We would like to pull down a list of our endpoints that are associated with a specific User Defined Reporting Tag.
Red Canary API
You will need to use the Red Canary "List Endpoints" API query with the "filter_query" parameter.
The "List Endpoints" API query supports "Key":"Value" filtering for specific endpoint metadata. In this case we are querying for endpoints with a specific Reporting Tag.
For example, if you setup a User Defined Reporting Tag on your endpoints like the following:
The API query URL would need to be configured similar to the following:
This query will pull a full list of all endpoints with the associated Reporting Tag of "Example > 12345" with 100 endpoints listed per page.
NOTE: There is a 100 page limit for the "per_page" parameter and a 2 second rate limit per query on our database. If you do not stay within the allowed limits your query will fail with a 429 "Too Many Requests" error message. If you do experience this behavior you will need to include a time delay in your script, or you will simply need to wait the 2 seconds between queries.
Please sign in to leave a comment.