Knowledge BaseCommunityRelease NotesRequest Demo

Queries

REST API operations for saved and scheduled queries

Overview

The /queries REST API operations are in open beta starting with Panther version 1.101, and are available to all customers. Please share any bug reports and feature requests with your Panther support team.

Use these API operations to interact with Saved and Scheduled Searches in Panther.

To call the API, see the How to use the Panther REST API instructions—including directions for how to invoke it directly from this documentation page.

Queries managed via the API must be written in SQL; they cannot use PantherFlow.

Required permissions

  • For GET operations, your API token must have the Query Data Lake permission.

  • For POST, PUT, and DELETE operations, your API token must have the Manage Saved Searches permission.

Operations

create query

post
Authorizations
Body
descriptionstringOptional

The description of the query

namestringRequired

The name of the query

sqlstringRequired

The raw sql of the query

Responses
200

OK response.

application/json
post
POST /queries HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 127

{
  "description": "text",
  "name": "text",
  "schedule": {
    "cron": "text",
    "disabled": true,
    "rateMinutes": 1,
    "timeoutMinutes": 1
  },
  "sql": "text"
}
{
  "createdAt": "text",
  "description": "text",
  "id": "text",
  "managed": true,
  "name": "text",
  "schedule": {
    "cron": "text",
    "disabled": true,
    "rateMinutes": 1,
    "timeoutMinutes": 1
  },
  "sql": "text",
  "updatedAt": "text"
}

get query

get
Authorizations
Path parameters
idstringRequired

ID of the query to fetch

Responses
200

OK response.

application/json
get
GET /queries/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

{
  "createdAt": "text",
  "description": "text",
  "id": "text",
  "managed": true,
  "name": "text",
  "schedule": {
    "cron": "text",
    "disabled": true,
    "rateMinutes": 1,
    "timeoutMinutes": 1
  },
  "sql": "text",
  "updatedAt": "text"
}

update query

post

put creates or updates a query

Authorizations
Path parameters
idstringRequired
Body
descriptionstringOptional

The description of the query

namestringRequired

The name of the query

sqlstringRequired

The raw sql of the query

Responses
200

OK response.

application/json
post
POST /queries/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 127

{
  "description": "text",
  "name": "text",
  "schedule": {
    "cron": "text",
    "disabled": true,
    "rateMinutes": 1,
    "timeoutMinutes": 1
  },
  "sql": "text"
}
{
  "createdAt": "text",
  "description": "text",
  "id": "text",
  "managed": true,
  "name": "text",
  "schedule": {
    "cron": "text",
    "disabled": true,
    "rateMinutes": 1,
    "timeoutMinutes": 1
  },
  "sql": "text",
  "updatedAt": "text"
}

delete query

delete
Authorizations
Path parameters
idstringRequired

ID of the query to delete

Responses
204

No Content response.

delete
DELETE /queries/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

No content

list queries

get
Authorizations
Query parameters
cursorstringOptional

the pagination token

limitinteger · int64Optional

the maximum results to return

Default: 100
Responses
200

OK response.

application/json
get
GET /queries HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*
200

OK response.

{
  "next": "text",
  "results": [
    {
      "createdAt": "text",
      "description": "text",
      "id": "text",
      "managed": true,
      "name": "text",
      "schedule": {
        "cron": "text",
        "disabled": true,
        "rateMinutes": 1,
        "timeoutMinutes": 1
      },
      "sql": "text",
      "updatedAt": "text"
    }
  ]
}
PreviousLog SourcesNextRules

Last updated

Was this helpful?

#2402: Closed beta: AI Event Summaries

Change request updated