Search for lookup data.

Parameters

ParameterDescription
Collection TypeThe collection type to query data for.
QueryThe query data to search for.
For each collection type there will be a different set of queries.

For example:
For the asset collection type, the query will look like the following - entityname = "QUALYSTEST|30489654_42428"
For the geolocation collection type, the query will look like the following - location = "City:Paris Region:A8 Country:FR" and longitude = "2.3488"

Example Output

{
  "available": "false",
  "error": "false",
  "events": [{
    "directImport": "false",
    "hour": "0",
    "ignored": "false",
    "invalid": "false",
    "invalidEventAction": "0",
    "tenantid": "1",
    "tenantname": "Securonix",
    "u_id": "-1",
    "u_userid": "-1",
    "result": {
      "entry": [{
        "key": "value_u_customfield4",
        "value": "allows attackers to obtain sensitive information"
      },
        {
          "key": "value_u_customfield11",
          "value": "CVE-2014-2212"
        },
        {
          "key": "lookupname",
          "value": "VulnerableHostLookUpTable"
        },
        {
          "key": "key",
          "value": "WW9452"
        }
      ]
    }
  }]
  "from": "1533838272825",
  "offset": "1000",
  "query": "index=lookup and lookupname = \"VulnerableHostLookUpTable\"",
  "searchViolations": "false",
  "to": "1536516672825",
  "totalDocuments": "1"
}

Workflow Library Example

Search Lookup Data with Securonix and Send Results Via Email

Preview this Workflow on desktop

Search for lookup data.

Parameters

ParameterDescription
Collection TypeThe collection type to query data for.
QueryThe query data to search for.
For each collection type there will be a different set of queries.

For example:
For the asset collection type, the query will look like the following - entityname = "QUALYSTEST|30489654_42428"
For the geolocation collection type, the query will look like the following - location = "City:Paris Region:A8 Country:FR" and longitude = "2.3488"

Example Output

{
  "available": "false",
  "error": "false",
  "events": [{
    "directImport": "false",
    "hour": "0",
    "ignored": "false",
    "invalid": "false",
    "invalidEventAction": "0",
    "tenantid": "1",
    "tenantname": "Securonix",
    "u_id": "-1",
    "u_userid": "-1",
    "result": {
      "entry": [{
        "key": "value_u_customfield4",
        "value": "allows attackers to obtain sensitive information"
      },
        {
          "key": "value_u_customfield11",
          "value": "CVE-2014-2212"
        },
        {
          "key": "lookupname",
          "value": "VulnerableHostLookUpTable"
        },
        {
          "key": "key",
          "value": "WW9452"
        }
      ]
    }
  }]
  "from": "1533838272825",
  "offset": "1000",
  "query": "index=lookup and lookupname = \"VulnerableHostLookUpTable\"",
  "searchViolations": "false",
  "to": "1536516672825",
  "totalDocuments": "1"
}

Workflow Library Example

Search Lookup Data with Securonix and Send Results Via Email

Preview this Workflow on desktop