Get InstaQuery

Request a specific InstaQuery resource belonging to a tenant.

Service endpoint

/instaqueries/v2{queryID}

Optional query string parameters

Example

https://protectapi.cylance.com/instaqueries/v2/AF593F38EDC1B743BDC0A6FCC53A03CE

Method

HTTP/1.1 GET

Request headers
  • Accept: application/json
  • Authorization: Bearer JWT Token returned by Auth API with the opticssurvey:read scope encoded

Request

None

Response

Please see the Response status codes for more information.

Response JSON schema

Field Name Description

name

This is the name of the InstaQuery.

description

This is the description of the InstaQuery.

artifact

This is the type of artifact to search. Possible values are "File", "Process", "NetworkConnection", and "RegistryKey".

match_value_type

This is the type of value (also known as a facet) to search. Possible values are dependent on the selected artifact type. Valid selections for each are as follows:

  • File
    • Path
    • MD5
    • SHA256
    • Owner
    • CreationDateTime
  • Process
    • Name
    • CommandLine
    • PrimaryImagePath
    • PrimaryImageMd5
    • StartDateTime
  • NetworkConnection
    • DestAddr
    • DestPort
  • RegistryKey
    • ProcessName
    • ProcessPrimaryImagePath
    • ValueName
    • FilePath
    • FileMd5
    • IsPersistencePoint

match_values

This is a list of strings to be matched against for the InstaQuery.

case_sensitive

This determines whether to consider case sensitivity when matching values.

match_type
This determines whether or not to use an exact or "fuzzy" match. The default behavior of InstaQuery is to use a "fuzzy" match. Possible values are:
  • Fuzzy
  • Exact

zones

This is a list of zone IDs to perform the InstaQuery against.

filters

This is a list of filters when performing the InstaQuery.

aspect

This is the aspect (or type) of filters (for example, "OS").

value

This is the value to filter for (for example, "Windows").

relations

This is a list of objects (for example, Focus View URLs) that are related to the InstaQuery. This is similar to the "Pivot Query" functionality in the Console.

object

This is the URL of the focus view that the InstaQuery relates to.

relationship

This is how the InstaQuery relates to the URL. This should almost always be "originated-from".

id

This is the unique identifier of the created InstaQuery.

archived

This is the timestamp of when the InstaQuery was archived.

results_available

This determines if the InstaQuery has returned any results.

created_at

This is the date and time that the InstaQuery was created.

progress

This is the progress of the InstaQuery.