YossiCo
-
Posts
5 -
Joined
-
Last visited
Kudos
-
YossiCo gave kudos to j91321 in Inspect API
You can use $filter with ruleName to get only those names like this:
GET /api/v1/detections?$filter=ruleName eq "File and Directory Discovery [L1114]" My experience the best way how to get the additional details and don't miss detections is to combine syslog and API. Get information about new Inspect detections with Syslog which contains detection id and fetch the additional details with API. This is doable with logstash for example.