Spaces method and path for this operation:
post /s/{space_id}/api/attack_discovery/_generate
Refer to Spaces for more information.
Initiates the generation of attack discoveries by analyzing security alerts using AI. Returns an execution UUID that can be used to track the generation progress and retrieve results. Results may also be retrieved via the find endpoint. Technical preview
Body Required
-
The (space specific) index pattern that contains the alerts to use as context for the attack discovery. Example: .alerts-security.alerts-default
-
The list of fields, and whether or not they are anonymized, allowed to be sent to LLMs. Consider using the output of the
/api/security_ai_assistant/anonymization_fields/_findAPI (for a specific Kibana space) to provide this value. -
An Elasticsearch-style query DSL object used to filter alerts. For example:
json { "filter": { "bool": { "must": [], "filter": [ { "bool": { "should": [ { "term": { "user.name": { "value": "james" } } } ], "minimum_should_match": 1 } } ], "should": [], "must_not": [] } } }Additional properties are allowed.
-
Replacements object used to anonymize/deanonymize messages
-
Values are
invokeAIorinvokeStream.
POST /api/attack_discovery/_generate
curl \ --request POST 'http://localhost:5601/api/attack_discovery/_generate' \ --header "Authorization: $API_KEY" \ --header "Content-Type: application/json" \ --data '{ "alertsIndexPattern": ".alerts-security.alerts-default", "anonymizationFields": [ { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "@timestamp", "allowed": true, "anonymized": false, "namespace": "default", "id": "aKiJW5gB4U27o8XO8oLf" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "Ransomware.feature", "allowed": true, "anonymized": false, "namespace": "default", "id": "saiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "Ransomware.files.data", "allowed": true, "anonymized": false, "namespace": "default", "id": "sqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "Ransomware.files.entropy", "allowed": true, "anonymized": false, "namespace": "default", "id": "s6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "Ransomware.files.extension", "allowed": true, "anonymized": false, "namespace": "default", "id": "tKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "Ransomware.files.metrics", "allowed": true, "anonymized": false, "namespace": "default", "id": "taiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "Ransomware.files.operation", "allowed": true, "anonymized": false, "namespace": "default", "id": "tqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "Ransomware.files.path", "allowed": true, "anonymized": false, "namespace": "default", "id": "t6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "Ransomware.files.score", "allowed": true, "anonymized": false, "namespace": "default", "id": "uKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "Ransomware.version", "allowed": true, "anonymized": false, "namespace": "default", "id": "uaiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "_id", "allowed": true, "anonymized": false, "namespace": "default", "id": "Z6iJW5gB4U27o8XO8oLf" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "agent.id", "allowed": true, "anonymized": false, "namespace": "default", "id": "aaiJW5gB4U27o8XO8oLf" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "cloud.availability_zone", "allowed": true, "anonymized": false, "namespace": "default", "id": "aqiJW5gB4U27o8XO8oLf" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "cloud.provider", "allowed": true, "anonymized": false, "namespace": "default", "id": "a6iJW5gB4U27o8XO8oLf" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "cloud.region", "allowed": true, "anonymized": false, "namespace": "default", "id": "bKiJW5gB4U27o8XO8oLf" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "destination.ip", "allowed": true, "anonymized": false, "namespace": "default", "id": "baiJW5gB4U27o8XO8oLf" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "dns.question.name", "allowed": true, "anonymized": false, "namespace": "default", "id": "bqiJW5gB4U27o8XO8oLf" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "dns.question.type", "allowed": true, "anonymized": false, "namespace": "default", "id": "b6iJW5gB4U27o8XO8oLf" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "event.category", "allowed": true, "anonymized": false, "namespace": "default", "id": "cKiJW5gB4U27o8XO8oLf" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "event.dataset", "allowed": true, "anonymized": false, "namespace": "default", "id": "caiJW5gB4U27o8XO8oLf" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "event.module", "allowed": true, "anonymized": false, "namespace": "default", "id": "cqiJW5gB4U27o8XO8oLf" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "event.outcome", "allowed": true, "anonymized": false, "namespace": "default", "id": "c6iJW5gB4U27o8XO8oLf" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "file.Ext.original.path", "allowed": true, "anonymized": false, "namespace": "default", "id": "dKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "file.hash.sha256", "allowed": true, "anonymized": false, "namespace": "default", "id": "daiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "file.name", "allowed": true, "anonymized": false, "namespace": "default", "id": "dqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "file.path", "allowed": true, "anonymized": false, "namespace": "default", "id": "d6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "group.id", "allowed": true, "anonymized": false, "namespace": "default", "id": "eKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "group.name", "allowed": true, "anonymized": false, "namespace": "default", "id": "eaiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "host.asset.criticality", "allowed": true, "anonymized": false, "namespace": "default", "id": "eqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "host.name", "allowed": true, "anonymized": true, "namespace": "default", "id": "e6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "host.os.name", "allowed": true, "anonymized": false, "namespace": "default", "id": "fKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "host.os.version", "allowed": true, "anonymized": false, "namespace": "default", "id": "faiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "host.risk.calculated_level", "allowed": true, "anonymized": false, "namespace": "default", "id": "fqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "host.risk.calculated_score_norm", "allowed": true, "anonymized": false, "namespace": "default", "id": "f6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "kibana.alert.original_time", "allowed": true, "anonymized": false, "namespace": "default", "id": "gKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "kibana.alert.risk_score", "allowed": true, "anonymized": false, "namespace": "default", "id": "gaiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "kibana.alert.rule.description", "allowed": true, "anonymized": false, "namespace": "default", "id": "gqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "kibana.alert.rule.name", "allowed": true, "anonymized": false, "namespace": "default", "id": "g6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "kibana.alert.rule.references", "allowed": true, "anonymized": false, "namespace": "default", "id": "hKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "kibana.alert.rule.threat.framework", "allowed": true, "anonymized": false, "namespace": "default", "id": "haiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "kibana.alert.rule.threat.tactic.id", "allowed": true, "anonymized": false, "namespace": "default", "id": "hqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "kibana.alert.rule.threat.tactic.name", "allowed": true, "anonymized": false, "namespace": "default", "id": "h6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "kibana.alert.rule.threat.tactic.reference", "allowed": true, "anonymized": false, "namespace": "default", "id": "iKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "kibana.alert.rule.threat.technique.id", "allowed": true, "anonymized": false, "namespace": "default", "id": "iaiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "kibana.alert.rule.threat.technique.name", "allowed": true, "anonymized": false, "namespace": "default", "id": "iqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "kibana.alert.rule.threat.technique.reference", "allowed": true, "anonymized": false, "namespace": "default", "id": "i6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "kibana.alert.rule.threat.technique.subtechnique.id", "allowed": true, "anonymized": false, "namespace": "default", "id": "jKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "kibana.alert.rule.threat.technique.subtechnique.name", "allowed": true, "anonymized": false, "namespace": "default", "id": "jaiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "kibana.alert.rule.threat.technique.subtechnique.reference", "allowed": true, "anonymized": false, "namespace": "default", "id": "jqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "kibana.alert.severity", "allowed": true, "anonymized": false, "namespace": "default", "id": "j6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "kibana.alert.workflow_status", "allowed": true, "anonymized": false, "namespace": "default", "id": "kKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "message", "allowed": true, "anonymized": false, "namespace": "default", "id": "kaiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "network.protocol", "allowed": true, "anonymized": false, "namespace": "default", "id": "kqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.Ext.memory_region.bytes_compressed_present", "allowed": true, "anonymized": false, "namespace": "default", "id": "nKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.Ext.memory_region.malware_signature.all_names", "allowed": true, "anonymized": false, "namespace": "default", "id": "naiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.Ext.memory_region.malware_signature.primary.matches", "allowed": true, "anonymized": false, "namespace": "default", "id": "nqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.Ext.memory_region.malware_signature.primary.signature.name", "allowed": true, "anonymized": false, "namespace": "default", "id": "n6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.Ext.token.integrity_level_name", "allowed": true, "anonymized": false, "namespace": "default", "id": "oKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.args", "allowed": true, "anonymized": false, "namespace": "default", "id": "k6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.code_signature.exists", "allowed": true, "anonymized": false, "namespace": "default", "id": "lKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.code_signature.signing_id", "allowed": true, "anonymized": false, "namespace": "default", "id": "laiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.code_signature.status", "allowed": true, "anonymized": false, "namespace": "default", "id": "lqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.code_signature.subject_name", "allowed": true, "anonymized": false, "namespace": "default", "id": "l6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.code_signature.trusted", "allowed": true, "anonymized": false, "namespace": "default", "id": "mKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.command_line", "allowed": true, "anonymized": false, "namespace": "default", "id": "maiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.executable", "allowed": true, "anonymized": false, "namespace": "default", "id": "mqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.exit_code", "allowed": true, "anonymized": false, "namespace": "default", "id": "m6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.hash.md5", "allowed": true, "anonymized": false, "namespace": "default", "id": "oaiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.hash.sha1", "allowed": true, "anonymized": false, "namespace": "default", "id": "oqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.hash.sha256", "allowed": true, "anonymized": false, "namespace": "default", "id": "o6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.name", "allowed": true, "anonymized": false, "namespace": "default", "id": "pKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.parent.args", "allowed": true, "anonymized": false, "namespace": "default", "id": "paiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.parent.args_count", "allowed": true, "anonymized": false, "namespace": "default", "id": "pqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.parent.code_signature.exists", "allowed": true, "anonymized": false, "namespace": "default", "id": "p6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.parent.code_signature.status", "allowed": true, "anonymized": false, "namespace": "default", "id": "qKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.parent.code_signature.subject_name", "allowed": true, "anonymized": false, "namespace": "default", "id": "qaiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.parent.code_signature.trusted", "allowed": true, "anonymized": false, "namespace": "default", "id": "qqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.parent.command_line", "allowed": true, "anonymized": false, "namespace": "default", "id": "q6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.parent.executable", "allowed": true, "anonymized": false, "namespace": "default", "id": "rKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.parent.name", "allowed": true, "anonymized": false, "namespace": "default", "id": "raiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.pe.original_file_name", "allowed": true, "anonymized": false, "namespace": "default", "id": "rqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.pid", "allowed": true, "anonymized": false, "namespace": "default", "id": "r6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "process.working_directory", "allowed": true, "anonymized": false, "namespace": "default", "id": "sKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "rule.name", "allowed": true, "anonymized": false, "namespace": "default", "id": "uqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "rule.reference", "allowed": true, "anonymized": false, "namespace": "default", "id": "u6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "source.ip", "allowed": true, "anonymized": false, "namespace": "default", "id": "vKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "threat.framework", "allowed": true, "anonymized": false, "namespace": "default", "id": "vaiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "threat.tactic.id", "allowed": true, "anonymized": false, "namespace": "default", "id": "vqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "threat.tactic.name", "allowed": true, "anonymized": false, "namespace": "default", "id": "v6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "threat.tactic.reference", "allowed": true, "anonymized": false, "namespace": "default", "id": "wKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "threat.technique.id", "allowed": true, "anonymized": false, "namespace": "default", "id": "waiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "threat.technique.name", "allowed": true, "anonymized": false, "namespace": "default", "id": "wqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "threat.technique.reference", "allowed": true, "anonymized": false, "namespace": "default", "id": "w6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "threat.technique.subtechnique.id", "allowed": true, "anonymized": false, "namespace": "default", "id": "xKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "threat.technique.subtechnique.name", "allowed": true, "anonymized": false, "namespace": "default", "id": "xaiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "threat.technique.subtechnique.reference", "allowed": true, "anonymized": false, "namespace": "default", "id": "xqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "user.asset.criticality", "allowed": true, "anonymized": false, "namespace": "default", "id": "x6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "user.domain", "allowed": true, "anonymized": false, "namespace": "default", "id": "yKiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "user.name", "allowed": true, "anonymized": true, "namespace": "default", "id": "yaiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "user.risk.calculated_level", "allowed": true, "anonymized": false, "namespace": "default", "id": "yqiJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "user.risk.calculated_score_norm", "allowed": true, "anonymized": false, "namespace": "default", "id": "y6iJW5gB4U27o8XO8oLg" }, { "timestamp": "2025-07-30T13:33:44.029Z", "createdAt": "2025-07-30T13:33:44.029Z", "field": "user.target.name", "allowed": true, "anonymized": true, "namespace": "default", "id": "zKiJW5gB4U27o8XO8oLg" } ], "replacements": {}, "size": 100, "subAction": "invokeAI", "apiConfig": { "connectorId": "example-connector-id", "actionTypeId": ".gen-ai" }, "connectorName": "GPT-5 Chat", "end": "now", "start": "now-24h" }'