Is it possible to fetch threats by their status? This is in relation to being able to use the GET method against the
/openapi/v3/detectionsoperation. Currently, there is only 1 query parameter which is
since, so I was wondering if we can do it by
status just like we can do with the search functionality in the UI.
Red Canary API v3
You cannot fetch threats by their status through a query parameter. Instead, you must pull all threats from
/openapi/v3/detections, and filter on
Enumerate the threats you pull, and index on
last_remediated_status, which captures the following attributes:
- Remediation State
- Marked by
If you're writing code that looks for certain attributes, be aware that you won't see the
last_remediated_status attribute at all for a returned data object that hasn't been remediated.
Other endpoints, such as
/openapi/v3/endpoints, have a "q" parameter which allows passing the same searches used in the Red Canary GUI as a string. As we work to update all forms to the new react component in the future, the
/openapi/v3/detectionsendpoint will also have this parameter available.