Integrations
- Integrations
- 1Password
- Abnormal
- Absolute
- AbuseIPDB
- Acronis
- Active Directory On-Prem
- Adaptive Shield
- Adobe Cloud
- ADP
- Agari Phishing Response
- Airlock
- Airlock Digital
- Akamai Identity Cloud Social
- Alert Logic
- AlgoSec Firewall Analyzer
- Alienvault OTX
- Alienvault USM
- Anthropic
- Anodot
- Any Run
- Ansible
- Anvilogic
- Apex One
- ArcSight ESM
- Area 1
- Asana
- Asset Panda
- Astrix
- Atlassian Crowd
- Atlassian User Management
- Atlassian User Provisioning
- AuditBoard
- auth0
- Authentik
- Authomize
- Automox
- AWS
- AWS IAM Identity Center
- Axonius
- Azure
- Azure Data Explorer
- Azure DevOps
- Azure Log Analytics
- Azure Storage
- BambooHR
- Big Fix
- BigPanda
- Bitbucket
- Bitdefender
- Bitsight
- Bitwarden
- Black Duck
- Black Kite
- Blink
- BMC Remedy
- Box
- Brinqa
- Cato Networks
- Censys
- Chorus
- Cisco Advanced Phishing Protection
- Cisco Domain Protection
- Cisco Meraki
- Cisco Talos
- Cisco Umbrella
- Cisco Webex
- Claroty xDome
- ClearPass
- ClickHouse
- ClickUp
- Cloud Custodian
- Cloudflare
- Cloudflare R2
- Cobalt.io
- Check Point Harmony
- Check Point Infinity Events
- Check Point Management
- Check Point XDR/XPR
- Checkmarx SAST
- Checkmarx One
- Chronicle
- Compass
- Confluence
- Confluence Data Center
- Coralogix
- Coralogix Incident Management
- Cortex XDR
- Cortex Xpanse
- Coupa Compass
- CredStash
- Cribl
- CrowdStrike
- CyberArk
- Cybersixgill
- CyCognito
- Cyera
- Cylance
- Cyware CTIX
- Darktrace
- Dasera
- Databricks
- Datadog
- DataSet
- Discord
- Docusign
- Delighted
- Delinea
- Devo
- Domo
- Drata
- Dropbox
- Dropbox Business
- druva
- Duo
- Duo Auth
- Dynatrace
- EasyVista
- EchoTrail
- Egnyte
- Egnyte Secure Govern
- Elasticsearch
- Entro
- Entrust Certificate Services
- Ermetic
- Exabeam
- Exchange Online
- Expel
- F5
- Falcon LogScale
- Falcon Surface
- Fastly
- Flare.io
- Forcepoint DLP
- Forescout
- FortiGate
- Freshservice
- GCP
- Gemini
- Ghostwriter
- Git
- GitHub
- GitLab
- Glean
- Gmail
- Google Calendar
- Google Chat
- Google Docs
- Google Drive
- Google Forms
- Google Meet
- Google Looker
- Google Sheets
- Google Workspace
- Grafana
- Greenhouse
- GreyNoise
- Grip Security
- GYTPOL
- Have I Been Pwned
- HackerOne
- Halo Service Desk
- HackNotice
- HiBob
- HubSpot
- Hunters
- Hybrid Analysis
- Hyperproof
- IBM CLoud
- IBM NS1 Connect
- IBM X Force
- Imperva
- Incident.io
- Infobip
- Infoblox Cloud Services Portal
- Intercom
- Intezer
- IP API
- IPinfo
- IPWHOIS
- Ivanti RiskSense
- Ironscales
- Jamf
- JetBrains
- JFrog
- Jira
- Jira Data Center
- Joe Sandbox
- JumpCloud
- Kandji
- Keeper Secrets Manager
- Kenna Security
- KnowBe4
- KnowBe4 Events
- Kubernetes
- Lacework
- LaunchDarkly
- LimaCharlie
- Linear
- Litmos
- Living Security
- LogicMonitor
- LogRhythm
- Manage Engine ServiceDesk Plus
- Mattermost
- Maven
- Microsoft Defender For Cloud
- Microsoft Defender For Cloud Apps
- Microsoft Defender For Endpoints
- Microsoft Defender XDR
- Microsoft E-Discovery
- Microsoft Entra ID
- Microsoft Graph
- Microsoft Intune
- Microsoft Office 365 Management Activity
- Microsoft Outlook
- Microsoft Purview
- Microsoft Sentinel
- Microsoft SQL Server
- Microsoft Teams
- Mimecast
- MISP
- Monday
- MongoDB Atlas
- MxToolbox
- Neo4j
- NetBox
- Netography
- Netskope
- New Relic
- Nightfall AI
- NinjaOne
- Notion
- Nozomi Networks
- Nuclei
- Nucleus
- Nutanix Hypervisor
- Obsidian
- Okta
- OneDrive
- OneLogin
- OneTrust
- Oort
- OpenAI
- OpenCTI
- Opsgenie
- OPSWAT
- Oracle Cloud
- Oracle HCM
- Orca Security
- OWASP ZAP
- PagerDuty
- Palo Alto NGFW
- Palo Alto Firewall
- Panther
- Pentera
- Perception Point
- PhishLabs
- PhishLabs Incident Data
- PhishLabs Open Web Monitoring
- Pingdom
- PingID
- PingOne
- PlexTrac
- PortSwigger
- Power BI
- PowerShell
- Postman
- Postman SCIM
- Prisma Access
- Prisma Cloud
- Prisma Cloud CWP
- Prometheus
- Proofpoint
- Proofpoint ITM
- Proofpoint Protection Server
- Proofpoint Security Awareness Training
- Proofpoint TAP
- Proofpoint TRAP
- Pub-Sub
- QRadar
- Qualys
- Rapid7
- Rapid7 InsightIDR
- Rapid7 InsightVM Cloud
- Rapid7 Threat Command
- Reco
- Recorded Future
- Recorded Future Triage Cloud
- Red Hat IDM
- Rippling
- runZero
- SafeBase
- Sage HR
- SailPoint
- SailPoint IdentityIQ
- Salesforce
- SAP Ariba
- Sap Concur
- ScienceLogic
- Securin
- Securin VI
- SecurityScorecard
- Securonix
- Seemplicity
- Sekoia.io
- SemGrep
- SentinelOne
- ServiceNow
- SharePoint
- Shodan
- Shopify
- Silverfort
- Slack
- Smartsheet
- Snipe IT
- Snowflake
- Snyk
- SolarWinds Information Service
- SolarWinds Service Desk
- SonarQube
- Sophos
- Split
- Splunk
- Splunk Observability
- Splunk SOAR
- Spur
- StrongDM
- Sumo Logic
- Symantec EDR
- Sysdig
- Tableau
- Tanium
- TeamCity
- TeamViewer
- Telegram
- Tempo
- Tenable
- Tenable Security Center
- Terraform
- Terraform Cloud
- Tessian
- TheHive
- Thinkst Canary
- ThreatQuotient
- Trellix Email Security
- Trello
- Trend Vision One
- Twilio
- UKG HR
- Uptycs
- URLScan
- Vault
- Veracode
- Verkada
- Vertica
- VMware vSphere
- VMware Carbon Black
- VirusTotal
- WeChat
- WhatsApp
- WhoIs
- WildFire
- Wiz
- Workday
- Workspace ONE UEM
- YesWeHack
- Zendesk
- Zero Networks
- Zoom
- Zscaler Internet Access
- Zscaler Private Access
Actions
Get Query Job
Gets a query job by ID.
Parameters
Parameter | Description |
---|---|
Job ID | The job ID. |
Example Output
{
"agentType": "asset",
"createdAt": "2023-12-31T08:06:37.007Z",
"createdBy": "aca014ba-2c3b-4456-b3df-046e0166801c",
"customerId": "string",
"endTime": null,
"error": null,
"filters": null,
"id": "string",
"incompleteResults": false,
"links": [
{
"href": "string",
"rel": "self",
"title": "Query job information"
},
{
"href": "string",
"rel": "parent",
"title": "Query jobs information"
}
],
"name": "string",
"parameterValues": null,
"parameters": null,
"purged": false,
"query": "WITH assets AS (\n SELECT *\n FROM upt_assets_all\n \n ),\n latest_scan AS (\n SELECT upt_asset_id, MAX(upt_time) AS latest_scan_time\n FROM vulnerabilities\n WHERE upt_day >= CAST(date_format((CURRENT_DATE - INTERVAL '3' DAY), '%Y%m%d') AS INT)\n GROUP BY upt_asset_id\n ),\n vulnerabilities AS (\n SELECT v.*\n FROM vulnerabilities v\n JOIN latest_scan s ON v.upt_asset_id = s.upt_asset_id AND v.upt_time = s.latest_scan_time\n WHERE v.upt_day >= CAST(date_format((CURRENT_DATE - INTERVAL '3' DAY), '%Y%m%d') AS INT)\n AND (system_type IN ('host', 'volume') OR system_type is NULL)\n ),\n\n vulnerabilities_without_exceptions AS\n (\n SELECT *\n FROM vulnerabilities\n WHERE upt_day >= CAST(date_format((CURRENT_DATE - INTERVAL '3' DAY), '%Y%m%d') AS INT)\n AND cve_list NOT IN (SELECT cve_id FROM upt_vulnerability_exceptions)\n ),\n\n latest_vulnerabilities AS (\n SELECT upt_asset_id, upt_hostname, cve_list, cvss_score, os, os_version ,package_name, package_version, package_type, indicator_hash, upt_asset_group_name,\n IF((indicator_operator = 'lt' OR indicator_operator='rng_e') AND indicator_version IS NOT NULL, true, false) AS fixAvailable,\n CASE\n \tWHEN EXISTS (SELECT 1 FROM upt_threat_exploits ute WHERE ute.cve_id = v.cve_list AND description IS NOT NULL)\n THEN true\n ELSE false\n END AS exploitable,\n CASE\n WHEN indicator_operator = 'lt' AND indicator_version IS NOT NULL THEN indicator_version\n WHEN indicator_operator = 'rng_e' AND indicator_version IS NOT NULL THEN split_part(indicator_version, ',', 2)\n ELSE ''\n END fixVersion,\n CASE\n WHEN MAX(CAST(cvss_score AS REAL)) < 4 THEN 'low'\n WHEN MAX(CAST(cvss_score AS REAL)) >= 4 AND MAX(CAST(cvss_score AS REAL)) < 7 THEN 'medium'\n WHEN MAX(CAST(cvss_score AS REAL)) >= 7 AND MAX(CAST(cvss_score AS REAL)) < 9 THEN 'high'\n WHEN MAX(CAST(cvss_score AS REAL)) >= 9 THEN 'critical'\n ELSE 'unknown'\n END AS severity,\n max(upt_time) AS last_seen_vln_at\n FROM vulnerabilities_without_exceptions v\n \n GROUP BY 1,2,3,4,5,6,7,8,9,10,11,12,13,14\n ),\n\n published_cves AS\n (\n SELECT\n indicator_hash,\n MAX(published) as published,\n MAX(date_diff('day', DATE(published), CURRENT_DATE)) AS age\n FROM upt_threat_indicators\n WHERE cve_list IS NOT NULL AND is_active=TRUE\n GROUP BY indicator_hash\n\n ),\n\n vln_with_published_date AS (\n SELECT lv.*, uti.published, uti.description\n FROM upt_threat_indicators uti\n JOIN latest_vulnerabilities lv ON uti.indicator_hash = lv.indicator_hash\n \n ),\n\n vln_summary AS (\n SELECT upt_asset_id as assetId, upt_hostname as hostName,\n \t\t\t cve_list AS cveId,\n \t\t\t severity,\n \t\t\t fixAvailable,\n \t\t\t cvss_score AS cvssScore,\n \t\t\t description,\n \t\t\t exploitable,\n published AS cvePublishedAt,\n upt_asset_group_name AS assetGroup,\n last_seen_vln_at AS cveLastSeenAt,\n COUNT(DISTINCT package_name) AS packagesAffectedCount,\n \t\t\t COUNT(*) FILTER (WHERE fixAvailable=true) AS totalFixAvailable\n FROM vln_with_published_date\n GROUP BY 1,2,3,4,5,6,7,8,9,10,11\n ),\n\n vln_summary_with_assets AS (\n SELECT vln.*, a.live as isLive, a.last_activity_at as recentHostActivity, os, os_version AS osVersion, a.tags\n FROM vln_summary vln JOIN assets a\n ON a.id = vln.assetId\n )\n\n SELECT * FROM vln_summary_with_assets ORDER BY assetId, cveId\n OFFSET 0 LIMIT 1000",
"queryId": null,
"queryStats": null,
"resourceType": "asset",
"rowCount": 0,
"source": "DASHBOARDS",
"startTime": null,
"status": "QUEUED",
"type": "global",
"updatedAt": "2023-12-31T08:06:37.007Z",
"updatedBy": null
}
Workflow Library Example
Get Query Job with Uptycs and Send Results Via Email
Preview this Workflow on desktop
Was this page helpful?
On this page
Assistant
Responses are generated using AI and may contain mistakes.