List Entity Store Entities
List entities records, paging, sorting and filtering as needed.
Query parameters
-
sort_field string
-
sort_order string
Values are
asc
ordesc
. -
page integer
Minimum value is
1
. -
per_page integer
Minimum value is
1
, maximum value is10000
. -
filterQuery string
An ES query to filter by.
-
Values are
user
orhost
.
GET /api/entity_store/entities/list
curl \
-X GET https://localhost:5601/api/entity_store/entities/list?entities_types=user
Response examples (200)
{
"inspect": {
"dsl": [
"string"
],
"response": [
"string"
]
},
"page": 42,
"per_page": 42,
"records": [
{
"@timestamp": "2024-05-04T09:42:00+00:00",
"asset": {
"criticality": "low_impact"
},
"entity": {
"name": "string",
"source": "string"
},
"user": {
"domain": [
"string"
],
"email": [
"string"
],
"full_name": [
"string"
],
"hash": [
"string"
],
"id": [
"string"
],
"name": "string",
"risk": {
"@timestamp": "2017-07-21T17:32:28Z",
"calculated_level": "Critical",
"calculated_score": 42.0,
"calculated_score_norm": 42.0,
"category_1_count": 42.0,
"category_1_score": 42.0,
"category_2_count": 42.0,
"category_2_score": 42.0,
"criticality_level": "low_impact",
"criticality_modifier": 42.0,
"id_field": "host.name",
"id_value": "example.host",
"inputs": [
{
"category": "category_1",
"contribution_score": 42.0,
"description": "Generated from Detection Engine Rule: Malware Prevention Alert",
"id": "91a93376a507e86cfbf282166275b89f9dbdb1f0be6c8103c6ff2909ca8e1a1c",
"index": ".internal.alerts-security.alerts-default-000001",
"risk_score": 42.0,
"timestamp": "2017-07-21T17:32:28Z"
}
],
"notes": [
"string"
]
},
"roles": [
"string"
]
}
}
],
"total": 42
}