Skip to main content

Overview

Allows the client to get open intelligence based on input search parameters. You can search on endpoint, vector, protocol, classification, code or time interval. You can leave input fields empty. Only fields with non-empty values will restrict the result set in the search. Use the offset and max count arguments to implement pagination.

HTTP request

POST /Agent/Intelligence/Get

Authentication

Requires a valid JWT bearer token.

Request (JSON)

{
	"endpoint": Optional(Str(PEndpoint)),
	"vector": Optional(Str(PVector)),
	"protocol": Optional(Str(PProtocol)),
	"classification": Optional(Str(PClassification)),
	"code": Optional(Str(PCode)),
	"from": Optional(DateTime(PFrom)),
	"to": Optional(DateTime(PTo)),
	"offset": Optional(Integer(POffset >= 0)),
	"maxCount": Optional(Integer(0 < PMaxCount <= 100))
}

Input parameters

ParameterDescription
PEndpointRestrict search to this endpoint.
PVectorRestrict search to this vector.
PProtocolRestrict search to this protocol.
PClassificationRestrict search to this classification.
PCodeRestrict search to this code.
PFromRestrict search to information generated after this point in time (inclusive).
PToRestrict search to information generated before this point in time (inclusive).
POffsetIgnore the first POffset number of information records.
PMaxCountMaximum number of records to return.

Response (JSON)

{
	"ResultSet": Optional(
		{
			"objectId": Required(Str(PObjectId)),
			"domain": Optional(Str(PDomain)),
			"endpoint": Required(Str(PEndpoint)),
			"timestamp": Required(DateTimeUtc(PTimestamp)),
			"expires": Required(DateTimeUtc(PExpires)),
			"vector": Optional(Str(PVector)),
			"protocol": Optional(Str(PProtocol)),
			"classification": Optional(Str(PClassification)),
			"code": Optional(Str(PCode)),
			"message": Optional(Str(PMessage)),
			"Tags": Optional(
			{
				"name": Required(Str(PTagName)),
				"value": Optional(PTagValue),
				"type": Optional(Str(PTagType))
			}
			[]),
			"AgentInformation": Optional(
			{
				"name": Required(Str(PAgentPropertyName)),
				"value": Optional(Str(PAgentPropertyValue))
			}
			[])
		}
		[])
}

Response parameters

ParameterDescription
PObjectIdObject ID of information record.
PEndpointEndpoint to which information relates.
PTimestampWhen information was recorded.
PExpiresWhen information expires.
PVectorInformation about threat vector.
PProtocolInformation about communication protocol protocol.
PClassificationInformation about classification.
PCodeInformation about code.
PMessageInformation message.
PTagNameName of information meta-data tag.
PTagValueValue of information meta-data tag.
PTagTypeType of information meta-data tag.
PAgentPropertyNameName of property of agent recording the information.
PAgentPropertyValueValue of property of agent recording the information.

Notes

This endpoint uses the request schema notation described in Pattern matching.