Queries
REST API operations for saved and scheduled queries
Overview
Use these API operations to interact with Saved and Scheduled Searches in Panther.
To call the API, see the How to use the Panther REST API instructions—including directions for how to invoke it directly from this documentation page.
Queries managed via the API must be written in SQL; they cannot use PantherFlow.
Required permissions
For
GET
operations, your API token must have theQuery Data Lake
permission.For
POST
,PUT
, andDELETE
operations, your API token must have theManage Saved Searches
permission.
Operations
The description of the query
The name of the query
The raw sql of the query
POST /queries HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 127
{
"description": "text",
"name": "text",
"schedule": {
"cron": "text",
"disabled": true,
"rateMinutes": 1,
"timeoutMinutes": 1
},
"sql": "text"
}
{
"createdAt": "text",
"description": "text",
"id": "text",
"managed": true,
"name": "text",
"schedule": {
"cron": "text",
"disabled": true,
"rateMinutes": 1,
"timeoutMinutes": 1
},
"sql": "text",
"updatedAt": "text"
}
ID of the query to fetch
GET /queries/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*
{
"createdAt": "text",
"description": "text",
"id": "text",
"managed": true,
"name": "text",
"schedule": {
"cron": "text",
"disabled": true,
"rateMinutes": 1,
"timeoutMinutes": 1
},
"sql": "text",
"updatedAt": "text"
}
put creates or updates a query
The description of the query
The name of the query
The raw sql of the query
POST /queries/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 127
{
"description": "text",
"name": "text",
"schedule": {
"cron": "text",
"disabled": true,
"rateMinutes": 1,
"timeoutMinutes": 1
},
"sql": "text"
}
{
"createdAt": "text",
"description": "text",
"id": "text",
"managed": true,
"name": "text",
"schedule": {
"cron": "text",
"disabled": true,
"rateMinutes": 1,
"timeoutMinutes": 1
},
"sql": "text",
"updatedAt": "text"
}
ID of the query to delete
DELETE /queries/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*
No content
the pagination token
the maximum results to return
100
GET /queries HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*
OK response.
{
"next": "text",
"results": [
{
"createdAt": "text",
"description": "text",
"id": "text",
"managed": true,
"name": "text",
"schedule": {
"cron": "text",
"disabled": true,
"rateMinutes": 1,
"timeoutMinutes": 1
},
"sql": "text",
"updatedAt": "text"
}
]
}
Last updated
Was this helpful?