Get Query Viewer Results
Get the results for a given query viewer ID.
Parameters
Parameter | Description |
---|---|
Disable SSL Enforcement | Enable this option to skip SSL verification of the server's certificate chain and host name. This may increase security vulnerabilities, but can be useful for testing or when custom verification is employed. |
Query Viewer ID | The query viewer ID. Can be obtained by the List Query Viewers action. |
Example Output
{
"ArcSightESM": {
"QueryViewerResults": [
{
"Attacker Address": "1.1.1.1",
"Attacker Zone URI": "/All Zones/ArcSight System/Public Address Space Zones/E.I. duPont de Nemours and Co. Inc.",
"End Time": "1589028174502",
"Event ID": "12345678",
"Name": "Login succeeded for user name 'admin'",
"Start Time": "1589028174502"
},
{
"Attacker Address": "2.2.2.2",
"Attacker Zone URI": "/All Zones/ArcSight System/Public Address Space Zones/E.I. duPont de Nemours and Co. Inc.",
"End Time": "1589028234536",
"Event ID": "87654321",
"Name": "Login succeeded for user name 'admin'",
"Start Time": "1589028234536"
},
{
"Attacker Address": "3.3.3.3",
"Attacker Zone URI": "/All Zones/ArcSight System/Public Address Space Zones/E.I. duPont de Nemours and Co. Inc.",
"End Time": "1589028294471",
"Event ID": "14725836",
"Name": "Login succeeded for user name 'admin'",
"Start Time": "1589028294471"
}
]
}
}
Workflow Library Example
Get Query Viewer Results with Arcsight Esm and Send Results Via Email
Preview this Workflow on desktop