Conditional Filter Parameter

This section describes how to use our conditional-based filtering, allowing you to build queries utilizing multiple expressions and conditions.

These conditional filters can be applied to the request URL as a query parameter. You can target different paths to build conditional queries against.

The queries can be built using JSON format. Do know quotes are needed for path and op values:

conditions[]={"path":"","op":"","value":""}

Path Table

The following table indicates the available path locations for each endpoint type for filtering:

Environment Paths	System Paths	Launchpoint Paths	Timeline Paths	Metric Paths	Detection Paths	User Paths
ID Status Visible CreatedOn Name	ID Launchpoint/ID UniqueCompositeKey Name Description Tags Status LastVerifyTime ScheduledAt ProcessingAt RunningAt CreatedOn FinishedAt UpdatedOn PayloadSizeBytes CreatedBy/ID	Alias ID Inspector/ID Environment/ID TotalScheduledRuns TotalAdHocRuns LastScheduledRun Version/ID LastAdHocRun FreqType ActiveStart ActiveEnd UpdatedOn CreatedOn Status	System/ID PayloadSizeBytes UpdatedOn FinishedAt CreatedOn RunningAt ProcessingAt ScheduledAt ExitCode ID Environment/ID Launchpoint/ID SystemDetail/ID Status AdHoc ChangeDetections Alerts Latest	Inspector/ID Name Description Keywords UpdatedOn CreatedOn	ID Environment/ID System/ID SystemDetail/ID Timeline/ID Name Description Keywords CreatedOn Inspector/ID	ID FirstName LastName Email Username MfaFactorAuth Status Owner Visible Locked ReceiveTechUpdates Department

Operator Table

The following table indicates the available operator values and what data types they should be used with:

String Operators

Integer Operators

Boolean Operators

Date Operators

equals not equals like not like in not in

=
!=
<
<=

=
in
not in
between
not between

is
is not

=
!=
<
<=

=

Value Format Table

The following table indicates the different formats the value property must be in for the query:

Integer values Examples	Boolean value examples	String value examples	Date value examples
1 2222 1412	true false	"Contoso Nation" "Agent 1" "Active Directory"	“2021/01/10 19:21:03”

Examples

String Example

Building a query using the string operator and value:

GET /api/v1/environments?conditions[]={"path":"Name","op":"equals","value":"Contoso Nation"}

Integer Example

Building a query using the integer operator and value to only bring back timeline entries for a specific System:

GET /api/v1/timeline?conditions[]={"path":"System/ID","op":"=","value":1123}

Boolean Example

Building a query using the boolean operator and value to search for users that have MFA disabled:

GET /api/v1/users?conditions[]={"path":"MfaFactorAuth", "op": "is","value":false}

Multi-Condition Example

Building a query using more than one conditional query to search for users that have MFA disabled and are active:

GET /api/v1/users?conditions[]={"path":"MfaFactorAuth", "op": "is","value":false}&conditions[]={"path":"Status", "op": "equals","value":"active"}

Fields Parameter

This section describes how to use our field method, allowing you to pick a field to return in the response body of your request.

You can pass an optional parameter in the request URL for specifying if you only want certain fields to return in the response. Some responses have required data to return in the response which cannot be omitted. You can use the following query parameter to specify which fields you want to specify returning, :fields[]." You can reference the Paths Table if you would like to see a list of fields available to scope down.

Fields Example

Below is an example of the fields parameter being used in a request call to only return the Name and ID in the response body for Environments:

GET /api/v1/environments?fields[]=Name&fields[]=ID

Sorting

This section describes how to use our sorting methods, allowing you to pick a field to apply Ascending or Descending order to. You can reference the Paths Table if you would like to see a list of fields to sort by.

orderBy[]={"path":"","order":""}

Sorting Example

Building a query using the "OrderBy[]" parameters to sort through a list of timeline entries to return the most recent to latest:

GET /api/v1/timeline?orderBy[]={"path": "CreatedOn", "order": "desc"}

👍
Next

Developer Guide

Working with Metrics

Postman Collection

Using the API Explorer