Get search results for a given Armis Standard Query (ASQ) search string.

Parameters

ParameterDescription
ASQ Search StringThe Armis Standard Query (ASQ) search string to search by.

Every query string should begin with a search type indicating what the search is for. Valid search types include:
* in:alerts
* in:applications
* in:businessApplications
* in:connections
* in:devices
* in:operatingSystems
* in:riskFactors
* in:services
* in:traffic
* in:users
* in:vulnerabilities
* in:activity

Example: in:devices after:2022-03-10 before:2023-05-15
FieldsA comma-separated list of fields to include in the response.
Include Total CountSelect to get the total count of matching results.
Order ByA comma-separated list of fields to sort results by.

The default sort is ascending. Use :desc suffix for descending order (e.g., lastSeen:desc).

For example:
* lastSeen:desc
* lastSeed (ascending order)
Page SizeThe maximum number of results to return per request.
Return All PagesAutomatically fetch all resources, page by page.
Starting IndexThe index of the first result to return, used for pagination.
TimezoneThe timezone to use when executing the query.

Example Output

{
	"data": {
		"results": [
			{
				"activityUUID": "sBEbYGsBAAAAAABkzx4s",
				"title": "e0553d490 performed DNS query to domain 'abc-ssl.xyz.com'",
				"content": "Resolved IPs: 152.101.26.236",
				"type": "Dns Query",
				"protocol": "Wifi",
				"sensor": {
					"name": "0c:8d:db:b2:61:3e"
				},
				"time": "2019-03-06T13:08:53.016075+00:0",
				"deviceIds": [
					1475,
					1498
				],
				"connectionIds": [
					1599,
					9804
				]
			}
		]
	},
	"success": true
}

Workflow Library Example

Search with Armis Centrix and Send Results Via Email

Preview this Workflow on desktop