PATCH Saved Query

PATCH Saved Query

Request used to update a given resource for a specified saved query

URL

https://REGION.rest.logs.insight.rapid7.com/query/saved_queries

REGION is the data center for your account - e.g. "us" or "eu"

Method

PATCH

Authentication

Owner or Read Write key is required.

URL Params

queryid=[UUID] Example Value: de305d54-75b4-431b-adb2-eb6b9e546014

Data Params

json
1
{
2
        "saved_query": {
3
            field: value
4
        }

Success Response

Code 200Content:

json
1
{
2
        "saved_query": {
3
            "id": "245ff892-ffed-4e99-9ee1-ab99fb20f2fc",
4
            "logs": [],
5
            "leql": {
6
                "during": {
7
                    "to": null,
8
                    "from": null,
9
                    "time_range": null
10
                },
11
                "statement": "where(foo=bar)"
12
            },
13
            "name": "MySearch"    
14
        }
15
    }

Error Response

• 404 if saved query is not found
• 400 if search name is invalid. Validation: 1-32 chars in length
• 400 if LEQL query is invalid. Validation: 1-1024 chars in length

Sample Call

python
1
import base64
2
import datetime
3
import hashlib
4
import hmac
5
import json
6
import requests
7
8
rw_key = "37885dd4-e870-4761-84bd-13622451ae5e"
9
query_id = "480281d0-c647-4af0-b02e-44b826b9f9a7"
10
body = {"saved_query": {"name": "new name"}}
11
uri = 'query/saved_queries/%s' % (query_id)
12
13
def patch_query():
14
    url = "https://us.rest.logs.insight.rapid7.com/" + uri
15
    headers = {
16
        'x-api-key': rw_key,
17
        "Content-Type": "application/json"
18
    }
19
    r = requests.patch(url, data=json.dumps(body, separators=(',', ':')), headers=headers)
20
    print r.status_code, r.content
21
22
def start():
23
    patch_query()
24
25
if __name__ == '__main__':
26
    start()

Notes