Skip to main content

Documentation Index

Fetch the complete documentation index at: https://learninghub.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

To learn more, visit the Chronicle documentation.

Basic Parameters

ParameterDescription
Alert StateFilter detection by their state.
Rule IDThe ID of the rule of the detections. Can be also a rule version, for all versions for a specific rule, use <ruleID>@-. For all rules use -.

Advanced Parameters

ParameterDescription
Page SizeThe amount of alerts that will be returned every page.
Page TokenUse to retrieve another page of detections.
Sort By-
Sort End TimeThe end time of the chosen Sort By Parameter.
Sort Start TimeThe start time of the chosen Sort By Parameter.

Example Output

{  "detections": [    {      "type": "RULE_DETECTION",      "detection": [        {          "ruleName": "singleEventRule2",          "description": "description of this rule",          "urlBackToProduct": "https://customername.backstory.chronicle.security/ruleDetections?          ruleId=ru_1f54ab4b-e523-48f7-ae25-271b5ea8337d&selectedList=RuleDetectionsViewTimeline&          selectedParentDetectionId=de_69d1ff3c-3528-6171-fb48-28ee813ec3ec&          selectedTimestamp=2020-12-03T16:59:55.124243Z",          "ruleId": "ru_1f54ab4b-e523-48f7-ae25-271b5ea8337d",          "ruleVersion": "ru_1f54ab4b-e523-48f7-ae25-271b5ea8337d@v_1605892822_687503000",          "alertState": "NOT_ALERTING",          "ruleType": "SINGLE_EVENT"          "ruleLabels": [            {              "key": "description",              "value": "description of this rule"            }          ],        }      ],      "createdTime": "2020-12-03T19:19:19.720174Z",      "id": "de_69d1ff3c-3528-6171-fb48-28ee813ec3ec",      "timeWindow": {        "startTime": "2020-12-03T16:59:55.124243Z",        "endTime": "2020-12-03T16:59:55.124243Z"      },      "collectionElements": [        {          "references": [            {              "event": {                "metadata": {                  "eventTimestamp": "2020-12-03T16:59:55.124243Z",                  "collectedTimestamp": "2020-12-03T16:59:55.126201345Z",                  "eventType": "NETWORK_DNS",                  "productName": "ProductName",                  "ingestedTimestamp": "2020-12-03T16:59:59.011915Z"                },                "principal": {                  "ip": [                    "10.0.123.15"                  ]                },                "target": {                  "ip": [                    "10.0.10.10"                  ]                },                "securityResult": [                  {                    "action": [                      "UNKNOWN_ACTION"                    ]                  }                ],                "network": {                  "applicationProtocol": "DNS",                  "dns": {                    "questions": [                      {                        "name": "altostrat.com",                        "type": 1,                        "class": 1                      }                    ],                    "id": 12345,                    "recursionDesired": true                  }                }              }            }          ],          "label": "e"        }      ],      "detectionTime": "2020-12-03T16:59:55.124243Z"    },    {      "type": "RULE_DETECTION",      "detection": [        {          "ruleName": "singleEventRule2",          "description": "description of this rule",          "urlBackToProduct": "https://customername.backstory.chronicle.security/ruleDetections?          ruleId=ru_1f54ab4b-e523-48f7-ae25-271b5ea8337d&selectedList=RuleDetectionsViewTimeline&          selectedParentDetectionId=de_ec2bc52b-a522-aeaf-6a94-f7c7ce0eff15&          selectedTimestamp=2020-12-03T16:59:48.916995Z",          "ruleId": "ru_1f54ab4b-e523-48f7-ae25-271b5ea8337d",          "ruleVersion": "ru_1f54ab4b-e523-48f7-ae25-271b5ea8337d@v_1605892822_687503000",          "alertState": "NOT_ALERTING",          "ruleType": "SINGLE_EVENT"          "ruleLabels": [            {              "key": "description",              "value": "description of this rule"            }          ],        }      ],      "createdTime": "2020-12-03T19:19:19.720174Z",      "id": "de_ec2bc52b-a522-aeaf-6a94-f7c7ce0eff15",      "timeWindow": {        "startTime": "2020-12-03T16:59:48.916995Z",        "endTime": "2020-12-03T16:59:48.916995Z"      },      "collectionElements": [        {          "references": [            {              "event": {                "metadata": {                  "eventTimestamp": "2020-12-03T16:59:48.916995Z",                  "collectedTimestamp": "2020-12-03T16:59:48.918238257Z",                  "eventType": "NETWORK_DNS",                  "productName": "ProductName",                  "ingestedTimestamp": "2020-12-03T16:59:59.011915Z"                },                "principal": {                  "ip": [                    "127.0.0.1"                  ]                },                "target": {                  "ip": [                    "127.0.0.1"                  ]                },                "securityResult": [                  {                    "action": [                      "UNKNOWN_ACTION"                    ]                  }                ],                "network": {                  "applicationProtocol": "DNS",                  "dns": {                    "questions": [                      {                        "name": "altostrat.com",                        "type": 1,                        "class": 1                      }                    ],                    "id": 12346,                    "recursionDesired": true                  }                }              }            }          ],          "label": "e"        }      ],      "detectionTime": "2020-12-03T16:59:48.916995Z"    }  ],  "nextPageToken": "CgsIkdvj_gUQ2M2IXBIMCISzpP4FELj3oLUDGidkZV9lYzJiYzUyYi1hNTIyLWFlYWYtNmE5NC1mN2M3Y2UwZWZmMTU="}

Workflow Library Example

List Detections with Chronicle and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop