- Get Started with Threat Center
- Group Detections
- Work on Cases
- Work on Alerts
- Edit and Collaborate in Threat Center
- Use Automation Tools in Threat Center
- Find Cases or Alerts
- Build a Search in Threat Center
- Enter a Search Using Exabeam Query Language in Threat Center
- Enter a Search Using Natural Language in Threat Center
- Run a Recent Search in Threat Center
- Create a New Saved Search in Threat Center
- Run a Saved Search in Threat Center
- Edit a Saved Search in Threat Center
- Delete a Saved Search in Threat Center
- Sort Cases or Alerts
- View Case and Alert Metrics
- Get Notified About Threat Center
- Threat Center APIs
Threat Center APIs
Programmatically interact with Threat Center cases and alerts with Exabeam API.
To access Threat Center API endpoints, you must have an API key with Threat Center permissions. To review specific request and response parameters, review the API Reference.
The following APIs are available for Threat Center cases:
Endpoint | Summary | Description | Response |
|---|---|---|---|
POST /threat-center/v1/search/cases | Search for cases | Search for cases that match one or more search criteria. For example, you can search for cases that are associated with a specific | Returns the timestamp of when the search request started, the timestamp of when the search request completed, cases that match the search criteria and their properties, and the total number of returned search results. |
GET /threat-center/v1/cases/{caseId} | Get case details | Get details for a specific case, as identified by a case ID. | Returns attributes for the specified case. |
POST /threat-center/v1/cases/{caseId} | Update case details | Update details for a specific case, as identified by case ID. Modify field values such as | Returns attributes for the case. |
POST /threat-center/v1/cases | Create a new case | Creates a new case associated with an alert and updates case details like | Returns attributes for the created case. |
The following APIs are available for Threat Center alerts:
Endpoint | Summary | Description | Response |
|---|---|---|---|
POST /threat-center/v1/search/alerts | Search for alerts | Search for alerts that match one or more search criteria. For example, you can search for alerts that are associated with a specific | Returns the timestamp of when the search request started, the timestamp of when the search request completed, alerts that match the search criteria and their properties, and the total number of returned search results. |
GET /threat-center/v1/alerts/{alertId} | Get alert details | Get details for a specific alert, as identified by an alert ID. | Returns attributes for the specified alert. |
POST /threat-center/v1/alerts/{alertId} | Update alert details | Update details for a specific alert, as identified by an alert ID. Modify field values such as | Returns attributes for the specified alert. |