list_detection_ids
Retrieve detection IDs from Vectra AI security platform with filtering by state, category, source IP, date range, and key asset targeting for threat analysis and incident response.
Instructions
List detection IDs with filtering and sorting options. Use this to get a list of detection IDs based on various criteria.
Returns:
str: JSON string with list of detection IDs.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| ordering | No | Order by last_timestamp, created_datetime, or id | last_timestamp |
| state | No | Filter by detection state (active, inactive, fixed, filteredbyai, filteredbyrule). Default is 'active'. | active |
| detection_category | No | Filter by detection category. Detections are grouped into one of the following categories: Command & Control, Botnet, Exfiltration, Lateral Movement, Reconnaissance, Info. Can also perform partial word match | |
| detection_name | No | Filter by detection name. Can also perform partial word match | |
| src_ip | No | Filter by source IP address of the host that generated the detection | |
| start_date | No | Filter by start date (YYYY-MM-DDTHH:MM:SS) | |
| end_date | No | Filter by end date (YYYY-MM-DDTHH:MM:SS) | |
| is_targeting_key_asset | No | Filter for detections targeting a key asset. Defaults to 'False'. Set to 'True' to filter for detections that are targeting key assets. To get all detections regardless of key asset targeting, search for both True and False values. | |
| limit | No | Maximum number of detections to return in the batch. Defaults to 1000. |