Conditional Filter Parameter
This section describes how to use our conditional-based filtering, allowing you to build queries utilizing multiple expressions and conditions.
These conditional filters can be applied to the request URL as a query parameter. You can target different paths to build conditional queries against.
The queries can be built using JSON format. Do know quotes are needed for path and op values:
conditions[]={"path":"","op":"","value":""}Path Table
The following table indicates the available path locations for each endpoint type for filtering:
Environment Paths | System Paths | Launchpoint Paths | Timeline Paths | Metric Paths | Detection Paths | User Paths |
|---|---|---|---|---|---|---|
ID Status Visible CreatedOn Name | ID | Alias | System/ID | Inspector/ID | ID | ID |
Operator Table
The following table indicates the available operator values and what data types they should be used with:
String Operators | Integer Operators | Boolean Operators | Date Operators |
|---|---|---|---|
equals not equals like not like in not in | =
| is | =
|
Value Format Table
The following table indicates the different formats the value property must be in for the query:
Integer values Examples | Boolean value examples | String value examples | Date value examples |
|---|---|---|---|
1 2222 1412 | true | "Contoso Nation" | “2021/01/10 19:21:03” |
Examples
String Example
Building a query using the string operator and value:
GET /api/v1/environments?conditions[]={"path":"Name","op":"equals","value":"Contoso Nation"}Integer Example
Building a query using the integer operator and value to only bring back timeline entries for a specific System:
GET /api/v1/timeline?conditions[]={"path":"System/ID","op":"=","value":1123}Boolean Example
Building a query using the boolean operator and value to search for users that have MFA disabled:
GET /api/v1/users?conditions[]={"path":"MfaFactorAuth", "op": "is","value":false}Multi-Condition Example
Building a query using more than one conditional query to search for users that have MFA disabled and are active:
GET /api/v1/users?conditions[]={"path":"MfaFactorAuth", "op": "is","value":false}&conditions[]={"path":"Status", "op": "equals","value":"active"}Fields Parameter
This section describes how to use our field method, allowing you to pick a field to return in the response body of your request.
You can pass an optional parameter in the request URL for specifying if you only want certain fields to return in the response. Some responses have required data to return in the response which cannot be omitted. You can use the following query parameter to specify which fields you want to specify returning, :fields[]." You can reference the Paths Table if you would like to see a list of fields available to scope down.
Fields Example
Below is an example of the fields parameter being used in a request call to only return the Name and ID in the response body for Environments:
GET /api/v1/environments?fields[]=Name&fields[]=IDSorting
This section describes how to use our sorting methods, allowing you to pick a field to apply Ascending or Descending order to. You can reference the Paths Table if you would like to see a list of fields to sort by.
orderBy[]={"path":"","order":""}Sorting Example
Building a query using the "OrderBy[]" parameters to sort through a list of timeline entries to return the most recent to latest:
GET /api/v1/timeline?orderBy[]={"path": "CreatedOn", "order": "desc"}
Next