This workflow template is designed for threat hunting scenarios, offering the capability to execute diligent searches within Singularity XDR. By calculating time ranges and running specified queries with optional parameters, the workflow systematically spans across paginated resultsâfetching continued datasets until no continuationToken remains. This ensures comprehensive retrieval of all relevant log entries for a given query, bolstering security analysis and incident response efforts.
Optional Triggers
"This workflow is intended for use as a function."
Use Cases
Function, Threat Hunting
Workflow Breakdown
Calculates the end and starting time of the query.
Runs a query using the filter and, if applicable, optional parameters derived from the event.
Paginates over results UNTIL no 'continuationToken' is provided.
Vendors
Utils, Singularity XDR
Workflow Output
Output contains all items available for the given query on a time range.