GuidesAPI ReferenceGitHub RepositoryPartner IntegrationsWhat's New
API Reference
Product DocumentationSupportSandbox Account

Lists Threat Watch impacted devices

get
https://apis.druva.com/realize/threathunting/v1/threatwatch/devices

The Threat Watch API provides a paginated list of devices affected by matches against Indicators of Compromise (IOC) sets identified during Threat Watch scans over the past 30 days. For each impacted device, the results include: Resource type, Count of file matches, Count of impacted snapshots, Matched IOC Sets, Timestamp of the first match, and Timestamp of the last match.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Query Params
resourceTypes[]
array of strings
enum

Devices can be filtered based on their resource type, which includes 'VMware', 'EC2', and 'AzureVM' (lowercase workload names: vmware, ec2, azurevm).

resourceTypes[]
iocSetIds[]
array of integers

Filters devices based on IOC set IDs. You can specify multiple IOC Set IDs.

iocSetIds[]
string

The token to access the next page of results. Use the token value received in the previous response's parameter 'nextPageToken'.

Responses

401

The request either did not include an authentication token, or you have provided an expired authentication token.

Updated 3 months ago

Language
Credentials
Header
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
*/*

Updated 3 months ago