This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About sushant1601
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About sushant1601
09-21-2023
12Posts
0Likes
0Solutions
Sep 21, 2023Last Visited
User
Activity
User
Profile
Latest posts by sushant1601
| Subject | Views | Posted |
|---|---|---|
| 219 | 09-13-2023 12:41 AM | |
| 527 | 06-13-2023 10:03 AM | |
| 529 | 06-13-2023 10:02 AM | |
| 629 | 06-12-2023 12:27 AM | |
| 568 | 06-09-2023 09:50 AM | |
| 607 | 06-09-2023 06:31 AM | |
| 640 | 06-08-2023 09:59 AM | |
| 650 | 06-08-2023 08:56 AM | |
| 735 | 06-02-2023 06:32 AM | |
| 781 | 06-02-2023 06:25 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 2 Likes | |||
| 2 Likes |
User Badges
Community Statistics
| Member Since | 05-24-2023 07:51 AM |
| Date Last Visited | 09-21-2023 04:59 AM |
| Posts | 12 |
09-15-2023
01:46 AM
Hello,
The parameter "timeframe" in the Cortex API represents the time range for which you want to retrieve logs. It is based on the log generation time, not the log ingestion time. The three timestamp fields (_time, _insert_time, and insert_timestamp) represent different aspects of the logs. - _time represents the time when the event occurred. - _insert_time represents the time when the log was ingested into Cortex XDR. - insert_timestamp is a numerical representation of _insert_time. If you suspect latency in log ingestion, you can use the _insert_time field in your XQL query to filter logs based on the time they were ingested.
... View more
06-13-2023
10:03 AM
Thank you so much @zarnous .
Appreciate the clarification.
... View more
06-10-2023
05:12 AM
Hello @sushant1601
Use of a field depends on the use case or type of data that you want to obtain. Please take help from API reference guide according to your use case.
I hope this answers your question.
... View more
06-08-2023
09:59 AM
Thank you so much @zarnous
... View more
06-02-2023
06:32 AM
Thank you for your response. This does help me in understanding the schema, however the value I am using in event_type in XQL query does not match with the possible values provided in schema.
"query" : "dataset=xdr_data | filter event_type = EVENT_LOG"
Also, I am using postman to query API, autofill values I don't get.
Thank you.
... View more
05-28-2023
05:38 PM
Hello @sushant1601 , Are you trying to extract Windows Event logs? If yes, you can try the preset = xdr_event_log where you can view the Windows events.
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks