Fortinet black logo

Cortex-XSOAR Integration Guide

Home FortiNDR Cloud Cortex-XSOAR Integration Guide

fortindr-cloud-get-detections

fortindr-cloud-get-detections

Get a list of detections.

Base Command

fortindr-cloud-get-detections <input>

Input

Argument Name

Description

Required

rule_uuid

Filter to a specific rule.

Optional

account_uuid

For those with access to multiple accounts, specify a single account to return results from.

Optional

status

Filter by detection status: active, resolved.

Optional

device_ip

Device IP to filter by.

Optional

sensor_id

Sensor ID to filter by.

Optional

muted

List detections that a user muted: true / false.

Optional

muted_device

List detections for muted devices: true / false.

Optional

muted_rule

List detections for muted rules.

Optional

include

Include additional information in the response (rules). Possible values are: rules.

Optional

sort_by

Sort output by: ip, internal, or external.

Optional

sort_order

Sort direction (asc vs desc).

Optional

offset

The number of records to skip past.

Optional

limit

The number of records to return, default: 100, max: 1000. Default is 1000.

Optional

created_start_date

Created start date to filter by (inclusive).

Optional

created_end_date

Created end date to filter by (exclusive).

Optional

created_or_shared_start_date

Created or shared start date to filter by (inclusive).

Optional

created_or_shared_end_date

Created or shared end date to filter by (exclusive).

Optional

active_start_date

Active start date to filter by (inclusive).

Optional

active_end_date

Active end date to filter by (exclusive).

Optional

Context Output

Path prefix:

FortiNDRCloud.Detections

Path

Type

Description

.muted_rule

boolean

Is this rule muted: true/false.

.created

date

Date when the detection was created.

.account_uuid

unknown

Unique ID of the account for this detection.

.resolution_timestamp

date

Date when the detection was resolved.

.first_seen

date

Date when the detection was first seen.

.muted

boolean

Is the detection is muted: true/false.

.resolution

string

Resolution type.

.muted_user_uuid

string

Unique ID of the user that muted the detection.

.last_seen

date

Date when the detection was last seen.

.status

string

Current status of the detection.

.resolution_user_uuid

string

Unique identifier of the user that resolved the detection.

.resolution_comment

string

Comment entered when detection was resolved.

.muted_comment

string

Comment entered when detection was muted.

.sensor_id

string

ID code of the sensor.

.rule_uuid

string

Unique ID of the rule for this detection.

.updated

date

Date when the detection was last updated.

.uuid

string

Unique ID of the detection.

.muted_device_uuid

string

Unique ID of the muted device.

.device_ip

string

IP address of the detection

Command example

!fortindr-cloud-get-detections status=active include=rules created_or_shared_start_date=2022-08-23T22:00:00.000Z created_or_shared_end_date=2022-08-24T22:00:00.000Z

Previous
Next

fortindr-cloud-get-detections

Get a list of detections.

Base Command

fortindr-cloud-get-detections <input>

Input

Argument Name

Description

Required

rule_uuid

Filter to a specific rule.

Optional

account_uuid

For those with access to multiple accounts, specify a single account to return results from.

Optional

status

Filter by detection status: active, resolved.

Optional

device_ip

Device IP to filter by.

Optional

sensor_id

Sensor ID to filter by.

Optional

muted

List detections that a user muted: true / false.

Optional

muted_device

List detections for muted devices: true / false.

Optional

muted_rule

List detections for muted rules.

Optional

include

Include additional information in the response (rules). Possible values are: rules.

Optional

sort_by

Sort output by: ip, internal, or external.

Optional

sort_order

Sort direction (asc vs desc).

Optional

offset

The number of records to skip past.

Optional

limit

The number of records to return, default: 100, max: 1000. Default is 1000.

Optional

created_start_date

Created start date to filter by (inclusive).

Optional

created_end_date

Created end date to filter by (exclusive).

Optional

created_or_shared_start_date

Created or shared start date to filter by (inclusive).

Optional

created_or_shared_end_date

Created or shared end date to filter by (exclusive).

Optional

active_start_date

Active start date to filter by (inclusive).

Optional

active_end_date

Active end date to filter by (exclusive).

Optional

Context Output

Path prefix:

FortiNDRCloud.Detections

Path

Type

Description

.muted_rule

boolean

Is this rule muted: true/false.

.created

date

Date when the detection was created.

.account_uuid

unknown

Unique ID of the account for this detection.

.resolution_timestamp

date

Date when the detection was resolved.

.first_seen

date

Date when the detection was first seen.

.muted

boolean

Is the detection is muted: true/false.

.resolution

string

Resolution type.

.muted_user_uuid

string

Unique ID of the user that muted the detection.

.last_seen

date

Date when the detection was last seen.

.status

string

Current status of the detection.

.resolution_user_uuid

string

Unique identifier of the user that resolved the detection.

.resolution_comment

string

Comment entered when detection was resolved.

.muted_comment

string

Comment entered when detection was muted.

.sensor_id

string

ID code of the sensor.

.rule_uuid

string

Unique ID of the rule for this detection.

.updated

date

Date when the detection was last updated.

.uuid

string

Unique ID of the detection.

.muted_device_uuid

string

Unique ID of the muted device.

.device_ip

string

IP address of the detection

Command example

!fortindr-cloud-get-detections status=active include=rules created_or_shared_start_date=2022-08-23T22:00:00.000Z created_or_shared_end_date=2022-08-24T22:00:00.000Z

Previous
Next