{ "has_more": false, "items": [ { "amsi_threat_data": { "parentProcessId": "string", "parentProcessPath": "string", "processId": "string", "processName": "string", "processPath": "string" }, "appCerts": [ { "signer": "string", "thumbprint": "string" } ], "appSha256": "SHA 256 hash of the application associated with the threat, if available.", "core_remedy_items": { "items": [ { "descriptor": "string", "result": "string", "type": "string" } ], "totalItems": 0 }, "created_at": "The date at which the event was created.", "customer_id": "The identifier of the customer for which record is created.", "details": [ { "property": "string", "type": "string" } ], "endpoint_id": "The corresponding endpoint id associated with the record.", "endpoint_type": "The corresponding endpoint type associated with the record.", "group": "The group associated with the group.", "id": "The Identifier for the event.", "ips_threat_data": { "detectionType": 0, "executableName": "string", "executablePath": "string", "executablePid": "string", "executableVersion": "string", "localPort": "string", "rawData": "string", "remoteIp": "string", "remotePort": "string", "techSupportId": "string" }, "location": "The location captured for this record.", "name": "The name of the record created.", "origin": "originating component of a detection.", "severity": "The severity for this alert.", "source": "The source for this record.", "source_info": {}, "threat": "The threat associated with the record.", "type": "The type of this record.", "user_id": "The identifier of the user for which record is created.", "when": "The date at which the event was created.", "whitelist_properties": [ { "property": "string", "type": "string" } ] } ], "next_cursor": "Value of the next cursor. This will be used to make next call of API."}
Preview this Workflow on desktop