Query REST Reference

 

/query

Methods
GET
 Expand

NOTE:  Currently, all fields come back on GET all, but the ** indicates fields which will be listed in a future release

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields type "vuln", sourceType "cumulative" | null

* id
** name
** description
creator
owner
ownerGroup
targetGroup
tool
type
tags
context
browseColumns
browseSortColumn
browseSortDirection
createdTime
modifiedTime
status
filters
canManage
canUse
groups

Legend

* = always comes back

** = comes back if fields list not specified on GET all

Gets the list of Queries.

Fields Parameter
Request Parameters
 Expand

Parameters must be passed in as query string (as opposed to JSON) in the format of: /query?type=lce

{
	"type" : <string> "alert" | "lce" | "mobile" | "ticket" | "user" | "vuln" DEFAULT "all"
}
Filter Parameters

usable - The response will be an object containing an array of usable Queries. By default, both usable and manageable objects are returned.
manageable - The response will be an object containing all manageable Queries. By default, both usable and manageable objects are returned. 

Example Response
 Expand
{
	"type" : "regular",
	"response" : {
		"usable" : [
			{
				"id" : "1",
				"name" : "Name",
				"description" : "Test for posting an alert query"
			},
			{
				"id" : "2",
				"name" : "Post Copy Response Example",
				"description" : ""
			},
			{
				"id" : "3",
				"name" : "Post Copy Response Example2",
				"description" : ""
			},
			{
				"id" : "1391",
				"name" : "TEST",
				"description" : ""
			},
			{
				"id" : "1467",
				"name" : "Test 1",
				"description" : ""
			},
			{
				"id" : "1468",
				"name" : "Test 2",
				"description" : ""
			},
			{
				"id" : "1469",
				"name" : "Test 3",
				"description" : ""
			},
			{
				"id" : "1470",
				"name" : "Test 4",
				"description" : ""
			},
			{
				"id" : "1471",
				"name" : "Test 5",
				"description" : ""
			}
		],
		"manageable" : [
			{
				"id" : "1",
				"name" : "Name",
				"description" : "Test for posting an alert query"
			},
			{
				"id" : "2",
				"name" : "Post Copy Response Example",
				"description" : ""
			},
			{
				"id" : "3",
				"name" : "Post Copy Response Example2",
				"description" : ""
			},
			{
				"id" : "1391",
				"name" : "TEST",
				"description" : ""
			},
			{
				"id" : "1434",
				"name" : "query1",
				"description" : "Created with 'group1's shared asset: 'Test Asset 1'.\n\nThis asset will be unshared"
			},
			{
				"id" : "1435",
				"name" : "query2",
				"description" : "Created with 'group1's shared asset: 'Test Asset 2'.\n\nThis asset will be deleted"
			},
			{
				"id" : "1436",
				"name" : "group1Query",
				"description" : ""
			},
			{
				"id" : "1467",
				"name" : "Test 1",
				"description" : ""
			},
			{
				"id" : "1468",
				"name" : "Test 2",
				"description" : ""
			},
			{
				"id" : "1469",
				"name" : "Test 3",
				"description" : ""
			},
			{
				"id" : "1470",
				"name" : "Test 4",
				"description" : ""
			},
			{
				"id" : "1471",
				"name" : "Test 5",
				"description" : ""
			}
		]
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1427750981
}

POST

Adds a Query

Request Parameters
 Expand
{
	"name" : <string>,
	"description" : <string> DEFAULT "",
	"tags" : <string> DEFAULT "",
	"type" : <string> "alert" | "lce" | "mobile" | "ticket" | "user" | "vuln",
	"context" : <string> DEFAULT "",
	"browseColumns" : <string> DEFAULT "",
	"browseSortColumn" : <string> DEFAULT "",
	"browseSortDirection" : <string> "ASC" | "DESC" DEFAULT "ASC",
...
}

type "alert"

...
	"sortField" : <string> OPTIONAL (alphanumeric word(s) separated by a space/dash),
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL (sort is case insensitive),
	"startOffset" : <number> OPTIONAL (integer; default "1" if not specified and endOffset is specified),
	"endOffset" : <number> OPTIONAL (integer),
	"tool" : <string> "listalerts",
	"filters" : [
		{
			"filterName" : <string> "alertName" | "createdEndTime" | "createdStartTime" | "createdTimeFrame" | "description" | "didTriggerLastEvaluation" | "lastEvaluatedEndTime" | "lastEvaluatedStartTime" | "lastEvaluatedTimeFrame" | "lastTriggeredEndTime" | "lastTriggeredStartTime" | "lastTriggeredTimeFrame" | "modifiedEndTime" | "modifiedStartTime" | "modifiedTimeFrame",
			"operator" : <string> "",
			"value" : <string> | <number>
		}...
	] DEFAULT []
...
type "lce"

NOTE: Filter operators are not validated, but the provided filters are the ones that will properly function.

...
	"sortField" : <string> OPTIONAL (alphanumeric word(s) separated by a space/dash. Must accompany sortDir),
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL (default "ASC" if not specified and sortField is specified),
	"startOffset" : <number> OPTIONAL (integer; lower bound to returned record set. default 0 if not specified),
	"endOffset" : <number> OPTIONAL (integer; upper bound to returned record set. default 100 if not specified),
	"tool" : <string> "listdata" | "sumasset" | "sumclassa" | "sumclassb" | "sumclassc" | "sumdate" | "sumevent" | "sumevent2" | "sumip" | "sumport" | "sumprotocol" | "sumsensor" | "sumtime" | "sumtype" | "sumuser" | "syslog" | "timedist",
	"filters" : [
		{
			"filterName" : <string> "asset" | "connectionDirection" | "correlated" | "date" | "destAsset" | "destip" | "detailedEventName" | "dport" | "endtime" | "eventName" | "ip" | "lce" | "numEvents" | "outputAssets" | "port" | "protocol" | "repository" | "sensor" | "silo" | "sourceAsset" | "sourceip" | "sport" | "starttime" | "text" | "timeframe" | "type" | "user",
 
			filterName "asset" | "connectionDirection" | "correlated" | "date" | "destAsset" | "destip" | "detailedEventName" | "endtime" | "eventName" | "ip" | "lce" | "numEvents" | "outputAssets" | "protocol" | "repository" | "sensor" | "silo" | "sourceAsset" | "sourceip" | "starttime" | "text" | "timeframe" | "type" | "user"
			-------------------------------------------
			"operator" : <string> "=" | "!=",
			"value" : (Format depends on filter's "filterName" parameter)
 
			filterName "dport" | "port" | "sport"
			-------------------------------------------
			"operator" :  <string> "=" | "!=" | "<=" | ">=",
			"value" : (Format depends on filter's "filterName" parameter)

		}...
	] DEFAULT []
...

type "lce", sourceType "archive"

Note: sourceType will never be "archive." This is included for informational purposes only. Current functionality doesn't accept sourceType parameter, and will always set it to default QUERY_NOT_TREND (null)

...
	"view" : <string>,
	"lce" : {
		"id" : <number>
	}
...

type "mobile"

NOTE: Filter operators are not validated, but the provided filters are the ones that will properly function.

...
	"sortField" : <string> OPTIONAL (alphanumeric; any valid field returned in the results entry for the corresponding tool.  [Some restrictions apply.]  Must accompany sortDir),
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL (default "ASC" if not specified and sortField is specified),
	"startOffset" : <number> OPTIONAL (integer; lower bound to returned record set.  Must be explicitly supplied for tool "vulndetails"),
	"endOffset" : <number> OPTIONAL (integer; upper bound to returned record set.  Must be explicitly supplied for tool "vulndetails"),
	"tool" : <string> "listvuln" | "sumdeviceid" | "summdmuser" | "summodel" | "sumoscpe" | "sumpluginid" | "vulndetails",
	"filters" : [
		{
			"filterName" : <string> "baseCVSSScore" | "deviceID" | "deviceModel" | "deviceUser" | "deviceVersion" | "exploitAvailable" | "family" | "lastMitigated" | "lastSeen" | "mdmType" | "osCPE" | "patchPublished" | "pluginID" | "pluginModified" | "pluginName" | "pluginOutput" | "pluginPublished" | "port" | "protocol" | "repository" | "serialNumber" | "severity" | "vulnPublished",
			  			
			filterName "osCPE" | "baseCVSSScore" | "pluginOutput" | "repository" | "deviceID" | "deviceModel" | "deviceUser" | "pluginID"
			------------------------------------------------------------
			"operator" : "=" | "!=",
			"value" : (Format depends on filter's "filterName" parameter)
 
			filterName "mdmType" | "pluginName" | "lastMitigated" | "lastSeen" | "vulnPublished" | "pluginModified" | "patchPublished" | "pluginPublished" | "acceptedRisk" | "daysMitigated" | "dnsName" | "exploitAvailable" | "family" | "ip" | "lastMitigated" | "mitigatedStatus" | "pluginText" | "port" | "protocol" | "recastRisk" | "responsibleUser" | "severity" | "xref"
			---------------------------------------------------------------------------------------------------------------------------------
			"operator" : <string> "=" | "<=" | ">=" | "!=" | "between" | "outside" | "contains" | "excludes" | "in" | "!in",
			"value" : (Format depends on filter's "filterName" parameter)
			
		}...
	] DEFAULT []
...


type "ticket"

...
	"sortField" : <string> OPTIONAL (alphanumeric; must accompany sortDir),
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL (sort is case insensitive; must accompany sortField),
	"startOffset" : <number> OPTIONAL (integer; default "0" if not specified and endOffset is specified),
	"endOffset" : <number> OPTIONAL (integer),
	"tool" : <string> "listtickets" | "sumassignee" | "sumclassification" | "sumcreator" | "sumstatus",
	"filters" : [
		{
			"filterName" : <string> "assignedEndTime" | "assignedStartTime" | "assignedTimeFrame" | "assignee" | "classification" | "closedEndTime" | "closedStartTime" | "closedTimeFrame" | "createdEndTime" | "createdStartTime" | "createdTimeFrame" | "ticketName" | "modifiedEndTime" | "modifiedStartTime" | "modifiedTimeFrame" | "owner" | "resolvedEndTime" | "resolvedStartTime" | "resolvedTimeFrame" | "status",
			"value" : (Format depends on filter's "filterName" parameter)
		}...
	] DEFAULT []
...

type "user"

...
	"sortField" : <string> OPTIONAL (alphanumeric; must accompany sortDir.  username, roleID, and groupID will attempt to perform case-insensitive sort on the text field in relation to the ID),
	"sortDir" : <string> "ASC" | "DESC" OPTIONAL (sort is case insensitive; must accompany sortField),
	"startOffset" : <number> OPTIONAL (integer; default "1" if not specified and endOffset is specified),
	"endOffset" : <number> OPTIONAL (integer),
	"tool" : <string> "listusers" | "sumgroup" | "sumrole",
	"filters" : [
		{
			"filterName" : <string> "address" | "authType" | "country" | "email" | "fax" | "firstname" | "group" | "lastLoginEndTime" | "lastLoginStartTime" | "lastLoginTimeFrame" | "lastname" | "locked" | "phone" | "role" | "state" | "title" | "username",
			"operator" : <string>,
			"value" : (Format depends on filter's "filterName" parameter)
		}...
	]
...

type "vuln"

NOTE: Filter operators are not validated, but the provided filters are the ones that will properly function.

...
	"sortField" : <string> OPTIONAL (alphanumeric; any valid field returned in the results entry for the corresponding tool.  [Some restrictions apply.]  Must accompany sortDir),
	"sortDir" : <string> "ASC" | "DESC" DEFAULT "ASC" (default "ASC" if not specified and sortField is specified),
	"startOffset" : <number> OPTIONAL (integer; lower bound to returned record set.  Must be explicitly supplied for tools "vulndetails" and "listvuln"),
	"endOffset" : <number> OPTIONAL (integer; upper bound to returned record set.  Must be explicitly supplied for tools "vulndetails" and "listvuln"),
	"tool" : <string> "iplist" | "listmailclients" | "listos" | "listservices" | "listsoftware" | "listsshservers" | "listvuln" | "listwebclients" | "listwebservers" | "sumasset" | "sumcce" | "sumclassa" | "sumclassb" | "sumclassc" | "sumcve" | "sumdnsname" | "sumfamily" | "sumiavm" | "sumid" | "sumip" | "summsbulletin" | "sumport" | "sumprotocol" | "sumremediation" | "sumseverity" | "sumuserresponsibility" | "vulndetails" | "vulnipdetail" | "vulnipsummary",
	"filters" : [
		{
			"filterName" : <string> "acceptRiskStatus" | "asset" | "auditFile" | "baseCVSSScore" | "benchmarkName" | "cceID" | "cpe" | "cveID" | "cvssVector" | "daysMitigated" | "dnsName" | "exploitAvailable" | "exploitFrameworks" | "family" | "firstSeen" | "iavmID" | "ip" | "lastMitigated" | "lastSeen" | "mitigatedStatus" | "msbulletinID" | "outputAssets" | "patchPublished" | "pluginID" | "pluginModified" | "pluginName" | "pluginPublished" | "pluginText" | "pluginType" | "policy" | "port" | "protocol" | "recastRiskStatus" | "repository" | "responsibleUser" | "severity" | "stigSeverity" | "tcpport" | "udpport" | "vulnPublished" | "xref",
 
			filterName "acceptRiskStatus"
			-----------------------------
			"operator" : <string> "=",
			"value" : <string> "all" | "accepted" | "notAccepted"
 
			NOTE: During evaluation on the Analysis page, or for various objects, presenting 
			      no "acceptRiskStatus" filter defaults to the "notAccepted" behavior.
  
			filterName "asset"
			------------------
			"operator": <string> "=" | "~" (combination expression),
 
			filterName "asset", operator "="
			--------------------------------
			"value" : [
				{
					"id" : <number> (integer)
				}...
			]
 
			filterName "asset", operator "~"
			--------------------------------
			"value" : <comboRecord> { 
				"operator": <string> "complement" | "intersection" | "difference" | "union", 
				"operand1": <comboRecord> | <number> (integer) | {
					"id" : <number> (integer)
				}
 
				operator not "complement"
				-------------------------
				"operand2": <comboRecord> | <number> (integer) | {
					"id" : <number> (integer)
				}
			}

			filterName "auditFile" | "policy" | "repository" | "responsibleUser"
			--------------------------------------------------------------------
			"operator": <string> "=",
			"value" : {
				"id" : <number> (integer)
			}
 
			filterName "baseCVSSScore"
			--------------------------
			"operator" : <string> "=",
			"value" : <string> (inclusive, nonnegative, decimal range, using a dash ["-"] delimiter)
 
			filterName "benchmarkName"
			--------------------------
			"operator" : <string> "=" (fuzzy-left, right-anchored match),
			"value" : <string> 

			filterName "cceID" | "iavmID"
			-----------------------------
			"operator" : <string> "=" (fuzzy match),
			"value" : <string> (comma-separated list)

			filterName "cpe"
			----------------
			"operator": <string> "=" (i.e. explicit per entry) | 
			                     "~=" (i.e. fuzzy match across entire entries string) | 
			                     "pcre" (i.e. Perl-compatible, regular expression, across entire entries string),
 
			filterName "cpe", operator "=" | "~="
			-------------------------------------
			"value" : <string> (comma-separated or newline-separated list)

			filterName "cpe", operator "pcre"
			---------------------------------
			"value" : <string> (Perl-compatible, regular expression)

			filterName "cveID" | "msbulletinID"
			-----------------------------------
			"operator" : <string> "=" (fuzzy match),
			"value" : <string> (comma-separated or newline-separated list)
 
			filterName "cvssVector"
			-----------------------
			"operator" : <string> "=",
			"value" : <string> (comma-separated list of Simple or Complex CVSS vectors)
 
								Simple CVSS Vector = <string> "AV:L" | "AV:A" | "AV:N" | "AC:H" | "AC:M" | "AC:L" | "Au:N" | "Au:S" | "Au:M" | "C:N" | "C:P" | "C:C" | "I:N" | "I:P" | "I:C" | "A:N" | "A:P" | "A:C" | "E:ND" | "E:U" | "E:P" | "E:POC" | "E:F" | "E:H" | "RL:ND" | "RL:O" | "RL:OF" | "RL:T" | "RL:TF" | "RL:W" | "RL:U" | "RC:ND" | "RC:UC" | "RC:UR" | "RC:C"
								Complex CVSS Vector = <string> (slash-separated list of Simple CVSS Vectors where all entries must match)

			filterName "daysMitigated" | "firstSeen" | "lastMitigated" | "lastSeen" | "patchPublished" | "pluginModified" | "pluginPublished" | "vulnPublished"
			---------------------------------------------------------------------------------------------------------------------------------------------------
			"operator": <string> "=" (relative with custom format),
			"value" : <string> "<endDay>:<startDay>" | "<endDay>:all" (Both endDay and startDay are provided in the number of days ago. [e.g. "0:90" is between now and 90 days ago]. A value of "all" for startDay is interpreted as "0" [i.e. from "now", back endDay days ago])

			filterName "dnsName"
			--------------------
			"operator" : <string> "=",
			"value" : <string> (comma-separated or newline-separated list of valid DNS names)
 
			filterName "exploitAvailable"
			-----------------------------
			"operator" : <string> "=",
			"value" : <string> "true" | "false"

			filterName "exploitFrameworks"
			------------------------------
			"operator": <string> "=" (i.e. explicit for entire entries string) | 
			                     "~=" (i.e. fuzzy match across entire entries string),
			"value" : <string>

			filterName "family"
			-------------------
			"operator": <string> "=" | "!=",
			"value" : [
				{
					"id" : <number> (integer)
				}...
			]

			filterName "ip"
			---------------
			"operator" : <string> "=" | "!=",
			"value" : <string> (comma-separated or newline-separated list of valid IPs and/or DNS names)

			filterName "mitigatedStatus"
			----------------------------
			"operator": <string> "=",
			"value" : <string> "previously" | "never"
 
 			filterName "outputAssets"
			-------------------------
			"operator": <string> "=",
			"value" : <string> (comma-separated list of Integers) | [
				{
					"id" : <number> (integer)
				}...
			]
 
			filterName "pluginID"
			---------------------
			"operator" : <string> "=" | "!=" | "<=" | ">=",

			filterName "pluginID", operator "=" | "!="
			------------------------------------------
			"value" : <number> (comma-separated or newline-separated list of integers or inclusive integer ranges, using a dash ["-"] delimiter, with each value between 0 and 8388607)

			filterName "pluginID", operator "<=" | ">="
			-------------------------------------------
			"value" : <number> (integer, between 0 and 8388607)

			filterName "pluginName"
			-----------------------
			"operator": <string> "=" (i.e. fuzzy match) | "pcre" (i.e. Perl-compatible, regular expression),
			"value" : <string>
 
			filterName "pluginText"
			-----------------------
			"operator": <string> "=" (i.e. fuzzy match, stripped text [forced]) | 
			                     "pcre" (i.e. Perl-compatible, regular expression, stripped text [forced]),
			"value" : <string>

			filterName "pluginType"
			-----------------------
			"operator": <string> "=",
			"value" : <string> "passive" | "lce" | "active" | "compliance" (comma-separated)
 
			filterName "port" | "tcpport" | "udpport"
			-----------------------------------------
			"operator" : <string> "=" | "!=" | "<=" | ">=",
 
			filterName "port" | "tcpport" | "udpport", operator "=" | "!="
			--------------------------------------------------------------
			"value" : <number> (comma-separated or newline-separated list of integers or inclusive integer ranges, using a dash ["-"] delimiter, with each value between 0 and 65535)

			filterName "port" | "tcpport" | "udpport", operator "<=" | ">="
			---------------------------------------------------------------
			"value" : <number> (integer, between 0 and 65535)
 
			filterName "protocol"
			---------------------
			"operator": <string> "=" | "!=",
			"value" : <string> (comma-separated or newline-separated list of integers)

			filterName "recastRiskStatus"
			-----------------------------
			"operator" : <string> "=",
			"value" : <string> "recast" | "notRecast"

			filterName "severity"
			---------------------
			"operator": <string> "=" | "!=",
			"value" : <string> (comma-separated or newline-separated list of integers) | [
				{
					"id" : <number> (integer)
				}...
			]
 
			filterName "stigSeverity"
			-------------------------
			"operator": <string> "=" | "!=",
			"value" : <string> (comma-separated or newline-separated list of Roman Numerals) | [
				{
					"id" : <string> (valid Roman Numeral)
				}...
			]
 
			filterName "xref"
			-----------------
			"operator" : <string> "=" | "!=",
			"value" : <string> (comma-separated list of XREF Expressions)
 
								XREF Expression = <string> "<type>|<wildCard>" (XREF Type and ID Wildcard, pipe-delimited)
 
									XREF Type = <string>
									ID Wildcard = <string> (where "?" matches a single occurrence of any character and "*" matches any character, any number of times)

 		}...
	] DEFAULT []
...

type "vuln", sourceType "cumulative" | null

Note: sourceType will always be null. Current functionality doesn't accept sourceType parameter, and will always set it to default QUERY_NOT_TREND (null)

...
	"tool" |= "trend" (i.e. tool value set may also include "trend")
...

type "vuln", sourceType "cumulative"

Note: sourceType will never be "cumulative." This is included for informational purposes only. Current functionality doesn't accept sourceType parameter, and will always set it to default QUERY_NOT_TREND (null)

...
	view : <string>,
	scanID = <number>  /// This needs to change to a scan object with an "id" field
...
Example Response
 Expand
{
	"type" : "regular",
	"response" : {
		"id" : "12"
		"creatorID" : "1",
		"ownerID" : "1",
		"name" : "Test Combo Filter 2",
		"description" : "",
		"tool" : "sumid",
		"type" : "vuln",
		"tags" : "",
		"context" : "",
		"browseColumns" : "",
		"browseSortColumn" : "",
		"browseSortDirection" : "ASC",
		"createdTime" : "1403620113",
		"modifiedTime" : "1403620113",
		"status" : "0",
		"ownerGID" : "0",
		"targetGID" : "-1",
		"filters" : [
			{
				"filterName" : "ip",
				"operator" : "=",
				"value" : "192.168.1.100"
			}
		],
		"canManage" : "true",
		"canUse" : "true",
		"creator" : {
			"id" : "1"
			"username" : "JohnD",
			"firstname" : "John",
			"lastname" : "Doe"
		},
		"owner" : {
			"id" : "1",
			"username" : "JohnD",
			"firstname" : "John",
			"lastname" : "Doe"
		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		"targetGroup" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		}
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1404224762
}

/query/{id}

Methods
GET

NOTE:  Currently, all fields come back on GET all, but the ** indicates fields which will be listed in a future release

 Gets the Query associated with {id}.

Fields Parameter
 Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

* id
** name
** description
creator
owner
ownerGroup
targetGroup
tool
type
tags
context
browseColumns
browseSortColumn
browseSortDirection
createdTime
modifiedTime
status
filters
canManage
canUse
groups

Legend

* = always comes back

** = comes back if fields list not specified on GET all
Request Query Parameters

None

Example Response
 Expand
{
	"type" : "regular",
	"response" : {
		"id" : "12"
		"creatorID" : "1",
		"ownerID" : "1",
		"name" : "Test Combo Filter 2",
		"description" : "",
		"tool" : "sumid",
		"type" : "vuln",
		"tags" : "",
		"context" : "",
		"browseColumns" : "",
		"browseSortColumn" : "",
		"browseSortDirection" : "ASC",
		"createdTime" : "1403620113",
		"modifiedTime" : "1403620113",
		"status" : "0",
		"ownerGID" : "0",
		"targetGID" : "-1",
		"filters" : [
			{
				"filterName" : "ip",
				"operator" : "=",
				"value" : "192.168.1.100"
			}
		],
		"canManage" : "true",
		"canUse" : "true",
		"creator" : {
			"id" : "1"
			"username" : "JohnD",
			"firstname" : "John",
			"lastname" : "Doe"
		},
		"owner" : {
			"id" : "1",
			"username" : "JohnD",
			"firstname" : "John",
			"lastname" : "Doe"
		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		"targetGroup" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		}
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1404224762
}

PATCH

Edits the Query associated with {id} , changing only the passed in fields.

Request Parameters

(All fields are optional)

Unable to render {children}. This macro only works on pages.

 

Example Response

DELETE

Deletes the Query associated with {id} , depending on access and permissions.

Request Parameters

None

Example Response
 Expand
{
    "type" : "regular",
    "response" : "",
    "error_code" : 0,
    "error_msg" : "",
    "warnings" : [],
    "timestamp" : 1403100582
}

/query/{id}/share

Methods
POST

Shares the Query associated with {id}, depending on access and permissions

Request Parameters
 Expand
{
	"groups" : [
		{
			"id" : <number>
		}...
	]
}
Example Response
 Expand
{
	"type" : "regular",
	"response" : {
		"id" : "3",
		"creatorID" : "1",
		"ownerID" : "1",
		"name" : "Post Copy Response Example2",
		"description" : "",
		"tool" : "sumid",
		"type" : "vuln",
		"tags" : "",
		"context" : "",
		"browseColumns" : "",
		"browseSortColumn" : "",
		"browseSortDirection" : "ASC",
		"createdTime" : "1408380088",
		"modifiedTime" : "1408380088",
		"status" : "0",
		"ownerGID" : "0",
		"targetGID" : "-1",
		"filters" : [
			{
				"filterName" : "ip",
				"operator" : "=",
				"value" : "192.168.1.100"
			}
		],
		"creator" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : ""
		},
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : ""
		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		"targetGroup" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		}
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1409087882
}

/query/tag

Methods
GET

Gets the full list of unique Query tags

Request Parameters

none

Example Response
 Expand
{
	"type" : "regular",
	"response" : [
		"Tag1",
		"Tag2",
		"Tag3"
	],
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1461093219
}