POST Saved Query

POST Team


Request used to create a new Saved Query

URL

https://REGION.rest.logs.insight.rapid7.com/query/saved_queries

REGION is the data center for your account - e.g. "us" or "eu"

Method

POST

Authentication

Owner or Read Write key is required.

URL Params

None

Data Params

json
1
{
2
"saved_query": {
3
"logs": [],
4
"leql": {
5
"during": {
6
"to": null,
7
"from": null,
8
"time_range": null
9
},
10
"statement": "where(foo=bar)"
11
},
12
"name": "MySearch"
13
}
14
}
ParamAboutRequiredExample
NameThe Name of the Saved SearchTrue"MySearch"
logsArray of log keysOptional["f9c6e2c1-ac7a-4a29-8faa-a8d70f96df71"]
statementa valid LEQL queryTruewhere(foo=bar)
fromlower bound of the time range you want to query against; UNIX timestamp in millisecondsOptional1450557604000
tolower bound of the time range you want to query against; UNIX timestamp in millisecondsOptional1460557604000
time_rangeTime RangeOptional"Last 4 Days"

Success Response

Code 201Content:

json
1
{
2
"saved_query": {
3
"id": "",
4
"logs": [],
5
"leql": {
6
"during": {
7
"to": null,
8
"from": null,
9
"time_range": null
10
},
11
"statement": "where(foo=bar)"
12
},
13
"name": "MySearch"
14
}
15
}

Error Response

  • 400 if search name is invalid. Validation: 1-32 chars in length
  • 400 if LEQL query is invalid. Validation: 1-1024 chars in length

Sample Call

python
1
import base64
2
import datetime
3
import hashlib
4
import hmac
5
import json
6
import requests
7
8
rw_key = "37885dd4-e870-4761-84bd-13622451ae5e"
9
uri = 'query/saved_queries'
10
body = {
11
"saved_query": {
12
"logs": [],
13
"leql": {
14
"during": {
15
"to": null,
16
"from": null,
17
"time_range": null
18
},
19
"statement": "where(foo=bar)"
20
},
21
"name": "MySearch"
22
}
23
}
24
25
def create_query():
26
url = "https://us.rest.logs.insight.rapid7.com/" + uri
27
headers = {
28
'x-api-key': rw_key,
29
"Content-Type": "application/json"
30
}
31
r = requests.post(url, data=json.dumps(body, separators=(',', ':')), headers=headers)
32
print r.status_code, r.content
33
34
35
def start():
36
create_query()
37
38
if __name__ == '__main__':
39
start()

Notes