Analysis REST Reference

/analysis

Methods

POST

Processes a query for analysis

Request Parameters
 Expand

Note

If the parameter query['id'] is not specified, the query parameter will require a valid query, unless the type is "scLog".  The format for the full query definition can be found in the Query section of the API.

 Type: vuln (Expand)
Vuln Type
{
	"type" : "vuln",
	"query" : {
		"id" <number> | (valid query)
	},
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL
	"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool.  [Some restrictions apply.]  Must accompany sortDir),
	"sourceType" : <string> "individual" | "cumulative" | "patched"
}


When the sourceType is "individual", a scanID must be provided in the root of the request object:

{
	"type" : "vuln",
	"query" : {
		"id" <number> | (valid query)
	},
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL
	"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool.  [Some restrictions apply.]  Must accompany sortDir),
	"sourceType" : "individual",
	"scanID" : <number>
}
 Type: event (Expand)
Event Type
{
	"type" : "event",
	"query" : {
		"id" <number> | (valid query)
	},
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL
	"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool.  [Some restrictions apply.]  Must accompany sortDir),
	"sourceType" : <string> "lce" | "archive"
}


When the sourceType is "archive", lceID and view must be provided in the root of the request object:

{
	"type" : "event",
	"query" : {
		"id" <number> | (valid query)
	},
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL
	"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool.  [Some restrictions apply.]  Must accompany sortDir),
	"sourceType" : "archive",
	"lceID" : <number>,
	"view" : <string> (silo id)
}
 Type: user (Expand)
User Type
{
	"type" : "user",
	"query" : {
		"id" <number> | (valid query)
	}
}
 Type: scLog (Expand)
SCLog Type

scLog has a unique query object with its own special filters.

{
	"type" : "scLog",
	"date" : scLog basename (eg. "201412") | "all",
	"query": {
		"startOffset" : <number>,
		"endOffset" : <number>,
		"filters" : [
			{
				"filterName" : "keywords",
					"operator" : "=",
				"value" : <string>
			},
			{
				"filterName" : "severity",
				"value" : {
					"id" : <number> [0-2],
					"operator" : "=",
					"name":"INFO|WARNING|CRITICAL"
					}
			},
			{
				"filtername" : "initiator",
				"operator" : "=",
				"value" : {
					"id" : <number>,
					"username" : <string>
				}
			},
			{
				"filterName" : "module",
				"operator" : "=",
				"value" : <string> (eg. "auth")
			},
			{
				"filterName" : "organization",
				"value" : {
					"id" : <number>
				}
			}
		]
	}
}

scLog basenames can be retrieved from the system::GET call, but only for a logged in user.

 Type: mobile (Expand)
Mobile Type
{
	"type" : "mobile",
	"query" : {
		"id" <number> | (valid query)
	},
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL,
	"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool.  [Some restrictions apply.]  Must accompany sortDir),
	"startOffset" : <number>,
	"endOffset" : <number>
}
Example Response
 Expand
{
	"type" : "regular",
	"response" : {
		"totalRecords" : "0",
		"returnedRecords" : 0,
		"startOffset" : "-1",
		"endOffset" : "-1",
		"matchingDataElementCount" : "0:0:0:0:0:0:0:0",
		"results" : []
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1409930135
}

/analysis/download

Methods

POST

Downloads an analysis of a Query

Request Parameters
 Expand

Note

The "user" type of Analysis is not supported in download.

 Type: vuln (Expand)
Vuln Type
{
	"type" : "vuln",
	"query" : {
		"id" <number> | (valid query)
	},
	"sourceType" : <string> "individual" | "cumulative" | "patched",
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL,
	"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool.  [Some restrictions apply.]  Must accompany sortDir),
	"startOffset" : <number>,
	"endOffset" : <number>,
	"columns" : [
		{
			"name" : <string>
		}
	]
}


When the sourceType is "individual", scanID and view must be provided in the root of the request object:

{
	"type" : "vuln",
	"query" : {
		"id" <number> | (valid query)
	},
	"sourceType" : <string> "individual",
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL,
	"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool.  [Some restrictions apply.]  Must accompany sortDir),
	"startOffset" : <number>,
	"endOffset" : <number>,
	"columns" : [
		{
			"name" : <string>
		}
	],
	"scanID" : <number>,
	"view" : <string>
}
 Type: event (Expand)
Event Type
{
	"type" : "event",
	"query" : {
		"id" <number> | (valid query)
	},
	"sourceType" : <string> "lce" | "archive",
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL,
	"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool.  [Some restrictions apply.]  Must accompany sortDir)
}



When the sourceType is "archive", lceID and view must be provided in the root of the request object:

{
	"type" : "event",
	"query" : {
		"id" <number> | (valid query)
	},
	"sourceType" : <string> "lce" | "archive",
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL,
	"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool.  [Some restrictions apply.]  Must accompany sortDir),
	"lceID" : <number>,
	"view" : <string> (silo id)
}
 Type: scLog (Expand)
SCLog Type


{
	"type" : "scLog",
	"offset" : <number>,
	"length" : <number>,
	"severity" : "INFO" | "WARN" | "CRITICAL",
	"keywords" : <string> keywords separated by " ", "\t", "\n", or "\r" (eg. "Authentication User"),
	"date" : scLog basename (eg. "201412") | "all",
	"username" : <string> (Optional),
	"module" : <string> (eg. "auth") (Optional),
	"orgID" : <number> (Admins only; Optional)
}
 Type: mobile (Expand)
Mobile Type
{
	"type" : "mobile",
	"query" : {
		"id" <number> | (valid query)
	},
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL,
	"sortField" : <string> (alphanumeric; any valid field returned in the results entry for the corresponding tool.  [Some restrictions apply.]  Must accompany sortDir),
	"startOffset" : <number>,
	"endOffset" : <number>,
	"columns" : [
		{
			"name" : <string>
		}
	]
}
Example Response

None given. The response will be CSV format.