SentinelOne

Version: 2.0.0

Cyber security that prevents threats at faster speed, greater scale, and higher accuracy than humanly possible.

Connect SentinelOne with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for SentinelOne.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • Server URL: API URL for SentinelOne. Example: https://host/web/api/v2.1
    • Token: Token for authentication with SentinelOne server.
  4. After you've entered all the details, click Connect.

Actions for SentinelOne

Connects Agent To Network

Connects agent to network

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Agent IDJinja-templated agent ID which is to be connected to the network. Example: {{agent_id_column}}Required
Time between consecutive API requests (in millis)Time to wait between consecutive API requests in milliseconds. (Default is 0 milliseconds).Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Connects Agent To Network Data
{
   "locations":null,
   "osStartTime":"2021-01-12T20:40:27Z",
   "rangerVersion":null,
   "cloudProviders":{
      
   },
   "osArch":"64 bit",
   "licenseKey":"",
   "updatedAt":"2021-09-06T16:36:34.926026Z",
   "externalId":"",
   "networkInterfaces":[
      {
         "name":"ens3",
         "gatewayIp":"10.0.0.1",
         "inet6":[
            
         ],
         "gatewayMacAddress":"00:00:17:31:2e:8e",
         "id":"1184207949927894021",
         "inet":[
            "10.0.0.2"
         ],
         "physical":"02:00:17:09:AC:E4"
      },
      {
         "name":"docker0",
         "gatewayIp":null,
         "inet6":[
            
         ],
         "gatewayMacAddress":null,
         "id":"1184207949927894022",
         "inet":[
            "172.17.0.1"
         ],
         "physical":"02:42:2D:5A:F2:4C"
      }
   ],
   "lastActiveDate":"2021-09-06T16:35:30.729725Z",
   "networkStatus":"connecting",
   "locationEnabled":false,
   "lastIpToMgmt":"10.0.0.2",
   "accountName":"SentinelOne",
   "threatRebootRequired":false,
   "scanStartedAt":"2021-06-22T21:30:56.771107Z",
   "domain":"sub01122036110.default.oraclevcn.com",
   "uuid":"8680d9d2-16d3-2915-b736-2b4d2f4d6faf",
   "lastLoggedInUserName":"",
   "networkQuarantineEnabled":false,
   "isUninstalled":false,
   "scanStatus":"finished",
   "userActionsNeeded":[
      
   ],
   "osUsername":"root",
   "cpuCount":1,
   "storageType":null,
   "coreCount":2,
   "isPendingUninstall":false,
   "firewallEnabled":true,
   "accountId":"433241117337583618",
   "mitigationMode":"protect",
   "activeThreats":0,
   "registeredAt":"2021-06-22T21:29:48.386746Z",
   "machineType":"server",
   "groupId":"1184166245199854505",
   "infected":false,
   "modelName":"QEMU Standard PC (i440FX + PIIX, 1996)",
   "consoleMigrationStatus":"N/A",
   "storageName":null,
   "has_error":false,
   "siteName":"LogicHub",
   "id":"1184207949919505412",
   "scanFinishedAt":"2021-06-23T00:03:51.386826Z",
   "error":null,
   "remoteProfilingStateExpiration":null,
   "installerType":".rpm",
   "groupName":"Default Group",
   "encryptedApplications":false,
   "remoteProfilingState":"disabled",
   "osType":"linux",
   "totalMemory":688,
   "externalIp":"129.213.58.77",
   "createdAt":"2021-06-22T21:29:48.389992Z",
   "osName":"Linux",
   "isActive":true,
   "agentVersion":"21.6.3.7",
   "inRemoteShellSession":false,
   "isUpToDate":true,
   "allowRemoteShell":true,
   "cpuId":"AMD EPYC 7551 32-Core Processor",
   "mitigationModeSuspicious":"detect",
   "isDecommissioned":false,
   "siteId":"1184166245183077288",
   "computerName":"instance-20210112-1436",
   "locationType":"not_supported",
   "operationalStateExpiration":null,
   "rangerStatus":"NotApplicable",
   "scanAbortedAt":null,
   "activeDirectory":{
      "computerDistinguishedName":null,
      "lastUserMemberOf":[
         
      ],
      "computerMemberOf":[
         
      ],
      "lastUserDistinguishedName":null
   },
   "operationalState":"na",
   "osRevision":"Oracle Server release 7.9 5.4.17-2036.102.0.2.el7uek.x86_64",
   "appsVulnerabilityStatus":"not_applicable",
   "groupIp":"129.213.58.x"
}

Disconnects Agent From Network

Disconnects agent from network

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Agent IDJinja-templated agent ID which is to be disconnected from the network. Example: {{agent_id_column}}Required
Time between consecutive API requests (in millis)Time to wait between consecutive API requests in milliseconds. (Default is 0 milliseconds).Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Disconnects Agent From Network Data
{
   "locations":null,
   "osStartTime":"2021-01-12T20:40:27Z",
   "rangerVersion":null,
   "cloudProviders":{
      
   },
   "osArch":"64 bit",
   "licenseKey":"",
   "updatedAt":"2021-09-06T16:36:34.926026Z",
   "externalId":"",
   "networkInterfaces":[
      {
         "name":"ens3",
         "gatewayIp":"10.0.0.1",
         "inet6":[
            
         ],
         "gatewayMacAddress":"00:00:17:31:2e:8e",
         "id":"1184207949927894021",
         "inet":[
            "10.0.0.2"
         ],
         "physical":"02:00:17:09:AC:E4"
      },
      {
         "name":"docker0",
         "gatewayIp":null,
         "inet6":[
            
         ],
         "gatewayMacAddress":null,
         "id":"1184207949927894022",
         "inet":[
            "172.17.0.1"
         ],
         "physical":"02:42:2D:5A:F2:4C"
      }
   ],
   "lastActiveDate":"2021-09-06T16:35:30.729725Z",
   "networkStatus":"connecting",
   "locationEnabled":false,
   "lastIpToMgmt":"10.0.0.2",
   "accountName":"SentinelOne",
   "threatRebootRequired":false,
   "scanStartedAt":"2021-06-22T21:30:56.771107Z",
   "domain":"sub01122036110.default.oraclevcn.com",
   "uuid":"8680d9d2-16d3-2915-b736-2b4d2f4d6faf",
   "lastLoggedInUserName":"",
   "networkQuarantineEnabled":false,
   "isUninstalled":false,
   "scanStatus":"finished",
   "userActionsNeeded":[
      
   ],
   "osUsername":"root",
   "cpuCount":1,
   "storageType":null,
   "coreCount":2,
   "isPendingUninstall":false,
   "firewallEnabled":true,
   "accountId":"433241117337583618",
   "mitigationMode":"protect",
   "activeThreats":0,
   "registeredAt":"2021-06-22T21:29:48.386746Z",
   "machineType":"server",
   "groupId":"1184166245199854505",
   "infected":false,
   "modelName":"QEMU Standard PC (i440FX + PIIX, 1996)",
   "consoleMigrationStatus":"N/A",
   "storageName":null,
   "has_error":false,
   "siteName":"LogicHub",
   "id":"1184207949919505412",
   "scanFinishedAt":"2021-06-23T00:03:51.386826Z",
   "error":null,
   "remoteProfilingStateExpiration":null,
   "installerType":".rpm",
   "groupName":"Default Group",
   "encryptedApplications":false,
   "remoteProfilingState":"disabled",
   "osType":"linux",
   "totalMemory":688,
   "externalIp":"129.213.58.77",
   "createdAt":"2021-06-22T21:29:48.389992Z",
   "osName":"Linux",
   "isActive":true,
   "agentVersion":"21.6.3.7",
   "inRemoteShellSession":false,
   "isUpToDate":true,
   "allowRemoteShell":true,
   "cpuId":"AMD EPYC 7551 32-Core Processor",
   "mitigationModeSuspicious":"detect",
   "isDecommissioned":false,
   "siteId":"1184166245183077288",
   "computerName":"instance-20210112-1436",
   "locationType":"not_supported",
   "operationalStateExpiration":null,
   "rangerStatus":"NotApplicable",
   "scanAbortedAt":null,
   "activeDirectory":{
      "computerDistinguishedName":null,
      "lastUserMemberOf":[
         
      ],
      "computerMemberOf":[
         
      ],
      "lastUserDistinguishedName":null
   },
   "operationalState":"na",
   "osRevision":"Oracle Server release 7.9 5.4.17-2036.102.0.2.el7uek.x86_64",
   "appsVulnerabilityStatus":"not_applicable",
   "groupIp":"129.213.58.x"
}

Create Query

Runs a Deep Visibility Query and returns the queryId. You can use the queryId for all other commands, such as the sentinelone-get-events command.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
QueryJinja-templated query used for creating the query. Example: EndpointName exists.Required
From DateJinja-templated from date used for creating the query. Format: %Y-%m-%dT%H:%M:%SZ, Example: 2021-06-22T21:29:48ZRequired
To DateJinja-templated to date used for creating the query. Format: %Y-%m-%dT%H:%M:%SZ, Example: 2021-06-22T21:29:48ZRequired
Time between consecutive API requests (in millis)Time to wait between consecutive API requests in milliseconds. (Default is 0 milliseconds).Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Create Query Data
{
   "has_error":false,
   "data":{
      "queryId":"qe4080a5f8088b188b423b9edcc768252"
   },
   "error":null
}

Get Agent

Get agent details by agent ID

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Agent IDJinja-templated agent ID which is to be fetched. Example: {{agent_id_column}}Required
Time between consecutive API requests (in millis)Time to wait between consecutive API requests in milliseconds. (Default is 0 milliseconds).Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Get Agent Data
{
   "locations":null,
   "osStartTime":"2021-01-12T20:40:27Z",
   "rangerVersion":null,
   "cloudProviders":{
      
   },
   "osArch":"64 bit",
   "licenseKey":"",
   "updatedAt":"2021-09-06T04:27:29.724745Z",
   "externalId":"",
   "networkInterfaces":[
      {
         "name":"ens3",
         "gatewayIp":"10.0.0.1",
         "inet6":[
            
         ],
         "gatewayMacAddress":"00:00:17:31:2e:8e",
         "id":"1184207949927894021",
         "inet":[
            "10.0.0.2"
         ],
         "physical":"02:00:17:09:AC:E4"
      },
      {
         "name":"docker0",
         "gatewayIp":null,
         "inet6":[
            
         ],
         "gatewayMacAddress":null,
         "id":"1184207949927894022",
         "inet":[
            "172.17.0.1"
         ],
         "physical":"02:42:2D:5A:F2:4C"
      }
   ],
   "lastActiveDate":"2021-09-06T16:32:30.729967Z",
   "networkStatus":"connected",
   "locationEnabled":false,
   "lastIpToMgmt":"10.0.0.2",
   "accountName":"SentinelOne",
   "threatRebootRequired":false,
   "scanStartedAt":"2021-06-22T21:30:56.771107Z",
   "domain":"sub01122036110.default.oraclevcn.com",
   "uuid":"8680d9d2-16d3-2915-b736-2b4d2f4d6faf",
   "lastLoggedInUserName":"",
   "networkQuarantineEnabled":false,
   "isUninstalled":false,
   "scanStatus":"finished",
   "userActionsNeeded":[
      
   ],
   "osUsername":"root",
   "cpuCount":1,
   "storageType":null,
   "coreCount":2,
   "isPendingUninstall":false,
   "firewallEnabled":true,
   "accountId":"433241117337583618",
   "mitigationMode":"protect",
   "activeThreats":0,
   "registeredAt":"2021-06-22T21:29:48.386746Z",
   "machineType":"server",
   "groupId":"1184166245199854505",
   "infected":false,
   "modelName":"QEMU Standard PC (i440FX + PIIX, 1996)",
   "consoleMigrationStatus":"N/A",
   "storageName":null,
   "has_error":false,
   "siteName":"LogicHub",
   "id":"1184207949919505412",
   "scanFinishedAt":"2021-06-23T00:03:51.386826Z",
   "error":null,
   "remoteProfilingStateExpiration":null,
   "installerType":".rpm",
   "groupName":"Default Group",
   "encryptedApplications":false,
   "remoteProfilingState":"disabled",
   "osType":"linux",
   "totalMemory":688,
   "externalIp":"129.213.58.77",
   "createdAt":"2021-06-22T21:29:48.389992Z",
   "osName":"Linux",
   "isActive":true,
   "agentVersion":"21.6.3.7",
   "inRemoteShellSession":false,
   "isUpToDate":true,
   "allowRemoteShell":true,
   "cpuId":"AMD EPYC 7551 32-Core Processor",
   "mitigationModeSuspicious":"detect",
   "isDecommissioned":false,
   "siteId":"1184166245183077288",
   "computerName":"instance-20210112-1436",
   "locationType":"not_supported",
   "operationalStateExpiration":null,
   "rangerStatus":"NotApplicable",
   "scanAbortedAt":null,
   "activeDirectory":{
      "computerDistinguishedName":null,
      "lastUserMemberOf":[
         
      ],
      "computerMemberOf":[
         
      ],
      "lastUserDistinguishedName":null
   },
   "operationalState":"na",
   "osRevision":"Oracle Server release 7.9 5.4.17-2036.102.0.2.el7uek.x86_64",
   "appsVulnerabilityStatus":"not_applicable",
   "groupIp":"129.213.58.x"
}

Get Events

Fetch all deep visibility events that match the query.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Query IDJinja-templated query ID which is to be fetched. Example: {{query_id_column}}Required
LimitLimit for number of events to be fetched. (Default is 100000)Required
Time between consecutive API requests (in millis)Time to wait between consecutive API requests in milliseconds. (Default is 0 milliseconds).Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Get Events Data
{
   "has_error":false,
   "noResults":"no results returned",
   "error":null
}

List Agents

List all agents matching the input filter

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Minimum Active ThreatsJinja-templated minimum active threats. Agents with active threats greater than this value will be fetched. Example: {{minimum_active_threats}}Required
Computer NameJinja-templated computer name. Example: {{computer_name_column}}Required
Scan StatusJinja-templated scan status. Example: {{scan_status_column}}Required
OS TypeJinja-templated OS type. Example: {{os_type_column}}Required
Created AtJinja-templated date representing created date of the agent. Format: %Y-%m-%dT%H:%M:%SZ, Example: 2021-06-22T21:29:48ZRequired
Time between consecutive API requests (in millis)Time to wait between consecutive API requests in milliseconds. (Default is 0 milliseconds).Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: List Agents Data
{
   "locations":null,
   "osStartTime":"2021-01-12T20:40:27Z",
   "rangerVersion":null,
   "cloudProviders":{
      
   },
   "osArch":"64 bit",
   "licenseKey":"",
   "updatedAt":"2021-09-06T04:27:29.724745Z",
   "externalId":"",
   "networkInterfaces":[
      {
         "gatewayIp":"10.0.0.1",
         "gatewayMacAddress":"00:00:17:31:2e:8e",
         "id":"1184207949927894021",
         "inet":[
            "10.0.0.2"
         ],
         "inet6":[
            
         ],
         "name":"ens3",
         "physical":"02:00:17:09:AC:E4"
      },
      {
         "gatewayIp":null,
         "gatewayMacAddress":null,
         "id":"1184207949927894022",
         "inet":[
            "172.17.0.1"
         ],
         "inet6":[
            
         ],
         "name":"docker0",
         "physical":"02:42:2D:5A:F2:4C"
      }
   ],
   "lastActiveDate":"2021-09-06T16:19:00.729942Z",
   "networkStatus":"connected",
   "locationEnabled":false,
   "lastIpToMgmt":"10.0.0.2",
   "accountName":"SentinelOne",
   "threatRebootRequired":false,
   "scanStartedAt":"2021-06-22T21:30:56.771107Z",
   "domain":"sub01122036110.default.oraclevcn.com",
   "uuid":"8680d9d2-16d3-2915-b736-2b4d2f4d6faf",
   "lastLoggedInUserName":"",
   "networkQuarantineEnabled":false,
   "isUninstalled":false,
   "scanStatus":"finished",
   "userActionsNeeded":[
      
   ],
   "osUsername":"root",
   "cpuCount":1,
   "storageType":null,
   "coreCount":2,
   "isPendingUninstall":false,
   "firewallEnabled":true,
   "accountId":"433241117337583618",
   "mitigationMode":"protect",
   "activeThreats":0,
   "registeredAt":"2021-06-22T21:29:48.386746Z",
   "machineType":"server",
   "groupId":"1184166245199854505",
   "infected":false,
   "modelName":"QEMU Standard PC (i440FX + PIIX, 1996)",
   "consoleMigrationStatus":"N/A",
   "storageName":null,
   "has_error":false,
   "siteName":"LogicHub",
   "id":"1184207949919505412",
   "scanFinishedAt":"2021-06-23T00:03:51.386826Z",
   "error":null,
   "remoteProfilingStateExpiration":null,
   "installerType":".rpm",
   "groupName":"Default Group",
   "encryptedApplications":false,
   "remoteProfilingState":"disabled",
   "osType":"linux",
   "totalMemory":688,
   "externalIp":"129.213.58.77",
   "createdAt":"2021-06-22T21:29:48.389992Z",
   "osName":"Linux",
   "isActive":true,
   "agentVersion":"21.6.3.7",
   "inRemoteShellSession":false,
   "isUpToDate":true,
   "allowRemoteShell":true,
   "cpuId":"AMD EPYC 7551 32-Core Processor",
   "mitigationModeSuspicious":"detect",
   "isDecommissioned":false,
   "siteId":"1184166245183077288",
   "computerName":"instance-20210112-1436",
   "locationType":"not_supported",
   "operationalStateExpiration":null,
   "rangerStatus":"NotApplicable",
   "scanAbortedAt":null,
   "activeDirectory":{
      "computerDistinguishedName":null,
      "computerMemberOf":[
         
      ],
      "lastUserDistinguishedName":null,
      "lastUserMemberOf":[
         
      ]
   },
   "operationalState":"na",
   "osRevision":"Oracle Server release 7.9 5.4.17-2036.102.0.2.el7uek.x86_64",
   "appsVulnerabilityStatus":"not_applicable",
   "groupIp":"129.213.58.x"
}

Shutdown Agent

Shutdown agent via filters

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
QueryJinja-templated query for shutting down the agents. Example: {{query_column}}Required
Agent IDsJinja-templated comma separated Agent IDs which are to be shutdown. Example: {{agent_id_column}}Required
Group IDsJinja-templated comma separated Group ID. Example: {{group_id_column}}Required
Time between consecutive API requests (in millis)Time to wait between consecutive API requests in milliseconds. (Default is 0 milliseconds).Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Shutdown Agent Data
{
   "locations":null,
   "osStartTime":"2021-01-12T20:40:27Z",
   "rangerVersion":null,
   "cloudProviders":{
      
   },
   "osArch":"64 bit",
   "licenseKey":"",
   "updatedAt":"2021-09-06T16:36:34.926026Z",
   "externalId":"",
   "networkInterfaces":[
      {
         "name":"ens3",
         "gatewayIp":"10.0.0.1",
         "inet6":[
            
         ],
         "gatewayMacAddress":"00:00:17:31:2e:8e",
         "id":"1184207949927894021",
         "inet":[
            "10.0.0.2"
         ],
         "physical":"02:00:17:09:AC:E4"
      },
      {
         "name":"docker0",
         "gatewayIp":null,
         "inet6":[
            
         ],
         "gatewayMacAddress":null,
         "id":"1184207949927894022",
         "inet":[
            "172.17.0.1"
         ],
         "physical":"02:42:2D:5A:F2:4C"
      }
   ],
   "lastActiveDate":"2021-09-06T16:35:30.729725Z",
   "networkStatus":"connecting",
   "locationEnabled":false,
   "lastIpToMgmt":"10.0.0.2",
   "accountName":"SentinelOne",
   "threatRebootRequired":false,
   "scanStartedAt":"2021-06-22T21:30:56.771107Z",
   "domain":"sub01122036110.default.oraclevcn.com",
   "uuid":"8680d9d2-16d3-2915-b736-2b4d2f4d6faf",
   "lastLoggedInUserName":"",
   "networkQuarantineEnabled":false,
   "isUninstalled":false,
   "scanStatus":"finished",
   "userActionsNeeded":[
      
   ],
   "osUsername":"root",
   "cpuCount":1,
   "storageType":null,
   "coreCount":2,
   "isPendingUninstall":false,
   "firewallEnabled":true,
   "accountId":"433241117337583618",
   "mitigationMode":"protect",
   "activeThreats":0,
   "registeredAt":"2021-06-22T21:29:48.386746Z",
   "machineType":"server",
   "groupId":"1184166245199854505",
   "infected":false,
   "modelName":"QEMU Standard PC (i440FX + PIIX, 1996)",
   "consoleMigrationStatus":"N/A",
   "storageName":null,
   "has_error":false,
   "siteName":"LogicHub",
   "id":"1184207949919505412",
   "scanFinishedAt":"2021-06-23T00:03:51.386826Z",
   "error":null,
   "remoteProfilingStateExpiration":null,
   "installerType":".rpm",
   "groupName":"Default Group",
   "encryptedApplications":false,
   "remoteProfilingState":"disabled",
   "osType":"linux",
   "totalMemory":688,
   "externalIp":"129.213.58.77",
   "createdAt":"2021-06-22T21:29:48.389992Z",
   "osName":"Linux",
   "isActive":true,
   "agentVersion":"21.6.3.7",
   "inRemoteShellSession":false,
   "isUpToDate":true,
   "allowRemoteShell":true,
   "cpuId":"AMD EPYC 7551 32-Core Processor",
   "mitigationModeSuspicious":"detect",
   "isDecommissioned":false,
   "siteId":"1184166245183077288",
   "computerName":"instance-20210112-1436",
   "locationType":"not_supported",
   "operationalStateExpiration":null,
   "rangerStatus":"NotApplicable",
   "scanAbortedAt":null,
   "activeDirectory":{
      "computerDistinguishedName":null,
      "lastUserMemberOf":[
         
      ],
      "computerMemberOf":[
         
      ],
      "lastUserDistinguishedName":null
   },
   "operationalState":"na",
   "osRevision":"Oracle Server release 7.9 5.4.17-2036.102.0.2.el7uek.x86_64",
   "appsVulnerabilityStatus":"not_applicable",
   "groupIp":"129.213.58.x"
}

Dashboard Threat Summary

Dashboard threat summary for sites and groups

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Site IDsJinja-templated comma separated site IDs for which threat summary needs to be pulled. Example: {{site_id_column}}Required
Group IDsJinja-templated comma separated group IDs. Example: {{group_id_column}}Required
Time between consecutive API requests (in millis)Time to wait between consecutive API requests in milliseconds. (Default is 0 milliseconds).Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • result: Dashboard Threat Summary Data
{
   "has_error":false,
   "data":{
      "notResolved":0,
      "resolved":0,
      "suspiciousNotMitigatedNotResolved":0,
      "suspiciousNotResolved":0,
      "notMitigatedNotResolved":0,
      "inProgress":0,
      "total":0,
      "maliciousNotResolved":0,
      "notMitigated":0
   },
   "error":null
}

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem
  • v1.1.1 - Added documentation link in the automation library.

© 2017-2021 LogicHub®. All Rights Reserved.