Get data from a lookup dataset according to the specified filter fields. All lookup entries matching any of the filter blocks are returned. To match a filter block, a lookup entry must match all the specified fields as if there were an AND
operator between them. If no filters are specified, return all lookup entries.
Note: The maximum number of entries returned is 10,000.
Required license: Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB
Authorization
String
required
authorization_example
x-xdr-auth-id
String
required
xXdrAuthId_example
requestObjectrequired
dataset_nameString
Name of the dataset to query.
filtersArray
Key-value pairs of fields to query in a dataset. A lookup entry must match all the specified fields as if there were an AND
operator between them.
You can use one or more fields, up to the number of fields in the schema.
limitInteger
The maximum number of results to return. If this is not specified, return all lookup entries that match the filter criteria.
{
"request": {
"dataset_name": "users",
"filters": [
{
"uid": "123",
"username": "john"
},
{
"department": "dev",
"zipcode": "58674"
}
],
"limit": 20
}
}
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
-H
'Authorization: authorization_example'
-H
'x-xdr-auth-id: xXdrAuthId_example'
'https://api-yourfqdn/public_api/v1/xql/lookups/get_data'
-d
''