Knowledge Base Community Release Notes Request Demo

Queries

REST API operations for saved and scheduled queries

Overview

The /queries REST API operations are in open beta starting with Panther version 1.101, and are available to all customers. Please share any bug reports and feature requests with your Panther support team.

Use these API operations to interact with Saved and Scheduled Searches in Panther.

To call the API, see the instructions—including .

Queries managed via the API must be written in SQL; they cannot use PantherFlow.

Required permissions

For GET operations, your API token must have the Query Data Lake permission.
For POST, PUT, and DELETE operations, your API token must have the Manage Saved Searches permission.

Operations

PreviousLog Sources NextRules

Last updated 2 months ago

Was this helpful?

#2402: Closed beta: AI Event Summaries

Change request updated 2 months ago

get query

get

Authorizations

Path parameters

idstringRequired

ID of the query to fetch

Responses

200

OK response.

application/json

404

not_found: Not Found response.

application/json

get

GET /queries/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

{
  "createdAt": "text",
  "description": "text",
  "id": "text",
  "managed": true,
  "name": "text",
  "schedule": {
    "cron": "text",
    "disabled": true,
    "rateMinutes": 1,
    "timeoutMinutes": 1
  },
  "sql": "text",
  "updatedAt": "text"
}

delete query

delete

Authorizations

Path parameters

idstringRequired

ID of the query to delete

Responses

204

No Content response.

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

delete

DELETE /queries/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

No content

list queries

get

Authorizations

Query parameters

cursorstringOptional

the pagination token

limitinteger · int64Optional

the maximum results to return

Default: 100

Responses

200

OK response.

application/json

get

GET /queries HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

200

OK response.

{
  "next": "text",
  "results": [
    {
      "createdAt": "text",
      "description": "text",
      "id": "text",
      "managed": true,
      "name": "text",
      "schedule": {
        "cron": "text",
        "disabled": true,
        "rateMinutes": 1,
        "timeoutMinutes": 1
      },
      "sql": "text",
      "updatedAt": "text"
    }
  ]
}

update query

post

put creates or updates a query

Authorizations

Path parameters

idstringRequired

Body

descriptionstringOptional

The description of the query

namestringRequired

The name of the query

sqlstringRequired

The raw sql of the query

Responses

200

OK response.

application/json

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

post

POST /queries/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 127

{
  "description": "text",
  "name": "text",
  "schedule": {
    "cron": "text",
    "disabled": true,
    "rateMinutes": 1,
    "timeoutMinutes": 1
  },
  "sql": "text"
}

{
  "createdAt": "text",
  "description": "text",
  "id": "text",
  "managed": true,
  "name": "text",
  "schedule": {
    "cron": "text",
    "disabled": true,
    "rateMinutes": 1,
    "timeoutMinutes": 1
  },
  "sql": "text",
  "updatedAt": "text"
}

create query

post

Authorizations

Body

descriptionstringOptional

The description of the query

namestringRequired

The name of the query

sqlstringRequired

The raw sql of the query

Responses

200

OK response.

application/json

400

bad_request: Bad Request response.

application/json

409

exists: Conflict response.

application/json

post

POST /queries HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 127

{
  "description": "text",
  "name": "text",
  "schedule": {
    "cron": "text",
    "disabled": true,
    "rateMinutes": 1,
    "timeoutMinutes": 1
  },
  "sql": "text"
}

{
  "createdAt": "text",
  "description": "text",
  "id": "text",
  "managed": true,
  "name": "text",
  "schedule": {
    "cron": "text",
    "disabled": true,
    "rateMinutes": 1,
    "timeoutMinutes": 1
  },
  "sql": "text",
  "updatedAt": "text"
}