Manage a Search Query

POST 
/search/history/:id

Allows you to manage a search query (save a search query to the Saved Searches list under the specified ID, convert a recent search to a saved search, update an existing search). For details on how to manage a saved search, see Manage Saved Search

Required parameters include the search ID, the RQL query, the flag that marks this search as saved, and a unique name for the saved search. A best practice is to copy data from the results of a search history, update the data as necessary, and set the saved parameter to true.

This API requires Prisma Cloud system administrator role access if you don't own the search with the given search ID.

Request

Path Parameters

id stringrequired

Search ID

application/json

Body

required

cloudType string

Possible values: [aws, azure, gcp, alibaba_cloud, oci]

Cloud Type

default boolean
description string

Search Description

id string

Search ID

name string

Search Name

query stringrequired

RQL Query

saved boolean

Search Exists

timeRange objectrequired

See the Time Range Model for details.

oneOf

RelativeTimeRangeConfigModel

relativeTimeType string

Possible values: [BACKWARD, FORWARD]

Direction in which to count time. Default = BACKWARD

type string

value objectrequired

Model for RelativeTimeDuration

amount int32

Number of time units

unit string

Possible values: [minute, hour, day, week, month, year]

Time unit

AbsoluteTimeRangeConfigModel

type string

value objectrequired

Model for Time

endTime int64

End timestamp

startTime int64

Start timestamp

ToNowTimeRangeConfigModel

value string

Possible values: [MINUTE, HOUR, DAY, WEEK, MONTH, YEAR, EPOCH, LOGIN]

Time range object

type stringrequired

Possible values: [absolute, relative, to_now]

Time type

absolute

type string

value objectrequired

Model for Time

endTime int64

End timestamp

startTime int64

Start timestamp

relative

relativeTimeType string

Possible values: [BACKWARD, FORWARD]

Direction in which to count time. Default = BACKWARD

type string

value objectrequired

Model for RelativeTimeDuration

amount int32

Number of time units

unit string

Possible values: [minute, hour, day, week, month, year]

Time unit

to_now

value string

Possible values: [MINUTE, HOUR, DAY, WEEK, MONTH, YEAR, EPOCH, LOGIN]

Time range object

Responses

200

successful operation

application/json; charset=UTF-8

Schema

Schema

alertId string

Alert ID

async boolean

true = Is Async

asyncResultUrl string

Async Result Url

cloudType string

Possible values: [aws, azure, gcp, alibaba_cloud, oci]

Cloud Type

cursor int32

Cursor

data object

alertId string

Alert ID

async boolean

true = Is Async

asyncResultUrl string

Async Result Url

cloudType string

Possible values: [aws, azure, gcp, alibaba_cloud, oci]

Cloud Type

cursor int32

Cursor

default boolean

description string

Search Description

filters object[]

View Order

Array [

name string

Name

operator string

Possible values: [=]

Operator

value string

Value

]

groupBy string[]

Group By

id string

Search ID

name string

Search Name

query stringrequired

RQL Query

readOnly boolean

Read Only

saved boolean

Search Exists

searchType string

Possible values: [network, audit_event, config, asset]

Search Type

timeGranularity string

Time Granularity

timeRange objectrequired

See the Time Range Model for details.

oneOf

RelativeTimeRangeConfigModel

relativeTimeType string

Possible values: [BACKWARD, FORWARD]

Direction in which to count time. Default = BACKWARD

type string

value objectrequired

Model for RelativeTimeDuration

amount int32

Number of time units

unit string

Possible values: [minute, hour, day, week, month, year]

Time unit

AbsoluteTimeRangeConfigModel

type string

value objectrequired

Model for Time

endTime int64

End timestamp

startTime int64

Start timestamp

ToNowTimeRangeConfigModel

value string

Possible values: [MINUTE, HOUR, DAY, WEEK, MONTH, YEAR, EPOCH, LOGIN]

Time range object

type stringrequired

Possible values: [absolute, relative, to_now]

Time type

absolute

type string

value objectrequired

Model for Time

endTime int64

End timestamp

startTime int64

Start timestamp

relative

relativeTimeType string

Possible values: [BACKWARD, FORWARD]

Direction in which to count time. Default = BACKWARD

type string

value objectrequired

Model for RelativeTimeDuration

amount int32

Number of time units

unit string

Possible values: [minute, hour, day, week, month, year]

Time unit

to_now

value string

Possible values: [MINUTE, HOUR, DAY, WEEK, MONTH, YEAR, EPOCH, LOGIN]

Time range object

default boolean
description string

Search Description

filters object[]
View Order
Array [
name string
Name
operator string
Possible values: [=]
Operator
value string
Value
]
groupBy string[]

Group By

id string

Search ID

name string

Search Name

query stringrequired

RQL Query

readOnly boolean

Read Only

saved boolean

Search Exists

searchType string

Possible values: [network, audit_event, config, asset]

Search Type

timeGranularity string

Time Granularity

timeRange objectrequired

See the Time Range Model for details.

oneOf

RelativeTimeRangeConfigModel

relativeTimeType string

Possible values: [BACKWARD, FORWARD]

Direction in which to count time. Default = BACKWARD

type string

value objectrequired

Model for RelativeTimeDuration

amount int32

Number of time units

unit string

Possible values: [minute, hour, day, week, month, year]

Time unit

AbsoluteTimeRangeConfigModel

type string

value objectrequired

Model for Time

endTime int64

End timestamp

startTime int64

Start timestamp

ToNowTimeRangeConfigModel

value string

Possible values: [MINUTE, HOUR, DAY, WEEK, MONTH, YEAR, EPOCH, LOGIN]

Time range object

type stringrequired

Possible values: [absolute, relative, to_now]

Time type

absolute

type string

value objectrequired

Model for Time

endTime int64

End timestamp

startTime int64

Start timestamp

relative

relativeTimeType string

Possible values: [BACKWARD, FORWARD]

Direction in which to count time. Default = BACKWARD

type string

value objectrequired

Model for RelativeTimeDuration

amount int32

Number of time units

unit string

Possible values: [minute, hour, day, week, month, year]

Time unit

to_now

value string

Possible values: [MINUTE, HOUR, DAY, WEEK, MONTH, YEAR, EPOCH, LOGIN]

Time range object

Example (from schema)

{
  "alertId": "string",
  "async": true,
  "asyncResultUrl": "/search/config/jobs/2df49d4f72e842b582b123bc2b7826b3/download",
  "cloudType": "aws",
  "cursor": 0,
  "data": {
    "alertId": "string",
    "async": true,
    "asyncResultUrl": "/search/config/jobs/2df49d4f72e842b582b123bc2b7826b3/download",
    "cloudType": "aws",
    "cursor": 0,
    "default": true,
    "description": "string",
    "filters": [
      {
        "name": "string",
        "operator": "=",
        "value": "string"
      }
    ],
    "groupBy": [
      "string"
    ],
    "id": "string",
    "name": "string",
    "query": "string",
    "readOnly": true,
    "saved": true,
    "searchType": "network",
    "timeGranularity": "string",
    "timeRange": {
      "relativeTimeType": "BACKWARD",
      "type": "relative",
      "value": {
        "amount": 0,
        "unit": "minute"
      }
    }
  },
  "default": true,
  "description": "string",
  "filters": [
    {
      "name": "string",
      "operator": "=",
      "value": "string"
    }
  ],
  "groupBy": [
    "string"
  ],
  "id": "string",
  "name": "string",
  "query": "string",
  "readOnly": true,
  "saved": true,
  "searchType": "network",
  "timeGranularity": "string",
  "timeRange": {
    "relativeTimeType": "BACKWARD",
    "type": "relative",
    "value": {
      "amount": 0,
      "unit": "minute"
    }
  }
}

400

bad_request / unsupported_search_query / duplicate_search_name

403

cannot_update_default_saved_search / not_owner_or_same_role

404

not_found

Loading...