Search Records
This is the API that is used for searching. This call takes advantage of the Netography Query Language via the search parameter.
External Documentation
To learn more, visit the Netography documentation.
Basic Parameters
Parameter | Description |
---|---|
Context | Context of the Search Request. |
End | When the search should end. Timestamp, 0 for now or negative number of seconds to look back.For example: 0. |
From | Used in pagination. Combination of from + size. |
Size | Number of results to return. Default to 20. |
Start | When the search should begin. Timestamp or negative number of seconds to look back.For example: -7200. |
Advanced Parameters
Parameter | Description |
---|---|
Include | Array of fields you want returned as part of the records. Default is ALL fields. |
Search | NQL search filter string. |
Example Output
{
"meta": {
"code": 200,
"count": 1
},
"data": [
{
"alerttype": "start",
"description": "Srcip reputation is a known phisher",
"severity": "medium",
"start": 1618246683,
"summary": "Knownphisher alert has started to dstip 10.0.0.1",
"tags": [
"aws"
],
"timestamp": 1618246748,
"track_by": [
"srcip",
"dstip"
]
},
{
"bits": 624,
"dstip": "192.168.2.1",
"duration": 140006,
"end": 1618433146,
"flowsrcip": "172.16.1.1",
"inputname": "ge-0/0/0.0",
"output": 0,
"protocol": "tcp",
"srcip": "10.0.0.1",
"start": 1618423146,
"tags": [
"edge"
],
"timestamp": 1618433146,
"tcpflagsint": 16
}
]
}
Workflow Library Example
Search Records with Netography and Send Results Via Email
Preview this Workflow on desktop