GET /siem/offense_saved_search_dependent_tasks/{task_id}/results

Retrieves the offense saved search dependent task results.

Retrieves the offense saved search dependent task results.

Table 1. GET /siem/offense_saved_search_dependent_tasks/{task_id}/results resource details
MIME Type

application/json

Table 2. GET /siem/offense_saved_search_dependent_tasks/{task_id}/results request parameter details
Parameter Type Optionality Data Type MIME Type Description

task_id

path

Required

Number (Integer)

text/plain

null

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Table 3. GET /siem/offense_saved_search_dependent_tasks/{task_id}/results response codes
HTTP Response Code Unique Code Description

200

The offense saved search dependents were retrieved

404

1002

The dependent task status does not exist.

500

1020

An error occurred during the attempt to retrieve the offense saved searches.

Response Description

An list of Dependent objects. A Dependent object contains the following fields:
  • dependent_id - String - The ID of the dependent resource.
  • dependent_name - String - The name of the dependent resource (default resources can have localized names).
  • dependent_owner - String - The owner of the dependent resource
  • dependent_type - String - The type of the dependent resource
  • dependent_database - String - The database of the dependent resource.
  • dependent_group_ids - Array of Longs - List of groups that the dependent resource belongs to.
  • user_has_edit_permissions - Boolean - True if the user who created the task has permission to edit this dependent resource.

Response Sample


[
    {
        "blocking": true,
        "dependent_database": "String <one of: EVENTS, FLOWS>",
        "dependent_group_ids": [
            42
        ],
        "dependent_id": "String",
        "dependent_name": "String",
        "dependent_owner": "String",
        "dependent_type": "String <one of: APP, NAMED_SERVICE, ARIEL_SAVED_SEARCH, ASSET_SAVED_SEARCH, OFFENSE_SAVED_SEARCH, VULNERABILITY_SAVED_SEARCH, QRM_SAVED_SEARCH_GROUP, ASSET_SAVED_SEARCH_GROUP, CUSTOM_RULE_GROUP, EVENT_ARIEL_SAVED_SEARCH_GROUP, FLOW_ARIEL_SAVED_SEARCH_GROUP, LOG_SOURCE_GROUP, MODEL_GROUP, OFFENSE_SAVED_SEARCH_GROUP, QUESTION_GROUP, REPORT_GROUP, SIMULATION_GROUP, TOPOLOGY_SAVED_SEARCH_GROUP, VULNERABILITY_SAVED_SEARCH_GROUP, ASSIGNED_OFFENSE, ASSIGNED_VULNERABILITY, AUTHORIZED_SERVICE, BUILDING_BLOCK, CRE_RULE, CRE_ADE_RULE, EVENT_REGEX_PROPERTY, EVENT_REGEX_PROPERTY_DEPENDENCY, EVENT_REGEX_PROPERTY_DISABLING_DEPENDENCY, EVENT_REGEX_PROPERTY_CHANGE_FIELD_TYPE_DEPENDENCY, EVENT_CALCULATED_PROPERTY_CHANGE_FIELD_TYPE_DEPENDENCY, EVENT_AQL_PROPERTY_DISABLING_DEPENDENCY, EVENT_CALCULATED_PROPERTY_DISABLING_DEPENDENCY, EVENT_CALCULATED_PROPERTY, FLOW_REGEX_PROPERTY, FLOW_REGEX_PROPERTY_DEPENDENCY, FLOW_REGEX_PROPERTY_DISABLING_DEPENDENCY, FLOW_REGEX_PROPERTY_CHANGE_FIELD_TYPE_DEPENDENCY, FLOW_AQL_PROPERTY_DISABLING_DEPENDENCY, FLOW_CALCULATED_PROPERTY_DISABLING_DEPENDENCY, FLOW_CALCULATED_PROPERTY_CHANGE_FIELD_TYPE_DEPENDENCY, FLOW_CALCULATED_PROPERTY, DASHBOARD, GV_REFERENCE, REPORT, REFERENCE_DATA, REFERENCE_DATA_MAP_OF_SETS, REFERENCE_DATA_MAPS, REFERENCE_DATA_SETS, REFERENCE_DATA_TABLES, REFERENCE_DATA_RESPONSE, REFERENCE_SET_RESPONSE, REFERENCE_DATA_KEY, REFERENCE_DATA_ELEMENT, EVENT_RETENTION_BUCKET, FLOW_RETENTION_BUCKET, ROUTING_RULE, STORE_AND_FORWARD_POLICY, USER, HISTORICAL_PROFILE, OFFENSE, EVENT_AQL_PROPERTY, FLOW_AQL_PROPERTY, OFFENSE_TYPE, SECURITY_PROFILE, ARIEL_INDEX, DOMAIN_MAPPING, FORWARDING_PROFILE, REGEX_EXPRESSION, JSON_EXPRESSION, LEEF_EXPRESSION, CEF_EXPRESSION, GENERICLIST_EXPRESSION, NAMEVALUEPAIR_EXPRESSION, XML_EXPRESSION>",
        "user_has_edit_permissions": true
    }
]