Create an Organization Catalog Query - Orbital API

{"type":"api","title":"Create an Organization Catalog Query","meta":{"id":"/apps/pubhub/media/orbital-api/1c9ae58c5602552df6194a1545023fdb0c609c3b/6031b5a0-67fa-3480-bf75-857e24b55963","info":{"description":"Documentation of the Orbital API\n\nTo authenticate:\n\n\nFollow steps 1 through 3 from the SecureX Authorization section of this article to generate a SecureX Token.\nhttps://developer.cisco.com/docs/secure-endpoint/#!authentication\n\n\nclick \"Authorize\" button\nIn \"Value\" - enter token from above, prefixed with \"Bearer \" (no quotes)\nClick \"Authorize\", followed by \"Close\"\n\nNow the \"Try it out\" button can work","title":"Orbital API","version":"0.0.1"},"security":[{"AuthorizationHeader":[]}],"openapi":"3.0.3","servers":[{"description":"North America","url":"https://enterprise.orbital.amp.cisco.com/v0"},{"description":"Asia, Pacific, Japan, and China","url":"https://apjc.orbital.amp.cisco.com/v0"},{"description":"Europe","url":"https://eu.orbital.amp.cisco.com/v0"}],"securitySchemes":{"AuthorizationHeader":{"description":"Ex: Bearer \\\u003ctoken\\\u003e","in":"header","name":"authorization","type":"apiKey"}}},"spec":{"description":"Create an Organization Catalog Query","operationId":"idOfCatalogQueryCreate","requestBody":{"content":{"application/json":{"schema":{"properties":{"description":{"description":"catalog query title","example":"terminate processes","type":"string"},"id":{"description":"catalog id","example":"123","type":"string"},"osquery":{"description":"OSQueries allows us to marshal a []OSQuery to PostgresQL","items":{"properties":{"bookkeeping":{"description":"Bookkeeping is a flag set when the SQL is internal to orbital and the result (if no error)\nis to be discarded","example":true,"type":"boolean"},"label":{"description":"Label is an optional user-provided identifier to associate an OSQuery with its OSQueryResult.","example":"get all the processes","type":"string"},"name":{"description":"Name is an optional user-provided human readable description to associate an OSQuery with its OSQueryResult.","example":"fetch process","type":"string"},"sql":{"description":"SQL provides an OSQuery SQL statement to evaluate.","example":"select * from processes","type":"string"},"types":{"description":"Types provides the CTIM observable types for each of the columns in the result table. If Types\nare omitted, the column should be considered untyped.","example":["process","query"],"items":{"description":"Observable Type\nA Type of Observable is an annotation used to document that the value is one with a specific meaning in the intelligence model.","type":"string","$$ref":"#/components/schemas/Type"},"type":"array"}},"type":"object","$$ref":"#/components/schemas/OSQuery"},"type":"array","$$ref":"#/components/schemas/OSQueries"},"platform":{"description":"platform list","example":["darwin","windows"],"items":{"type":"string"},"type":"array"},"title":{"description":"catalog query title","example":"terminate processes","type":"string"},"version":{"description":"version","example":"1.20","type":"string"}},"type":"object","$$ref":"#/components/schemas/QueryRequest"}}},"description":"Parameter required to create or update catalog query record","x-originalParamName":"Body"},"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"data":{"description":"Query models the wire format of a Query. Types are substituted\nwhere a translation to the internal format is implied.\nUnsigned integers have been substituted for the signed equivalents\nto preclude illegal negative values. They will be cast back\nto signed integers in Query(). Note that as a wire format, the\nprimary Go constructor for this type is Unmarshal, but the actual\nconstructor (place they are made) is the UI.","properties":{"allowOS":{"properties":{"StringArray":{"description":"StringArray allows us to marshal a []string to PostgresQL","items":{"type":"string"},"type":"array","$$ref":"#/components/schemas/StringArray"}},"type":"object","$$ref":"#/components/schemas/AllowOSArray"},"cidr":{"type":"string"},"context":{"additionalProperties":{"items":{"type":"string"},"type":"array"},"type":"object","$$ref":"#/components/schemas/Args"},"created":{"format":"int64","type":"integer"},"creator":{"type":"string"},"expiry":{"format":"int64","type":"integer"},"id":{"type":"string"},"internaltopic":{"type":"string"},"interval":{"format":"uint64","type":"integer"},"linked":{"description":"StringArray allows us to marshal a []string to PostgresQL","items":{"type":"string"},"type":"array","$$ref":"#/components/schemas/StringArray"},"maxresultsize":{"format":"uint32","type":"integer"},"name":{"type":"string"},"nodes":{"items":{"type":"string"},"type":"array","$$ref":"#/components/schemas/Nodes"},"nodeversions":{"description":"Versions allows us to marshal a []string to PostgresQL","items":{"type":"string"},"type":"array","$$ref":"#/components/schemas/Versions"},"organization":{"type":"string"},"os":{"items":{"type":"string"},"type":"array","$$ref":"#/components/schemas/OSArray"},"osQuery":{"description":"OSQueries allows us to marshal a []OSQuery to PostgresQL","items":{"properties":{"bookkeeping":{"description":"Bookkeeping is a flag set when the SQL is internal to orbital and the result (if no error)\nis to be discarded","example":true,"type":"boolean"},"label":{"description":"Label is an optional user-provided identifier to associate an OSQuery with its OSQueryResult.","example":"get all the processes","type":"string"},"name":{"description":"Name is an optional user-provided human readable description to associate an OSQuery with its OSQueryResult.","example":"fetch process","type":"string"},"sql":{"description":"SQL provides an OSQuery SQL statement to evaluate.","example":"select * from processes","type":"string"},"types":{"description":"Types provides the CTIM observable types for each of the columns in the result table. If Types\nare omitted, the column should be considered untyped.","example":["process","query"],"items":{"description":"Observable Type\nA Type of Observable is an annotation used to document that the value is one with a specific meaning in the intelligence model.","type":"string","$$ref":"#/components/schemas/Type"},"type":"array"}},"type":"object","$$ref":"#/components/schemas/OSQuery"},"type":"array","$$ref":"#/components/schemas/OSQueries"},"osqueryversions":{"description":"Versions allows us to marshal a []string to PostgresQL","items":{"type":"string"},"type":"array","$$ref":"#/components/schemas/Versions"},"postbacks":{"items":{"description":"Postback represents the wire format of a query.Postback.\nNOTE: the String() method below will be triggered if you\nattempt to create a Value() method to emit this type as JSON\nfor sqlx. So, just use json.Marshal.","properties":{"accessKey":{"type":"string"},"bucket":{"type":"string"},"fingerprint":{"type":"string"},"format":{"type":"string"},"region":{"type":"string"},"requirerows":{"type":"boolean"},"secretKey":{"type":"string"},"token":{"type":"string"},"url":{"type":"string"},"webhookid":{"type":"string"}},"title":"Postback","type":"object","$$ref":"#/components/schemas/Postback"},"type":"array","$$ref":"#/components/schemas/Postbacks"},"probe":{"type":"boolean"},"query_type":{"type":"string"},"script":{"$ref":"#/components/schemas/Script","$$ref":"#/components/schemas/Script"},"stock":{"type":"string"},"stockArgs":{"additionalProperties":{"items":{"type":"string"},"type":"array"},"type":"object","$$ref":"#/components/schemas/Args"},"token":{"type":"string"}},"type":"object","$$ref":"#/components/schemas/Query"},"errors":{"items":{"type":"string"},"type":"array"}},"type":"object","$$ref":"#/components/schemas/CatalogQueryResponse"}}},"description":"catalog query.","$$ref":"#/components/responses/CatalogQueryResponse"},"400":{"content":{"application/json":{"schema":{"properties":{"errors":{"example":["query content should not exceed 65536 bytes"],"items":{"type":"string"},"type":"array"}},"type":"object","$$ref":"#/components/schemas/ErrorMsg400CatalogQueryPostLarge"}}},"description":"Catalog Query Error 400 POST Response","$$ref":"#/components/responses/ErrorMsg400CatalogQueryPost"},"401":{"content":{"application/json":{"schema":{"properties":{"errors":{"example":["authentication required"],"items":{"type":"string"},"type":"array"}},"type":"object","$$ref":"#/components/schemas/ErrorMsg401MissingToken"}}},"description":"Script Error 401 Response","$$ref":"#/components/responses/ErrorMsg401"},"403":{"content":{"application/json":{"schema":{"properties":{"errors":{"example":["access to this feature is not permitted"],"items":{"type":"string"},"type":"array"}},"type":"object","$$ref":"#/components/schemas/ErrorMsg403Forbidden"}}},"description":"Script Error 403 Response","$$ref":"#/components/responses/ErrorMsg403Forbid"}},"security":[{"AuthorizationHeader":[]}],"summary":"Create an Organization Catalog Query","tags":["Queries"],"__originalOperationId":"idOfCatalogQueryCreate","method":"post","path":"/catalogs"}}