fortindr-cloud-get-detections
Get a list of detections.
Base Command
fortindr-cloud-get-detections <input>
Input
Argument Name |
Description |
Required |
---|---|---|
rule_uuid |
Filter to a specific rule. |
Optional |
account_uuid |
For those with access to multiple accounts, specify a single account to return results from. |
Optional |
status |
Filter by detection status: active, resolved. |
Optional |
device_ip |
Device IP to filter by. |
Optional |
sensor_id |
Sensor ID to filter by. |
Optional |
muted |
List detections that a user muted: true / false. |
Optional |
muted_device |
List detections for muted devices: true / false. |
Optional |
muted_rule |
List detections for muted rules. |
Optional |
include |
Include additional information in the response (rules). Possible values are: rules. |
Optional |
sort_by |
Sort output by:
|
Optional |
sort_order |
Sort direction ( |
Optional |
offset |
The number of records to skip past. |
Optional |
limit |
The number of records to return, default: 100, max: 1000. Default is 1000. |
Optional |
created_start_date |
Created start date to filter by (inclusive). |
Optional |
created_end_date |
Created end date to filter by (exclusive). |
Optional |
created_or_shared_start_date |
Created or shared start date to filter by (inclusive). |
Optional |
created_or_shared_end_date |
Created or shared end date to filter by (exclusive). |
Optional |
active_start_date |
Active start date to filter by (inclusive). |
Optional |
active_end_date |
Active end date to filter by (exclusive). |
Optional |
Context Output
Path prefix:
FortiNDRCloud.Detections
Path |
Type |
Description |
---|---|---|
.muted_rule |
boolean |
Is this rule muted: true/false. |
.created |
date |
Date when the detection was created. |
.account_uuid |
unknown |
Unique ID of the account for this detection. |
.resolution_timestamp |
date |
Date when the detection was resolved. |
.first_seen |
date |
Date when the detection was first seen. |
.muted |
boolean |
Is the detection is muted: true/false. |
.resolution |
string |
Resolution type. |
.muted_user_uuid |
string |
Unique ID of the user that muted the detection. |
.last_seen |
date |
Date when the detection was last seen. |
.status |
string |
Current status of the detection. |
.resolution_user_uuid |
string |
Unique identifier of the user that resolved the detection. |
.resolution_comment |
string |
Comment entered when detection was resolved. |
.muted_comment |
string |
Comment entered when detection was muted. |
.sensor_id |
string |
ID code of the sensor. |
.rule_uuid |
string |
Unique ID of the rule for this detection. |
.updated |
date |
Date when the detection was last updated. |
.uuid |
string |
Unique ID of the detection. |
.muted_device_uuid |
string |
Unique ID of the muted device. |
.device_ip |
string |
IP address of the detection |
Command example
!fortindr-cloud-get-detections status=active include=rules created_or_shared_start_date=2022-08-23T22:00:00.000Z created_or_shared_end_date=2022-08-24T22:00:00.000Z