60.075,"crossproc_count":0,"group":"default group","hostname":"desktop-h8ogj26","filemod_count":10062,"comms_ip":"10.10.2.213","netconn_count":79,"interface_ip":"10.10.2.213","status":"Unresolved","process_path":"c:\\users\\jenny davis\\desktop\\new folder\\setup-x86_64.exe","description":"198.60.22.13","process_name":"setup-x86_64.exe","process_unique_id":"00000002-0000-1740-01d5-c28986c1ce63-016f6d9daa92","process_id":"00000002-0000-1740-01d5-c28986c1ce63","link":"https://sandbox.threatconnect.com/auth/indicators/details/address.xhtml?address=198.60.22.13\u0026owner=Carbon+Black","_version_":1654749449135587328,"regmod_count":1,"md5":"ebf71ebf6c671238bcb023b91d25971c","sha256":"ae481452927771af871e218c85252192e1448c48fbc54bfe38c1bd2303af4ad0","segment_id":1578092046994,"total_hosts":0,"feed_id":107,"ioc_value":"198.60.22.13","os_type":"windows","childproc_count":0,"unique_id":"7cac5b8c-ec38-4e59-aaa7-acbd3fed4fe5","feed_rating":3},{"username":"DESKTOP-H8OGJ26\\Jenny Davis","alert_type":"watchlist.hit.ingress.process","sensor_criticality":3,"modload_count":0,"report_score":77,"watchlist_id":"tc-104256558","sensor_id":2,"feed_name":"carbonblack","created_time":"2020-01-03T22:54:08.045Z","report_ignored":false,"ioc_type":"dns","watchlist_name":"tc-104256558","ioc_confidence":0.5,"ioc_attr":"{\"direction\": \"Outbound\", \"protocol\": \"TCP\", \"local_port\": \"50523\", \"dns_name\": \"mirrors.xmission.com\", \"remote_port\": \"30446\", \"local_ip\": \"168428245\", \"port\": \"50523\", \"remote_ip\": \"-969140723\"}","alert_severity":51.975,"crossproc_count":0,"group":"default group","hostname":"desktop-h8ogj26","filemod_count":10062,"comms_ip":"10.10.2.213","netconn_count":79,"interface_ip":"10.10.2.213","status":"Unresolved","process_path":"c:\\users\\jenny davis\\desktop\\new folder\\setup-x86_64.exe","description":"mirrors.xmission.com","process_name":"setup-x86_64.exe","process_unique_id":"00000002-0000-1740-01d5-c28986c1ce63-016f6d9daa92","process_id":"00000002-0000-1740-01d5-c28986c1ce63","link":"https://sandbox.threatconnect.com/auth/indicators/details/host.xhtml?host=mirrors.xmission.com\u0026owner=Carbon+Black","_version_":1654749449139781632,"regmod_count":1,"md5":"ebf71ebf6c671238bcb023b91d25971c","sha256":"ae481452927771af871e218c85252192e1448c48fbc54bfe38c1bd2303af4ad0","segment_id":1578092046994,"total_hosts":0,"feed_id":107,"ioc_value":"mirrors.xmission.com","os_type":"windows","childproc_count":0,"unique_id":"219a5949-5da9-4c89-88b4-f50639809a76","feed_rating":3},{"username":"DESKTOP-H8OGJ26\\Jenny Davis","alert_type":"watchlist.hit.ingress.process","sensor_criticality":3,"modload_count":0,"report_score":89,"watchlist_id":"tc-104256559","sensor_id":2,"feed_name":"carbonblack","created_time":"2020-01-03T22:54:08.061Z","report_ignored":false,"ioc_type":"ipv4","watchlist_name":"tc-104256559","ioc_confidence":0.5,"ioc_attr":"{\"direction\": \"Outbound\", \"protocol\": \"TCP\", \"local_port\": \"50524\", \"dns_name\": \"mirrors.xmission.com\", \"remote_port\": \"30274\", \"local_ip\": \"168428245\", \"port\": \"50524\", \"remote_ip\": \"-969140723\"}","alert_severity":60.075,"crossproc_count":0,"group":"default group","hostname":"desktop-h8ogj26","filemod_count":10062,"comms_ip":"10.10.2.213","netconn_count":79,"interface_ip":"10.10.2.213","status":"Unresolved","process_path":"c:\\users\\jenny davis\\desktop\\new folder\\setup-x86_64.exe","description":"198.60.22.13","process_name":"setup-x86_64.exe","process_unique_id":"00000002-0000-1740-01d5-c28986c1ce63-016f6d9daa92","process_id":"00000002-0000-1740-01d5-c28986c1ce63","link":"https://sandbox.threatconnect.com/auth/indicators/details/address.xhtml?address=198.60.22.13\u0026owner=Carbon+Black","_version_":1654749449139781633,"regmod_count":1,"md5":"ebf71ebf6c671238bcb023b91d25971c","sha256":"ae481452927771af871e218c85252192e1448c48fbc54bfe38c1bd2303af4ad0","segment_id":1578092046994,"total_hosts":0,"feed_id":107,"ioc_value":"198.60.22.13","os_type":"windows","childproc_count":0,"unique_id":"88e039a6-fbca-4447-96ca-6419761e5b91","feed_rating":3},{"username":"DESKTOP-H8OGJ26\\Jenny Davis","alert_type":"watchlist.hit.ingress.process","sensor_criticality":3,"modload_count":0,"report_score":77,"watchlist_id":"tc-104256558","sensor_id":2,"feed_name":"carbonblack","created_time":"2020-01-03T22:54:08.075Z","report_ignored":false,"ioc_type":"dns","watchlist_name":"tc-104256558","ioc_confidence":0.5,"ioc_attr":"{\"direction\": \"Outbound\", \"protocol\": \"TCP\", \"local_port\": \"50524\", \"dns_name\": \"mirrors.xmission.com\", \"remote_port\": \"30274\", \"local_ip\": \"168428245\", \"port\": \"50524\", \"remote_ip\": \"-969140723\"}","alert_severity":51.975,"crossproc_count":0,"group":"default group","hostname":"desktop-h8ogj26","filemod_count":10062,"comms_ip":"10.10.2.213","netconn_count":79,"interface_ip":"10.10.2.213","status":"Unresolved","process_path":"c:\\users\\jenny davis\\desktop\\new folder\\setup-x86_64.exe","description":"mirrors.xmission.com","process_name":"setup-x86_64.exe","process_unique_id":"00000002-0000-1740-01d5-c28986c1ce63-016f6d9daa92","process_id":"00000002-0000-1740-01d5-c28986c1ce63","link":"https://sandbox.threatconnect.com/auth/indicators/details/host.xhtml?host=mirrors.xmission.com\u0026owner=Carbon+Black","_version_":1654749449140830208,"regmod_count":1,"md5":"ebf71ebf6c671238bcb023b91d25971c","sha256":"ae481452927771af871e218c85252192e1448c48fbc54bfe38c1bd2303af4ad0","segment_id":1578092046994,"total_hosts":0,"feed_id":107,"ioc_value":"mirrors.xmission.com","os_type":"windows","childproc_count":0,"unique_id":"2ecb4914-dce6-4513-814e-7b5ef0db8498","feed_rating":3}],"elapsed":0.16867995262145996,"comprehensive_search":true,"all_segments":true,"total_results":218,"highlights":[],"facets":{"status":[{"percent":0,"ratio":"0.0","name":"In Progress","value":0},{"percent":0,"ratio":"0.0","name":"Resolved","value":0},{"ratio":"100.0","percent":100,"name":"Unresolved","value":218},{"percent":0,"ratio":"0.0","name":"False Positive","value":0}],"username":[{"ratio":"100.0","percent":100,"name":"DESKTOP-H8OGJ26\\Jenny Davis","value":180}],"ioc_value_facet":[{"ratio":"40.4","percent":100,"name":"198.60.22.13","value":88},{"ratio":"40.4","percent":100,"name":"mirrors.xmission.com","value":88},{"ratio":"17.4","percent":43,"name":"EBF71EBF6C671238BCB023B91D25971C","value":38},{"ratio":"1.8","percent":4,"name":"ebf71ebf6c671238bcb023b91d25971c","value":4}],"group":[{"ratio":"100.0","percent":100,"name":"default group","value":180}],"feed_category":[],"hostname":[{"ratio":"82.6","percent":100,"name":"desktop-h8ogj26","value":180},{"ratio":"17.4","percent":21,"name":"desktop-s5bo5mf","value":38}],"feed_name":[{"ratio":"100.0","percent":100,"name":"carbonblack","value":218}],"assigned_to":[],"watchlist_name":[{"ratio":"40.4","percent":100,"name":"tc-104256558","value":88},{"ratio":"40.4","percent":100,"name":"tc-104256559","value":88},{"ratio":"19.3","percent":47,"name":"tc-95785979","value":42}]},"start":0,"incomplete_results":false,"filtered":{"status":[],"username":[],"ioc_value_facet":[],"group":[],"feed_category":[],"hostname":[],"feed_name":[],"assigned_to":[],"watchlist_name":[]}}