Documentation Index
Fetch the complete documentation index at: https://learninghub.blinkops.com/llms.txt
Use this file to discover all available pages before exploring further.
To learn more, visit the Chronicle documentation.
Parameters
| Parameter | Description |
|---|---|
| Alert Time After | Query by the time of the alert. |
| Alert Time Before | Query by the time of the alert. |
| Page Size | The amount of alerts that will be returned every page. |
Example Output
{ "alerts": [ { "asset": { "hostname": "host1234.altostrat.com" }, "alertInfos": [ { "name": "Antimalware Action Taken", "sourceProduct": "Microsoft ASC", "severity": "HIGH", "timestamp": "2020-11-15T07:21:35Z", "rawLog": "<omitted for simplicity>", "uri": [ "<omitted for simplicity>" ], "udmEvent": { "metadata": { "eventTimestamp": "2020-11-15T07:21:35Z", "eventType": "SCAN_FILE", "vendorName": "Microsoft", "productName": "ASC", "productEventType": "Antimalware Action Taken", "description": "<omitted for simplicity>", "urlBackToProduct": "<omitted for simplicity>", "ingestedTimestamp": "2020-11-30T19:01:11.486605Z" }, "principal": { "hostname": "host1234.altostrat.com" }, "target": { "file": { "fullPath": "<omitted for simplicity>" } }, "securityResult": [ { "threatName": "WS.Reputation.1", "ruleName": "AntimalwareActionTaken", "summary": "Antimalware Action Taken", "description": "<omitted for simplicity>", "severity": "HIGH" } ] } } ] } ], "userAlerts": [ { "user": { "email": "john.doe@altostrat.com" }, "alertInfos": [ { "name": "<omitted for simplicity>", "sourceProduct": "Office 365 Security and Compliance", "timestamp": "2020-11-15T13:15:00Z", "rawLog": "<omitted for simplicity>", "uri": [ "<omitted for simplicity>" ], "udmEvent": { "metadata": { "eventTimestamp": "2020-11-15T13:15:00Z", "eventType": "EMAIL_TRANSACTION", "vendorName": "Microsoft", "productName": "Office 365 Security and Compliance", "productEventType": "<omitted for simplicity>", "description": "<omitted for simplicity>", "ingestedTimestamp": "2020-11-30T18:29:36.164727Z" }, "securityResult": [ { "ruleName": "ThreatManagement", "summary": "Email reported by user as malware or phish", "description": "<omitted for simplicit>", "severity": "INFORMATIONAL" } ], "network": { "email": { "from": "Webinars\\\\u003cwebinars@example.com\\\\u003e", "to": [ "john.doe@altostrat.com" ] } } } } ] } ]}
Workflow Library Example
List Alerts with Chronicle and Send Results Via Email
Preview this Workflow on desktop