Get dashboards

Cortex XSIAM Platform APIs
post /public_api/v1/dashboards/get

Get dashboard details by filtering based on the dashboard name, dashboard ID, time the dashboard was generated, or dashboard source.

You must have Instance Administrator permissions to run this endpoint.

Request headers
Authorization String required

{api_key}
Example: authorization_example
x-xdr-auth-id String required

{api_key_id}
Example: xXdrAuthId_example
CLIENT REQUEST
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'Authorization: authorization_example' -H 'x-xdr-auth-id: xXdrAuthId_example'
'https://api-yourfqdn/public_api/v1/dashboards/get'
-d ''
import http.client conn = http.client.HTTPSConnection("api-yourfqdn") payload = "{\"request_data\":{\"filters\":[{\"field\":\"dashboard_id\",\"operator\":\"EQ\",\"value\":\"string\"}]}}" headers = { 'Authorization': "SOME_STRING_VALUE", 'x-xdr-auth-id': "SOME_STRING_VALUE", 'content-type': "application/json" } conn.request("POST", "/public_api/v1/dashboards/get", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-yourfqdn/public_api/v1/dashboards/get") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["Authorization"] = 'SOME_STRING_VALUE' request["x-xdr-auth-id"] = 'SOME_STRING_VALUE' request["content-type"] = 'application/json' request.body = "{\"request_data\":{\"filters\":[{\"field\":\"dashboard_id\",\"operator\":\"EQ\",\"value\":\"string\"}]}}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "request_data": { "filters": [ { "field": "dashboard_id", "operator": "EQ", "value": "string" } ] } }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-yourfqdn/public_api/v1/dashboards/get"); xhr.setRequestHeader("Authorization", "SOME_STRING_VALUE"); xhr.setRequestHeader("x-xdr-auth-id", "SOME_STRING_VALUE"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/dashboards/get") .header("Authorization", "SOME_STRING_VALUE") .header("x-xdr-auth-id", "SOME_STRING_VALUE") .header("content-type", "application/json") .body("{\"request_data\":{\"filters\":[{\"field\":\"dashboard_id\",\"operator\":\"EQ\",\"value\":\"string\"}]}}") .asString();
import Foundation let headers = [ "Authorization": "SOME_STRING_VALUE", "x-xdr-auth-id": "SOME_STRING_VALUE", "content-type": "application/json" ] let parameters = ["request_data": ["filters": [ [ "field": "dashboard_id", "operator": "EQ", "value": "string" ] ]]] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/dashboards/get")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-yourfqdn/public_api/v1/dashboards/get", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"request_data\":{\"filters\":[{\"field\":\"dashboard_id\",\"operator\":\"EQ\",\"value\":\"string\"}]}}", CURLOPT_HTTPHEADER => [ "Authorization: SOME_STRING_VALUE", "content-type: application/json", "x-xdr-auth-id: SOME_STRING_VALUE" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/dashboards/get"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Authorization: SOME_STRING_VALUE"); headers = curl_slist_append(headers, "x-xdr-auth-id: SOME_STRING_VALUE"); headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"filters\":[{\"field\":\"dashboard_id\",\"operator\":\"EQ\",\"value\":\"string\"}]}}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-yourfqdn/public_api/v1/dashboards/get"); var request = new RestRequest(Method.POST); request.AddHeader("Authorization", "SOME_STRING_VALUE"); request.AddHeader("x-xdr-auth-id", "SOME_STRING_VALUE"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"request_data\":{\"filters\":[{\"field\":\"dashboard_id\",\"operator\":\"EQ\",\"value\":\"string\"}]}}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Body parameters
application/json
request_dataobjectrequired
filtersarray

An array of filter fields.

[
fieldobject (Enum)

Identifies the dashboard field the filter is matching. Filters are based on the following keywords:

  • dashboard_id: Dashboard ID.
  • name: Dashboard name.
  • time_generated: Time the dashboard was generated in epoch milliseconds.
  • source: Dashboard source.
Allowed values:"dashboard_id""name""time_generated""source"
operatorobject (Enum)

Identifies the comparison operator you want to use for this filter. Valid keywords are: EQ / NEQ

  • dashboard_id: Integer
  • name: String
  • source: String

IN

  • dashboard_id: List of integers
  • name: List of strings
  • source: List of strings

gte / lte

  • time_generated: Integer representing the time the dashboard was generated in epoch milliseconds.
  • dashboard_id: Integer representing the dashboard ID
Allowed values:"EQ""NEQ""IN""GTE""LTE"
valuestring or integer or array

Value that this filter must match. The contents of this field will differ depending on the dashboard field that you specified for this filter:

  • name, source: String or list of strings.
  • time_generated: Integer.
  • dashboard_id: Integer or list of integers.
]
REQUEST
{ "request_data": { "filters": [ { "field": "name", "value": "Incident by Severity", "operator": "EQ" }, { "field": "source", "value": "John Doe", "operator": "EQ" } ] } }
Responses

OK

Body
application/json
objects_countinteger
objectsarray
[
dashboards_dataarray
[
namestring
descriptionstring
statusstring
layoutarray
[
idstring
dataarray
[
keystring
dataobject
typestring
widthnumber
heightinteger
time_frameobject
relativeTimeinteger
alerts_or_incidentsstring
paramsarray
[
namestring
valuestring
]
phrasestring
viewOptionsobject
typestring
commandsarray
[
commandobject
opstring
namestring
valuestring
]
]
]
default_dashboard_idinteger
global_idstring
metadataobject
paramsarray
[
]
]
widgets_dataarray
[
widget_keystring
titlestring
creation_timeinteger
descriptionstring
dataobject
paramsarray
[
namestring
valuestring
]
phrasestring
time_frameobject
relativeTimeinteger
viewOptionsobject
typestring
commandsarray
[
commandobject
opstring
namestring
valuestring
]
support_time_rangeboolean
additional_infoobject
query_tablesarray[string]
query_uses_libraryboolean
creator_mailstring
]
]
objects_typestring
RESPONSE
{ "objects_count": 2, "objects": [ { "dashboards_data": [ { "name": "John Doe", "description": null, "status": "ENABLED", "layout": [ { "id": "row-9847", "data": [ { "key": "FAKE_KEY", "data": { "type": "Pie", "width": 5435435, "height": 451 } }, { "key": "incidentsByAssignment", "data": { "type": "Bar", "width": 33.333333333333336, "height": 451 } }, { "key": "incidentsHistory", "data": { "type": "Timeline", "width": 33.333333333333336, "height": 451, "time_frame": { "relativeTime": 86400000 }, "alerts_or_incidents": "incident" } } ] }, { "id": "row-2618", "data": [ { "key": "xql_1683289526210", "data": { "type": "Custom XQL", "width": 33.333333333333336, "height": 11111, "params": [ { "name": "name", "value": "orik" } ], "phrase": "dataset = drilldown | filter name = $name\n| view graph type = gauge subtype = radial header = \"User Score\" yaxis = score maxscalerange = 100 headerfontsize = 25 ", "time_frame": { "relativeTime": 86400000 }, "viewOptions": { "type": "gauge", "commands": [ { "command": { "op": "=", "name": "subtype", "value": "radial" } }, { "command": { "op": "=", "name": "header", "value": "\"User Score\"" } }, { "command": { "op": "=", "name": "yaxis", "value": "score" } }, { "command": { "op": "=", "name": "maxscalerange", "value": "100" } }, { "command": { "op": "=", "name": "headerfontsize", "value": "25" } } ] } } }, { "key": "topIncidentsByAlertSeverity", "data": { "type": "Table", "width": 33.333333333333336, "height": 408 } }, { "key": "hostsBySeverity", "data": { "type": "Table", "width": 33.333333333333336, "height": 408 } } ] } ], "default_dashboard_id": 132131, "global_id": "47052a2b17db4d799c4c5da38d203600", "metadata": { "params": [] } } ], "widgets_data": [ { "widget_key": "xql_1683289526210", "title": "Drilldown | User Score", "creation_time": 1687877496472, "description": "", "data": { "params": [ { "name": "name", "value": "orik" } ], "phrase": "dataset = drilldown | filter name = $name\n| view graph type = gauge subtype = radial header = \"User Score\" yaxis = score maxscalerange = 100 headerfontsize = 25 ", "time_frame": { "relativeTime": 86400000 }, "viewOptions": { "type": "gauge", "commands": [ { "command": { "op": "=", "name": "subtype", "value": "radial" } }, { "command": { "op": "=", "name": "header", "value": "\"User Score\"" } }, { "command": { "op": "=", "name": "yaxis", "value": "score" } }, { "command": { "op": "=", "name": "maxscalerange", "value": "100" } }, { "command": { "op": "=", "name": "headerfontsize", "value": "25" } } ] } }, "support_time_range": true, "additional_info": { "query_tables": [ "drilldown" ], "query_uses_library": false }, "creator_mail": "user@company.com" } ] }, { "dashboards_data": [ { "name": "John Doe", "description": null, "status": "ENABLED", "layout": [ { "id": "row-9847", "data": [ { "key": "FAKE_KEY", "data": { "type": "Pie", "width": 5435435, "height": 451 } }, { "key": "incidentsByAssignment", "data": { "type": "Bar", "width": 33.333333333333336, "height": 451 } }, { "key": "incidentsHistory", "data": { "type": "Timeline", "width": 33.333333333333336, "height": 451, "time_frame": { "relativeTime": 86400000 }, "alerts_or_incidents": "incident" } } ] }, { "id": "row-2618", "data": [ { "key": "xql_1683289526210", "data": { "type": "Custom XQL", "width": 33.333333333333336, "height": 11111, "params": [ { "name": "name", "value": "orik" } ], "phrase": "dataset = drilldown | filter name = $name\n| view graph type = gauge subtype = radial header = \"User Score\" yaxis = score maxscalerange = 100 headerfontsize = 25 ", "time_frame": { "relativeTime": 86400000 }, "viewOptions": { "type": "gauge", "commands": [ { "command": { "op": "=", "name": "subtype", "value": "radial" } }, { "command": { "op": "=", "name": "header", "value": "\"User Score\"" } }, { "command": { "op": "=", "name": "yaxis", "value": "score" } }, { "command": { "op": "=", "name": "maxscalerange", "value": "100" } }, { "command": { "op": "=", "name": "headerfontsize", "value": "25" } } ] } } }, { "key": "topIncidentsByAlertSeverity", "data": { "type": "Table", "width": 33.333333333333336, "height": 408 } }, { "key": "hostsBySeverity", "data": { "type": "Table", "width": 33.333333333333336, "height": 408 } } ] } ], "default_dashboard_id": 132131, "global_id": "27f78777b427452eb54974d3c14bf67a", "metadata": { "params": [] } } ], "widgets_data": [ { "widget_key": "xql_1683289526210", "title": "Drilldown | User Score", "creation_time": 1687877496472, "description": "", "data": { "params": [ { "name": "name", "value": "orik" } ], "phrase": "dataset = drilldown | filter name = $name\n| view graph type = gauge subtype = radial header = \"User Score\" yaxis = score maxscalerange = 100 headerfontsize = 25 ", "time_frame": { "relativeTime": 86400000 }, "viewOptions": { "type": "gauge", "commands": [ { "command": { "op": "=", "name": "subtype", "value": "radial" } }, { "command": { "op": "=", "name": "header", "value": "\"User Score\"" } }, { "command": { "op": "=", "name": "yaxis", "value": "score" } }, { "command": { "op": "=", "name": "maxscalerange", "value": "100" } }, { "command": { "op": "=", "name": "headerfontsize", "value": "25" } } ] } }, "support_time_range": true, "additional_info": { "query_tables": [ "drilldown" ], "query_uses_library": false }, "creator_mail": "user@company.com" } ] } ], "objects_type": "dashboards" }

Invalid field or operator.

Body
application/json

The query result upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extrastring

Additional information describing the error.

RESPONSE
{ "err_code": "example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "example" }