Get agent event reports. - Response is concatenated using AND condition (OR is not supported). - Maximum result set size is 100. - Offset is the zero-based number of incidents from the start of the result set.
Required license: Cortex XDR Prevent, Cortex XDR Pro per Endpoint, or Cortex XDR Pro per GB
request_dataObject
A dictionary containing the API request fields. An empty dictionary returns all results.
filtersArray
An array of filter fields.
fieldString (Enum)
Identifies a list. Filters are based on the
following keywords:
- endpoint_id
: The endpoint ID.
- endpoint_name
: The endpoint name.
- type
: Type of report.
- sub_type
: Subtype of report.
- result
: Result type.
- timestamp
: Report timestamp.
- domain
: Domain of the agent.
- xdr_version
: XDR version.
- category
: Type of event category.
operatorString (Enum)
identifies the comparison operator you want to use for this filter. Valid keywords and values are:
in
- endpoint_id
, endpoint_name
, type
, sub_type
, result
, domain
, xdr_version
, category
: List of strings
gte
/ lte
- timestamp
valueArray integer
Value that this filter must match:
- timestamp
: Integer representing the number of milliseconds after the Unix epoch, UTC timezone.
- All other fields require a string value. In the case of in
operator, the value is a list of possible values enclosed in square brackets.
- category
: Permitted values are: status
, monitoring
, or audit
.
search_fromInteger
An integer representing the starting offset within the query result set from which you want agent reports returned. Reports are returned as a zero-based list. Any report indexed less than this value is not returned in the final result set and defaults to zero.
search_toInteger
An integer representing the end offset within the result set after which you do not want agent reports returned. Reports in the agent report list that are indexed higher than this value are not returned in the final results set. Defaults to 100, which returns all reports to the end ofthe list.
sortObjectrequired
Identifies the sort order for the result set.
fieldString (Enum)
The field you want to sort by.
keywordString (Enum)
Whether to sort in ascending or descending order.
{
"request_data": {}
}
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
'https://api-yourfqdn/public_api/v1/audits/agents_reports'
-d
''