0 Replies Latest reply: Jun 20, 2017 5:30 AM by slaser RSS

Security Center REST API query syntax question

slaser Novice

I received previous help to get the following to work


request.uri.path = '/rest/pluginFamily/<pluginFamily>/plugins' + query


def query1 = '?fields=id,name,stigSeverity&endOffset=999999'

Now I would like to further filter my response so only vulnerabilities that have machines associated with them are returned.  I assume that is what "Active" means; however, my attempts to filter on "Active" still return all plugins in the plugin family.  I am open to suggestions on how to obtain the desired results.


I have tried using the following:


String query1 = '?fields=id,name,stigSeverity&endOffset=999999'

String query2 = '&filterField=type&op=like&value=active'
String query = query1 + query2

- all plugin family plugins are returned.

I also tried using the plugin syntax as follows:

request.uri.path='/rest/plugin' + query

def query1 = '?fields=id,name,stigSeverity&endOffset=999999'

def query2 = '&filterField=family&op=eq&value=<family id>, type&op=eq&value=active'

- no results returned

I tried several permutations of the above without getting the results I am desiring.  Any help/insight would be appreciated.

2nd question

I will also want to invoke the "since" filter.  Is there an explanation of what the "since" filter does?  For instance is this value when the plugin became "Active" or when it was initially added?