Search using Filters

Updated 6 days ago by Elvis Hovor

Description

In the TruSTAR App for Demisto, this command returns Intel Reports matching the specified filters. All parameters are optional.

Format

trustar-get-reports

Example

!trustar-get-reports distribution_type=ENCLAVE enclave_ids=xxxxxxx.yyyyyyyyy.zzzzzz from_time="1 day ago"

Inputs

Argument

Description

Required

from_time

Start of time window. Legal formats are

  • ISO 8601 (YYYY-MM-DD HH:MM:SS
  • Relative time LAST <##> <time period> where an example is LAST 1 MONTH

Default is the last 24 hours.

No

to_time

End of time window. Legal formats are

  • ISO 8601 (YYYY-MM-DD HH:MM:SS
  • Relative time LAST <##> <time period> where an example is LAST 1 MONTH

Default is the current time.

No

distribution_type

Distribution type of the report. Legal values are COMMUNITY or ENCLAVE (the default).

No

enclave_ids

Comma-separated list of Enclave IDs to search. Even if distributionType is COMMUNITY, these enclaves will still be searched as well.

If no argument is specified, the default is to search all enclaves which you have Read access to in TruSTAR.

No

tags

List of tags to use when searching for Intel Reports; only Intel Reports containing ALL of these tags will be returned.

No

excluded_tags

Intel Reports containing ANY of these tags will be excluded from the results

No

Outputs

If no arguments are specified, the most recent 25 Intel Reports will be returned. This matches the view you would see in the TruSTAR Web App.

Path

Type

Description

TruSTAR.Report.title

string

Title of the report

TruSTAR.Report.reportBody

string

Body of the report

TruSTAR.Report.id

string

ID of the report


How Did We Do?