Queries

REST API operations for saved and scheduled queries

Overview

The /queries REST API operations are in open beta starting with Panther version 1.101, and are available to all customers. Please share any bug reports and feature requests with your Panther support team.

Use these API operations to interact with Saved and Scheduled Searches in Panther.

To call the API, see the How to use the Panther REST API instructions—including directions for how to invoke it directly from this documentation page.

Queries managed via the API must be written in SQL; they cannot use PantherFlow.

Required permissions

For GET operations, your API token must have the Query Data Lake permission.
For POST, PUT, and DELETE operations, your API token must have the Manage Saved Searches permission.

Operations

create query

post

Authorizations

X-API-KeystringRequired

Body

descriptionstringOptional

The description of the query

namestringRequired

The name of the query

sqlstringRequired

The raw sql of the query

Responses

200

OK response.

application/json

createdAtstringOptional

descriptionstringOptional

The description of the query

idstringOptional

The generated ID of the query

managedbooleanOptional

Determines if the query is managed by panther

namestringOptional

The name of the query

sqlstringOptional

The raw sql of the query

updatedAtstringOptional

400

bad_request: Bad Request response.

application/json

409

exists: Conflict response.

application/json

post

/queries

POST /queries HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 127

{
  "description": "text",
  "name": "text",
  "schedule": {
    "cron": "text",
    "disabled": true,
    "rateMinutes": 1,
    "timeoutMinutes": 1
  },
  "sql": "text"
}

{
  "createdAt": "text",
  "description": "text",
  "id": "text",
  "managed": true,
  "name": "text",
  "schedule": {
    "cron": "text",
    "disabled": true,
    "rateMinutes": 1,
    "timeoutMinutes": 1
  },
  "sql": "text",
  "updatedAt": "text"
}

get query

get

Authorizations

X-API-KeystringRequired

Path parameters

idstringRequired

ID of the query to fetch

Responses

200

OK response.

application/json

createdAtstringOptional

descriptionstringOptional

The description of the query

idstringOptional

The generated ID of the query

managedbooleanOptional

Determines if the query is managed by panther

namestringOptional

The name of the query

sqlstringOptional

The raw sql of the query

updatedAtstringOptional

404

not_found: Not Found response.

application/json

get

/queries/{id}

GET /queries/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

{
  "createdAt": "text",
  "description": "text",
  "id": "text",
  "managed": true,
  "name": "text",
  "schedule": {
    "cron": "text",
    "disabled": true,
    "rateMinutes": 1,
    "timeoutMinutes": 1
  },
  "sql": "text",
  "updatedAt": "text"
}

update query

post

put creates or updates a query

Authorizations

X-API-KeystringRequired

Path parameters

idstringRequired

Body

descriptionstringOptional

The description of the query

namestringRequired

The name of the query

sqlstringRequired

The raw sql of the query

Responses

200

OK response.

application/json

createdAtstringOptional

descriptionstringOptional

The description of the query

idstringOptional

The generated ID of the query

managedbooleanOptional

Determines if the query is managed by panther

namestringOptional

The name of the query

sqlstringOptional

The raw sql of the query

updatedAtstringOptional

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

post

/queries/{id}

POST /queries/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 127

{
  "description": "text",
  "name": "text",
  "schedule": {
    "cron": "text",
    "disabled": true,
    "rateMinutes": 1,
    "timeoutMinutes": 1
  },
  "sql": "text"
}

{
  "createdAt": "text",
  "description": "text",
  "id": "text",
  "managed": true,
  "name": "text",
  "schedule": {
    "cron": "text",
    "disabled": true,
    "rateMinutes": 1,
    "timeoutMinutes": 1
  },
  "sql": "text",
  "updatedAt": "text"
}

delete query

delete

Authorizations

X-API-KeystringRequired

Path parameters

idstringRequired

ID of the query to delete

Responses

204

No Content response.

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

delete

/queries/{id}

DELETE /queries/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

No content

list queries

get

Authorizations

X-API-KeystringRequired

Query parameters

cursorstringOptional

the pagination token

limitinteger · int64Optional

the maximum results to return

Default: 100

Responses

200

OK response.

application/json

nextstringOptional

Pagination token for the next page of results

get

/queries

GET /queries HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

200

OK response.

{
  "next": "text",
  "results": [
    {
      "createdAt": "text",
      "description": "text",
      "id": "text",
      "managed": true,
      "name": "text",
      "schedule": {
        "cron": "text",
        "disabled": true,
        "rateMinutes": 1,
        "timeoutMinutes": 1
      },
      "sql": "text",
      "updatedAt": "text"
    }
  ]
}

PreviousLog Sources NextRules

Last updated 11 months ago

Was this helpful?

hashtagOverview

hashtagRequired permissions

hashtagOperations

hashtagcreate query

hashtagget query

hashtagupdate query

hashtagdelete query

hashtaglist queries

Overview

Required permissions

Operations

create query

get query

update query

delete query

list queries