Skip to main content

Get Query Viewer Results

Get the results for a given query viewer ID.

Parameters

ParameterDescription
Disable SSL EnforcementEnable this option to skip SSL verification of the server's certificate chain and host name. This may increase security vulnerabilities, but can be useful for testing or when custom verification is employed.
Query Viewer IDThe query viewer ID. Can be obtained by the List Query Viewers action.

Example Output

{
"ArcSightESM": {
"QueryViewerResults": [
{
"Attacker Address": "1.1.1.1",
"Attacker Zone URI": "/All Zones/ArcSight System/Public Address Space Zones/E.I. duPont de Nemours and Co. Inc.",
"End Time": "1589028174502",
"Event ID": "12345678",
"Name": "Login succeeded for user name 'admin'",
"Start Time": "1589028174502"
},
{
"Attacker Address": "2.2.2.2",
"Attacker Zone URI": "/All Zones/ArcSight System/Public Address Space Zones/E.I. duPont de Nemours and Co. Inc.",
"End Time": "1589028234536",
"Event ID": "87654321",
"Name": "Login succeeded for user name 'admin'",
"Start Time": "1589028234536"
},
{
"Attacker Address": "3.3.3.3",
"Attacker Zone URI": "/All Zones/ArcSight System/Public Address Space Zones/E.I. duPont de Nemours and Co. Inc.",
"End Time": "1589028294471",
"Event ID": "14725836",
"Name": "Login succeeded for user name 'admin'",
"Start Time": "1589028294471"
}
]
}
}

Workflow Library Example

Get Query Viewer Results with Arcsight Esm and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop