Analysis REST Reference

/analysis

Methods

POST

Processes a query for analysis

Request Parameters
Expand

Note

If the parameter query['id'] is not specified, the query parameter will require a valid query, unless the type is "scLog". The format for the full query definition can be found in the Query section of the API.

Type: vuln (Expand)
Vuln Type
{
	"type" : "vuln",
	"query" : {
		"id" <number> | (valid query)
	},
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL
	"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool.  [Some restrictions apply.]  Must accompany sortDir),
	"sourceType" : <string> "individual" | "cumulative" | "patched"
}

When the sourceType is "individual", a scanID must be provided in the root of the request object:

{
	"type" : "vuln",
	"query" : {
		"id" <number> | (valid query)
	},
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL
	"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool.  [Some restrictions apply.]  Must accompany sortDir),
	"sourceType" : "individual",
	"scanID" : <number>
}
Type: event (Expand)
Event Type
{
	"type" : "event",
	"query" : {
		"id" <number> | (valid query)
	},
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL
	"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool.  [Some restrictions apply.]  Must accompany sortDir),
	"sourceType" : <string> "lce" | "archive"
}

When the sourceType is "archive", lceID and view must be provided in the root of the request object:

{
	"type" : "event",
	"query" : {
		"id" <number> | (valid query)
	},
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL
	"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool.  [Some restrictions apply.]  Must accompany sortDir),
	"sourceType" : "archive",
	"lceID" : <number>,
	"view" : <string> (silo id)
}
Type: user (Expand)
User Type
{
	"type" : "user",
	"query" : {
		"id" <number> | (valid query)
	}
}
Type: scLog (Expand)
SCLog Type

scLog has a unique query object with its own special filters.

{
	"type" : "scLog",
	"date" : scLog basename (eg. "201412") | "all",
	"query": {
		"startOffset" : <number>,
		"endOffset" : <number>,
		"filters" : [
			{
				"filterName" : "keywords",
					"operator" : "=",
				"value" : <string>
			},
			{
				"filterName" : "severity",
				"value" : {
					"id" : <number> [0-2],
					"operator" : "=",
					"name":"INFO|WARNING|CRITICAL"
					}
			},
			{
				"filtername" : "initiator",
				"operator" : "=",
				"value" : {
					"id" : <number>,
					"username" : <string>
				}
			},
			{
				"filterName" : "module",
				"operator" : "=",
				"value" : <string> (eg. "auth")
			},
			{
				"filterName" : "organization",
				"value" : {
					"id" : <number>
				}
			}
		]
	}
}

scLog basenames can be retrieved from the system::GET call, but only for a logged in user.

Type: mobile (Expand)
Mobile Type
{
	"type" : "mobile",
	"query" : {
		"id" <number> | (valid query)
	},
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL,
	"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool.  [Some restrictions apply.]  Must accompany sortDir),
	"startOffset" : <number>,
	"endOffset" : <number>
}
Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"totalRecords" : "0",
		"returnedRecords" : 0,
		"startOffset" : "-1",
		"endOffset" : "-1",
		"matchingDataElementCount" : "0:0:0:0:0:0:0:0",
		"results" : []
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1409930135
}