Query detections - Cisco XDR APIs

{"type":"api","title":"Query detections","meta":{"id":"/apps/pubhub/media/cisco-xdr-api-docs/f4e065ff5977829c89df289df08411f83205f526/c863f2ae-5ca3-3d27-9fd9-e536d4b0ebeb","info":{"title":"XDR Query Service API","version":"1.0.0"},"x-parser-conf":{"serverConfig":"select","overview":{"markdownPath":"reference/findings-query/overview.md","uri":"findings-query-api-guide"},"disableAuthEditing":true,"exampleAsDefault":true,"oAuth2":{"clientId":"client-546e34fc-c6bf-4951-ac69-f6d7987a7814","clientSecret":"MYw4_E_tBdFwUwrX6WFYKVD5LQrG2k7XrJ5J046wWE0s1gAKCxJ8VA","proxyEnabled":false},"meta":{"useProxy":true}},"openapi":"3.1.0","servers":[{"url":"https://queryservice.us.security.cisco.com"}],"securitySchemes":{"bearer":{"bearerFormat":"JWT","scheme":"bearer","type":"http"}}},"spec":{"description":"Search detections in data lake with filters and pagination","operationId":"get_detections_search","parameters":[{"description":"The start time filter for the detection time field in UTC format. If not provided, defaults to 7 days before 'end_time'. If 'end_time' is also not provided, defaults to 7 days before the current time.","explode":false,"in":"query","name":"start_time","schema":{"description":"The start time filter for the detection time field in UTC format. If not provided, defaults to 7 days before 'end_time'. If 'end_time' is also not provided, defaults to 7 days before the current time.","format":"date-time","type":"string"}},{"description":"The end time filter for the detection time field in UTC format. If not provided, defaults to 7 days after 'start_time'. If 'start_time' is also not provided, defaults to the current time.","explode":false,"in":"query","name":"end_time","schema":{"description":"The end time filter for the detection time field in UTC format. If not provided, defaults to 7 days after 'start_time'. If 'start_time' is also not provided, defaults to the current time.","format":"date-time","type":"string"}},{"description":"The list of severities to filter by. Multiple values are combined using an IN clause.","explode":false,"in":"query","name":"severity","schema":{"description":"The list of severities to filter by. Multiple values are combined using an IN clause.","items":{"enum":["Low","Medium","High","Critical","Unknown"],"type":"string"},"type":["array","null"]}},{"description":"The list of ids of the products to filter by. Multiple values are combined using an IN clause.","explode":false,"in":"query","name":"source","schema":{"description":"The list of ids of the products to filter by. Multiple values are combined using an IN clause.","items":{"type":"string"},"type":["array","null"]}},{"description":"The title of the detection to filter by, it can be partial or full match","explode":false,"in":"query","name":"title","schema":{"description":"The title of the detection to filter by, it can be partial or full match","type":"string"}},{"description":"The id of the detection to filter by","explode":false,"in":"query","name":"detection_id","schema":{"description":"The id of the detection to filter by","type":"string"}},{"description":"The label to filter detections by. Multiple values are combined using an IN clause.","explode":false,"in":"query","name":"label","schema":{"description":"The label to filter detections by. Multiple values are combined using an IN clause.","items":{"enum":["regular-finding","non-regular-finding","intake-api-finding"],"type":"string"},"type":["array","null"]}},{"description":"The limit on the number of detections to return, minimum 10, maximum 200","explode":false,"in":"query","name":"limit","schema":{"default":10,"description":"The limit on the number of detections to return, minimum 10, maximum 200","format":"int64","maximum":200,"minimum":10,"type":"integer"}},{"description":"The offset for pagination, minimum 0, maximum 1e9","explode":false,"in":"query","name":"offset","schema":{"default":0,"description":"The offset for pagination, minimum 0, maximum 1e9","format":"int64","maximum":1000000000,"minimum":0,"type":"integer"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"properties":{"data":{"description":"The array of detections","items":{"additionalProperties":false,"properties":{"data_status":{"description":"The status of the data","type":"string"},"detection_id":{"description":"The unique ID of the detection","type":"string"},"detection_severity":{"description":"The severity of the detection","type":"string"},"detection_src_url":{"description":"The source URL of the detection","type":"string"},"detection_time":{"description":"The time of detection","format":"date-time","type":"string"},"detection_title":{"description":"The title of the detection","type":"string"},"detection_type":{"description":"The type of detection","type":"string"},"detection_xdr_module":{"description":"The XDR module of the detection","type":"string"},"detection_xdr_module_instance_id":{"description":"The XDR module instance ID of the detection","type":"string"},"findings_count":{"description":"The number of findings associated with the detection","format":"int64","type":"integer"},"first_ingest_time":{"description":"The first time the detection was ingested","format":"date-time","type":"string"},"latest_ingest_time":{"description":"The latest time the detection was ingested","format":"date-time","type":"string"},"product_name":{"description":"The name of the product","type":"string"},"product_uid":{"description":"The unique identifier of the product","type":"string"}},"required":["detection_id","findings_count","detection_time","first_ingest_time","latest_ingest_time","detection_title","detection_severity","detection_src_url","detection_type","detection_xdr_module","detection_xdr_module_instance_id","product_name","product_uid","data_status"],"type":"object","$$ref":"#/components/schemas/Detection"},"type":["array","null"]},"meta":{"additionalProperties":false,"properties":{"limit":{"description":"The limit on the number of detections to return for the current request","format":"int64","type":"integer"},"next":{"description":"The link to the next page, empty if no next page","type":"string"},"offset":{"description":"The offset for pagination for the current request","format":"int64","type":"integer"},"prev":{"description":"The link to the previous page, empty if no previous page","type":"string"},"total_count":{"description":"The total number of records","format":"int64","type":"integer"}},"required":["total_count","limit","offset","prev","next"],"type":"object","$$ref":"#/components/schemas/DetectionsMeta"}},"required":["meta","data"],"type":"object","$$ref":"#/components/schemas/DetectionsResponse"}}},"description":"OK"},"default":{"content":{"application/json":{"schema":{"additionalProperties":false,"properties":{"details":{"items":{"type":"string"},"type":["array","null"]},"message":{"type":"string"},"status":{"format":"int64","type":"integer"}},"required":["status","message"],"type":"object","$$ref":"#/components/schemas/DataServiceError"}}},"description":"Error"}},"security":[{"bearer":[]}],"summary":"Query detections","tags":["Detections"],"__originalOperationId":"get-detections-search","method":"get","path":"/api/v1/query/detections/search"}}