# List detections Retrieve a list of detection objects Endpoint: GET /v1/detections Version: v1 Security: x-api-key ## Query parameters: - `archived` (boolean) Filter by whether the detection has been archived. - `severity` (any) Filter by the severity. Enum: "LOW", "MEDIUM", "HIGH", "CRITICAL" - `detectionType` (any) Filter by the detection type. Enum: "PHISHING", "STOLEN_CREDENTIALS", "BLOCKED_URL", "MALWARE_DELIVERY" - `response` (any) Filter by the response. Enum: "BLOCKED", "EMPLOYEE_IGNORED_WARNING", "EMPLOYEE_WARNED", "NOT_BLOCKED" - `classification` (string) Filter by the classification. Enum: "NOT_SET", "TRUE_POSITIVE", "BENIGN_TRUE_POSITIVE", "FALSE_POSITIVE" - `creationTimestampAfter` (integer) Filter by when the detection was created - start time. This is a UNIX timestamp (in seconds). - `creationTimestampBefore` (integer) Filter by when the detection was created - end time. This is a UNIX timestamp (in seconds). - `limit` (integer) Used for pagination. Number of objects to return. - `nextToken` (string) Used for pagination. Token to be used for the next request. ## Response 200 fields (application/json): - `result` (array) - `result.id` (string) Identifier of the detection Example: "c478966c-f927-411c-b919-179832d3d50c" - `result.employeeId` (string) Identifier for the employee that triggered the detection. Example: "37cda962-7e78-49bc-8721-1becd16276a3" - `result.employee` (object) This object represents an employee in your organization. - `result.employee.id` (string) Unique identifier for the employee Example: "2a2197de-ad2c-47e4-8dcb-fb0f04cf83e0" - `result.employee.email` (string) Primary email address of the employee Example: "john.hill@example.com" - `result.employee.firstName` (string) First name of the employee Example: "John" - `result.employee.lastName` (string) Last name of the employee Example: "Hill" - `result.employee.department` (string) Department - as provided by connected API integrations Example: "Security Engineering" - `result.employee.location` (string) Location - as provided by connected API integrations Example: "New York" - `result.employee.licensed` (boolean) Whether the employee is licensed on the Push platform Example: true - `result.employee.creationTimestamp` (integer) When this employee was created, formatted as a UNIX timestamp (in seconds) Example: 1698669223 - `result.employee.chatopsEnabled` (boolean) Whether the employee has ChatOps enabledDeprecation notice: this value no longer does anything unless you still have access to the legacy Employee chat topics functionality on your account. It will be removed in the next API version. Example: true - `result.browserId` (string) Identifier of the browser that was used when the detection was triggered. Example: "2a2197de-ad2c-47e4-8dcb-fb0f04cf83e0" - `result.severity` (string) The severity of the detection. Enum: "LOW", "MEDIUM", "HIGH", "CRITICAL" - `result.detectionType` (string) The type of detection. Enum: "PHISHING", "BLOCKED_URL", "STOLEN_CREDENTIALS", "MALWARE_DELIVERY" - `result.response` (string) The response to the detection. Enum: "BLOCKED", "EMPLOYEE_IGNORED_WARNING", "EMPLOYEE_WARNED", "NOT_BLOCKED" - `result.creationTimestamp` (integer) When the detection was created. Formatted as a UNIX timestamp (in seconds). Example: 1698604061 - `result.archived` (boolean) Whether the detection has been archived. Example: true - `paging` (object) - `paging.moreResults` (boolean) Whether there are more results available Example: true - `paging.nextToken` (string,null) Start of the next page that can be used as the nextToken for the next request. Example: "0b9972aa-fe8d-4095-82d3-2e13cf3cfd43" ## Response 400 fields