Jump to content

YossiCo

Members
  • Posts

    5
  • Joined

  • Last visited

Kudos

  1. Upvote
    YossiCo gave kudos to j91321 in Inspect API   
    You can use $filter with ruleName to get only those names like this:
    GET /api/v1/detections?$filter=ruleName eq "File and Directory Discovery [L1114]" My experience the best way how to get the additional details and don't miss detections is to combine syslog and API. Get information about new Inspect detections with Syslog which contains detection id and fetch the additional details with API. This is doable with logstash for example.
×
×
  • Create New...