Skip to main content

Documentation Index

Fetch the complete documentation index at: https://learninghub.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

To learn more, visit the Chronicle documentation.

Parameters

ParameterDescription
LimitThe maximum number of matched events to return.
QueryThe UDM search query to run.
Query End TimeEnd time of the query.
Query Start TimeStart time of the query.

Example Output

{  "events": [    {      "name": "00000000c5fd1146ce52d833659247f68b82009d000000000500000000000000",      "udm": {        "metadata": {          "eventTimestamp": "2022-09-14T00:59:59.567051Z",          "eventType": "NETWORK_CONNECTION",          "ingestedTimestamp": "2022-09-14T01:00:20.783486Z",          "id": "AAAAAMX9EUbOUtgzZZJH9ouCAJ0AAAAABQAAAAAAAAA="        },        "principal": {          "ip": [            "10.9.8.7"          ],        },        "target": {          "ip": [            "74.125.197.190"          ],          "port": 443        }      }    },    {      "name": "000000000f8e8dc25f873448a3b51ed3e81af0d900000000050000001c000000",      "udm": {        "metadata": {          "eventTimestamp": "2022-09-14T00:59:59.567051Z",          "eventType": "NETWORK_CONNECTION",          "ingestedTimestamp": "2022-09-14T01:00:20.071428Z",          "id": "AAAAAA+OjcJfhzRIo7Ue0+ga8NkAAAAABQAAABwAAAA="        },        "principal": {          "ip": [            "10.9.8.7"          ]        },        "target": {          "ip": [            "74.125.135.103"          ],          "port": 443        }      }    }  ]}

Workflow Library Example

Run an Udm Search with Chronicle and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop