Returns results of a particular query - Orbital API

{"type":"api","title":"Returns results of a particular query","meta":{"id":"/apps/pubhub/media/orbital-api/eae5ef1abc124f2d904b17b1697b2df180e92067/6031b5a0-67fa-3480-bf75-857e24b55963","info":{"description":"Documentation of the Orbital API\n\nTo authenticate:\n\n\nFollow steps 1 through 3 from the SecureX Authorization section of this article to generate a SecureX Token.\nhttps://developer.cisco.com/docs/secure-endpoint/#!authentication\n\n\nclick \"Authorize\" button\nIn \"Value\" - enter token from above, prefixed with \"Bearer \" (no quotes)\nClick \"Authorize\", followed by \"Close\"\n\nNow the \"Try it out\" button can work","title":"Orbital API","version":"0.0.1"},"security":[{"AuthorizationHeader":[]}],"openapi":"3.0.3","servers":[{"description":"North America","url":"https://enterprise.orbital.amp.cisco.com/v0"},{"description":"Asia, Pacific, Japan, and China","url":"https://apjc.orbital.amp.cisco.com/v0"},{"description":"Europe","url":"https://eu.orbital.amp.cisco.com/v0"}],"securitySchemes":{"AuthorizationHeader":{"description":"Ex: Bearer \\\u003ctoken\\\u003e","in":"header","name":"authorization","type":"apiKey"}}},"spec":{"description":"Returns results of a particular query","operationId":"idOfJobResult","parameters":[{"description":"Job ID of created job","in":"path","name":"jobid","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"properties":{"error":{"properties":{"en":{"type":"string"}},"type":"object","$$ref":"#/components/schemas/ErrorInfo"},"format":{"type":"string"},"next":{"type":"string"},"query":{"properties":{"authors":{"description":"Authors identifies AuthorInfo for those who developed the entity, using the CEC username of the author. The\nfirst Author is the creator, each additional author mentions people who have made modifications.","items":{"type":"string"},"type":"array"},"categories":{"description":"Categories identifies a stock query categories in relevance order, which is used to group similar queries in the\ncatalog.","items":{"type":"string"},"type":"array"},"conditions":{"description":"Conditions is a list of QueryConditions that determine which variant of the query should run","items":{"description":"QueryCondition provides information needed to support query variants","properties":{"arch":{"description":"Arch is a list of allowed CPU architectures: amd64, i386, arm64","items":{"type":"string"},"type":"array"},"orbitalversion":{"properties":{"after":{"description":"After: version must be lexically after this version","type":"string"},"before":{"description":"Before: version must be lexically before this version","type":"string"},"equals":{"description":"Equals: version must be lexically equal to this version","type":"string"}},"type":"object","$$ref":"#/components/schemas/VersionMatch"},"os":{"description":"OS is a list of allowed OSes: darwin, linux, windows","items":{"type":"string"},"type":"array"},"osqueryversion":{"properties":{"after":{"description":"After: version must be lexically after this version","type":"string"},"before":{"description":"Before: version must be lexically before this version","type":"string"},"equals":{"description":"Equals: version must be lexically equal to this version","type":"string"}},"type":"object","$$ref":"#/components/schemas/VersionMatch"},"variant":{"description":"Variant defines which variant should be run when this condition is true","type":"string"}},"type":"object","$$ref":"#/components/schemas/QueryCondition"},"type":"array"},"created":{"description":"Created specifies when the entity was first created.","format":"date-time","type":"string"},"deprecated":{"description":"Deprecated indicates whether the query is scheduled for removal","type":"boolean"},"description":{"description":"Description describes the query and its purpose for the user, using Markdown.","type":"string"},"disabled":{"description":"Disabled specifies that the query is disabled, and should no longer be used. This will be clearly annotated in\nthe UI.","type":"boolean"},"examples":{"description":"Examples provide example result data for the user.","items":{"description":"QueryExample provides an example result of evaluating a stock query. This will be used by the UI to present a\ntable of example data that can illustrate the purpose of the query.","properties":{"description":{"description":"Description provides an explanation of the results from this example.","type":"string"},"osquery":{"description":"OSQuery provides an example of the results the user should expect from this query from a single host.","items":{"properties":{"columns":{"description":"Columns labels the columns of values.","items":{"type":"string"},"type":"array"},"error":{"description":"Error indicates there was an error evaluating the query.","type":"string"},"label":{"description":"Label is copied from the OSQuery Label so users can associate this result with the OSQuery that spawned it.","type":"string"},"name":{"description":"Name is copied from the OSQuery Name so users can associate this result with the OSQuery that spawned it.","type":"string"},"secs":{"description":"Seconds counts the number of wall clock seconds it took to run the query.","format":"double","type":"number"},"types":{"description":"Types provides the CTIM observable types for each of the columns in the result table. If types\nare omitted or an empty string, the column should be considered untyped.","items":{"description":"Observable Type\nA Type of Observable is an annotation used to document that the value is one with a specific meaning in the intelligence model.","type":"string","$$ref":"#/components/schemas/Type"},"type":"array"},"values":{"description":"Values contains the results of an OSQuery evaluation, in row, column order, such that the 3rd value of the 2nd row\nis at position 2 * width + 3","items":{"type":"string"},"type":"array"}},"type":"object","$$ref":"#/components/schemas/OSResult"},"type":"array"},"title":{"description":"Title is a descriptive title for the example.","type":"string"}},"type":"object","$$ref":"#/components/schemas/QueryExample"},"type":"array"},"experimental":{"description":"Experimental specifies that the query is experimental, and should not show up in catalogs, but is visible by\ndirect reference. This lets developers trial new queries with specific customers and applications without\nmaking any promise of support or suitability.","type":"boolean"},"id":{"description":"ID identifies an entity when referenced from other entities.","type":"string"},"notes":{"description":"Notes contains chatter and discussion between the authors, which is not made visible.","type":"string"},"os":{"description":"OS is a list of allowed OSes: darwin, linux, windows, any?\nThis field is deprecated in favor of Conditions but preserved temporarily","items":{"type":"string"},"type":"array"},"osQuery":{"description":"OSQueries allows us to marshal a []OSQuery to PostgresQL","items":{"properties":{"bookkeeping":{"description":"Bookkeeping is a flag set when the SQL is internal to orbital and the result (if no error)\nis to be discarded","example":true,"type":"boolean"},"label":{"description":"Label is an optional user-provided identifier to associate an OSQuery with its OSQueryResult.","example":"get all the processes","type":"string"},"name":{"description":"Name is an optional user-provided human readable description to associate an OSQuery with its OSQueryResult.","example":"fetch process","type":"string"},"sql":{"description":"SQL provides an OSQuery SQL statement to evaluate.","example":"select * from processes","type":"string"},"types":{"description":"Types provides the CTIM observable types for each of the columns in the result table. If Types\nare omitted, the column should be considered untyped.","example":["process","query"],"items":{"description":"Observable Type\nA Type of Observable is an annotation used to document that the value is one with a specific meaning in the intelligence model.","type":"string","$$ref":"#/components/schemas/Type"},"type":"array"}},"type":"object","$$ref":"#/components/schemas/OSQuery"},"type":"array","$$ref":"#/components/schemas/OSQueries"},"parameters":{"description":"Parameters specifies parameters for OSQuery SQL expressions that can be used for specific entity searches.","items":{"properties":{"default":{"description":"default value of the parameter","items":{"type":"string"},"type":"string"},"description":{"description":"description of the param","type":"string"},"multiple":{"type":"boolean"},"name":{"description":"Name is the name of the parameter, such as mutex_name","type":"string"},"type":{"description":"Type is the type of the parameter, which may be omitted.","type":"string"}},"type":"object","$$ref":"#/components/schemas/ParameterInfo"},"type":"array"},"scope":{"description":"Determines whether this is a global stock query, or an organization query.","type":"string"},"sortOrder":{"description":"Sort order for display purposes","format":"int64","type":"integer"},"subtechnique_mitre_ids":{"description":"SubtechniquesMitreIDs identify a stock query that is relevant when detecting a specific MITRE ATT&CK subtechnique mitre ids.","items":{"type":"string"},"type":"array"},"tactics":{"additionalProperties":{"type":"string"},"description":"Tactics identify a stock query that is relevant when detecting a specific MITRE ATT&CK tactic.","type":"object"},"tactics_mitre_ids":{"description":"TacticsMitreIDs identify a stock query that is relevant when detecting a specific MITRE ATT&CK tactic mitre ids.","items":{"type":"string"},"type":"array"},"techniques":{"additionalProperties":{"type":"string"},"description":"Techniques identify a stock query that is relevant when detecting a specific MITRE ATT&CK technique.","type":"object"},"techniques_mitre_ids":{"description":"TechniqueMitreIDs identify a stock query that is relevant when detecting a specific MITRE ATT&CK technique by their mitre ids.","items":{"type":"string"},"type":"array"},"title":{"description":"Title is a descriptive title for the stock query for the users. It can be improved across the versions.","type":"string"},"updated":{"description":"Updated specifies when the entity was most recently updated.","format":"date-time","type":"string"},"variants":{"additionalProperties":{"description":"OSQueries allows us to marshal a []OSQuery to PostgresQL","items":{"properties":{"bookkeeping":{"description":"Bookkeeping is a flag set when the SQL is internal to orbital and the result (if no error)\nis to be discarded","example":true,"type":"boolean"},"label":{"description":"Label is an optional user-provided identifier to associate an OSQuery with its OSQueryResult.","example":"get all the processes","type":"string"},"name":{"description":"Name is an optional user-provided human readable description to associate an OSQuery with its OSQueryResult.","example":"fetch process","type":"string"},"sql":{"description":"SQL provides an OSQuery SQL statement to evaluate.","example":"select * from processes","type":"string"},"types":{"description":"Types provides the CTIM observable types for each of the columns in the result table. If Types\nare omitted, the column should be considered untyped.","example":["process","query"],"items":{"description":"Observable Type\nA Type of Observable is an annotation used to document that the value is one with a specific meaning in the intelligence model.","type":"string","$$ref":"#/components/schemas/Type"},"type":"array"}},"type":"object","$$ref":"#/components/schemas/OSQuery"},"type":"array","$$ref":"#/components/schemas/OSQueries"},"description":"OSQueries allows us to marshal a []OSQuery to PostgresQL","type":"object","$$ref":"#/components/schemas/Variants"},"warnings":{"description":"Warnings displays a list of warnings to the users for certain queries.","items":{"type":"string"},"type":"array"}},"type":"object","$$ref":"#/components/schemas/QueryInfo"},"results":{"items":{"type":"object"},"type":"array"},"version":{"format":"int64","type":"integer"}},"type":"object","$$ref":"#/components/schemas/JobResultsFormat"}}},"description":"","$$ref":"#/components/responses/JobsResultsFormatResponseWrapper"},"404":{"content":{"application/json":{"schema":{"properties":{"errors":{"properties":{"en":{"example":"job not found","type":"string"}},"type":"object","$$ref":"#/components/schemas/En"},"results":{"type":"string"}},"type":"object","$$ref":"#/components/schemas/ErrorMsg404JobNotFound"}}},"description":"Error: Not Found","$$ref":"#/components/responses/ErrorMsg404JobNotFound"}},"security":[{"AuthorizationHeader":[]}],"summary":"Returns results of a particular query","tags":["Jobs"],"__originalOperationId":"idOfJobResult","method":"get","path":"/jobs/{jobid}/results"}}