Create a threat hunt

post

https://apis.druva.com/realize/threathunting/v1/threathunts

Create a threat hunt for all the selected resources.

Body Params

name

string

Specify a name for the threat hunt.

description

string

Provide a description of the threat hunt.

fileHashes

array of strings

Specify the malicious file hashes for the threat hunt. Example - ['9032a70bc7f6c44ba2bf639b6f09b8d10b056e00']

fileHashes

fileExtensions

array of strings

Specify the malicious file extensions for the threat hunt. Example - ['.wcry']

fileExtensions

threatIntelIOCSetIDs

array of integers

Specify the Threat-Intel IOC Set IDs list to include predefined file hashes and extensions in the threat scan. You can choose the IOC Sets from the IOC Library section under Cyber Resilience.

threatIntelIOCSetIDs

autoQuarantine

boolean

Specify the boolean flag to mark snapshots as quarantined when a threat is detected after the scan completion. Currently, Auto-Quarantine is supported for VMware, Azure Virtual Machines, and AWS Workloads - EC2 and EBS Volumes.

snapshotRangeStartDate

string

Specify the start date to allow the threat hunt to scan for threats using snapshots created on this date. Format: YYYY-MM-DD.

snapshotRangeEndDate

string

Specify the end date to allow the threat hunt to use snapshots created through this date to scan for threats. Format - YYYY-MM-DD.

resourcesToScan

object

Specify the resources for creating a threat hunt and provide the resource type. Currently, VMware and Azure Virtual Machines (Enterprise Workloads); EC2 and EBS Volumes (AWS workloads) resource types are supported.

Responses

401

The request either did not include an authentication token, or you have provided an expired authentication token.

Language

Credentials

Header

Response

Click Try It! to start a request and see the response here! Or choose an example:

*/*

200Success

400Bad Request

404The requested resource was not found.

500Internal Server Error