Hunt and Investigate
Using hunting queries and file search capabilities in the API, further your investigation of malicious behavior in your organization, including:
Hunt for and investigate malicious behavior
Pinpoint elements of interest
Investigate specific features of the elements from which you need information
Search for malicious files across machines in your organization
Download files from the Element Details screen
All of these capabilities help you improve security, uncover bad practices and deficiencies, and gain insight on tactical and strategic methods for threat prevention in your environment.
Tasks
All APIs assume a URL prefix of https://<your server>/rest.
Note
Click on any URI path to view more detailed information on a specific API request.
Task |
Endpoint |
Method |
Returns |
|---|---|---|---|
Run investigative queries |
POST |
Query results |
|
Search for files |
POST |
Batch number and details of the file search operation |
|
Get results of a previous file search |
GET |
List of previous results |
|
Get results of a previous file search and export to CSV |
GET |
List of previous results |
|
Return previous file searches |
GET |
list of previous file searches |
|
Return previous file searches for all users |
GET |
List of previous file searches |
|
Start a file download operation |
POST |
Status message |
|
Get a batch number for download operations |
GET |
Batch number for a download operation |
|
Download a file |
GET |
List of previous file searches |
|
Abort a file download operation |
GET |
Status message |
Improve your Hunting Queries
When creating a response, use these additional tools further focus your query. For details, see How to Build Queries.