Global Security Forum

 View Only
  • 1.  REST API filter

    Posted Fri April 03, 2020 02:34 AM
      |   view attached
    Hi There
    I am trying to use REST API to get offense data using  https://192.168.0.15/api_doc#version=12.0&api=%2Fsiem%2Foffenses&method=GET
    the offense objective have a field called rules with nest filed id and type. when I try to use that nest ID field rules(id) it keep throw me 422 error as below
    request url as below 
    https://192.168.0.15/api/siem/offenses?filter=rules(id)%3D100365
    error message
    {
      "http_response": {
        "code": 422,
        "message": "The request was well-formed but was unable to be followed due to semantic errors"
      },
      "code": 1010,
      "description": "The filter parameter is not valid.",
      "details": {},
      "message": "Filter field doesn't exist: rules"
    }
    it works fine with root field just not nest filed
    Anyone know what I am doing wrong?

    Thanks in advance


    ------------------------------
    Linsong Guo
    ------------------------------


  • 2.  RE: REST API filter

    Posted Mon April 06, 2020 01:48 PM
    Hello,

    Try using this syntax instead:

    rules contains id=100365

    Because the "rules" object is a list of other objects, there can be more than one rules(id) value, so the correct way to filter is by using the contains operator. This is effectively saying:

    return all offenses who have a "rules" list that contains a rule with id=100365

    Hope this helps,
    Colin


    ------------------------------
    COLIN HAY
    ------------------------------