list_detections_with_basic_info
Retrieve filtered lists of security detections from Vectra AI to quickly identify and prioritize potential threats for investigation.
Instructions
List detections with basic information and filtering options. Use this to get a quick overview of detections without detailed information.
Returns:
str: JSON string with list of detections ids.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| state | No | Filter by detection state (active, inactive, fixed, filteredbyai, filteredbyrule). Default is 'active'. | active |
| ordering | No | Order by last_timestamp, created_datetime, or id. Defaults to 'last_timestamp' | last_timestamp |
| detection_category | No | Filter by detection category. Detections are grouped into one of the following categories: Command & Control, Botnet, Exfiltration, Lateral Movement, Reconnaissance, Info. Can also perform partial word match | |
| detection_name | No | Filter by detection name. Can also perform partial word match | |
| src_ip | No | Filter by source IP address of the host that generated the detection | |
| start_date | No | Filter by start date (YYYY-MM-DDTHH:MM:SS) | |
| end_date | No | Filter by end date (YYYY-MM-DDTHH:MM:SS) | |
| is_targeting_key_asset | No | Filter for detections targeting a key asset. Defaults to 'False'. Set to 'True' to filter for detections that are targeting key assets. To get all detections regardless of key asset targeting, search for both True and False values. | |
| limit | No | Maximum number of detections to return in the batch. |