list_detections_with_details
Retrieve detailed security threat detections from Vectra AI with filtering by category, state, IP address, date range, and key asset targeting for threat investigation.
Instructions
List detections with filtering and sorting options. Use this to get a detailed list of detections based on various criteria.
Returns:
str: JSON string with list of detections.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| ordering | No | Order by last_timestamp, created_datetime, or id. Defaults to ordering by last_timestamp | last_timestamp |
| detection_category | No | Filter by detection category. Detections are grouped into one of the following categories: Command & Control, Botnet, Exfiltration, Lateral Movement, Reconnaissance, Info. Can also perform partial word match | |
| detection_name | No | Filter by detection name. Can also perform partial word match | |
| state | No | Filter by detection state (active, inactive, fixed, filteredbyai, filteredbyrule). Default is 'active'. | active |
| src_ip | No | Filter by source IP address of the host that generated the detection. Must be a valid IPv4 or IPv6 address. | |
| start_date | No | Filter by start date (YYYY-MM-DDTHH:MM:SS) | |
| end_date | No | Filter by end date (YYYY-MM-DDTHH:MM:SS) | |
| is_targeting_key_asset | No | Filter for detections targeting a key asset. Defaults to 'False'. Set to 'True' to filter for detections that are targeting key assets. To get all detections regardless of key asset targeting, search for both True and False values. | |
| limit | No | Maximum number of detections to return in the batch. Defaults to 1000 |