| Operation | Provider Endpoints |
|---|---|
| Create IOCs | POST /iocs/entities/indicators/v1 |
| Delete IOCs | DELETE /iocs/entities/indicators/v1 |
| Get Endpoint | GET /devices/combined/devices/v1 |
| Quarantine Endpoints | POST /devices/entities/devices-actions/v2 |
| Query Alerts | POST /alerts/combined/alerts/v1 |
| Query Applications | GET /discover/entities/applications/v1 GET /discover/queries/applications/v1 |
| Query EDR Events | GET /alerts/queries/alerts/v2 POST /alerts/entities/alerts/v2 |
| Query Endpoints | GET /devices/combined/devices/v1 |
| Query IOCs | GET /iocs/entities/indicators/v1 GET /iocs/queries/indicators/v1 |
| Query Posture Score | GET /devices/combined/devices/v1 GET /zero-trust-assessment/entities/assessments/v1 GET /zero-trust-assessment/queries/assessments/v1 |
| Query Threat Events | GET /alerts/queries/alerts/v2 POST /alerts/entities/alerts/v2 |
| Operation | Provider Endpoints |
|---|---|
| Query Alerts | GET /v1/detections |
| Query Endpoints | GET /v1/device_groups GET /v1/device_groups/{deviceGroupId}/devices GET /v1/devices:batchGet |
| Operation | Provider Endpoints |
|---|---|
| Query Applications | POST /nebula/v1/assets/software |
| Query Endpoints | POST /nebula/v1/endpoints |
| Query Threat Events | POST /nebula/v1/detections |
| Operation | Provider Endpoints |
|---|---|
| Create IOCs | POST /web/api/v2.1/threat-intelligence/iocs |
| Delete IOCs | DELETE /web/api/v2.1/threat-intelligence/iocs |
| Query Alerts | GET /web/api/v2.1/cloud-detection/alerts |
| Query Applications | GET /web/api/v2.1/application-management/inventory |
| Query Endpoints | GET /web/api/v2.1/agents |
| Query IOCs | GET /web/api/v2.1/threat-intelligence/iocs |
| Query Threat Events | GET /web/api/v2.1/threats |
| Operation | Provider Endpoints |
|---|---|
| Query Alerts | GET /common/v1/alerts GET /whoami/v1 |
| Query Endpoints | GET /endpoint/v1/endpoints GET /whoami/v1 |