Would it be possible to get detections by their status? I am referring to being able to GET against the
/openapi/v3/detectionsendpoint. Currently there is only 1 query parameter which is
since, so I was wondering if we can do it by
status just like we can do with the search functionality in the UI.
Red Canary API v3
You cannot fetch detections by their status through a query parameter. You would have to pull all detections from
/openapi/v3/detections and then filter on
You can in fact enumerate the detections you pull back and index on
last_remediated_status, which in turn, captures the following attributes:
- remediation state
- marked by
The tricky part is that you won't see the
last_remediated_status attribute at all for a returned data object that hasn't been remediated, which makes logical sense, but something to be aware of if writing a loop over the detections to look for certain attributes.
Other endpoints, such as
/openapi/v3/endpoints have a "q" parameter which allows passing the same searches as used in the Red Canary GUI as a string. As we work to update all forms to the new react component in the future, the
/openapi/v3/detectionsendpoint will also have this parameter available.