Skip to main content

Filtering responses

Many endpoints in the SixMap API support filtering, allowing you to narrow results based on specific criteria.

Applying Filters to Endpoints

To filter the results from a specific API endpoint, you append query parameters to the endpoint's URL. These parameters typically follow the pattern of fieldName.operator=value. For example, to filter results where the ipAddress is exactly equal to 192.168.1.1, you would use the query parameter ipAddress.eq=192.168.1.1.

You can also combine multiple filter parameters in a single request. When you apply multiple filters, the API will typically return results that satisfy all the specified conditions (logical AND). For example, to find vulnerability instances on 192.168.1.1 with a high severity, you might use ?ipAddress.eq=192.168.1.1&severity.eq=HIGH.

info

Filtering for string fields and enum values is generally case-sensitive. For example, service.eq=http will not match service.eq=HTTP.

The available filtering parameters and the operators they support vary depending on the specific resource you are requesting.

Here are a few examples illustrating how to apply filters to different endpoints:

  • Filtering Organization Groups by Name: To retrieve organization groups whose names start with "Admin", you would use the name.startsWith operator with the "Get organization groups" endpoint:

    /api/v1/scans/{scanId}/org_groups?name.startsWith=Admin
  • Filtering Domains by IP Address Range: To find domains associated with IP addresses within the 10.0.0.0/8 CIDR range, you would use the ipAddress.inRange operator with the "Get domains" endpoint:

    /api/v1/scans/{scanId}/domains?ipAddress.inRange=10.0.0.0/8
  • Filtering Vulnerabilities by CVE ID: To retrieve vulnerabilities with the exact CVE identifier "CVE-2023-1234", you would use the cve.eq operator with the "Get vulnerabilities" endpoint:

    /api/v1/scans/{scanId}/vulnerabilities?cve.eq=CVE-2023-1234
  • Filtering Service Instances by Port Number: To find service instances running on port 443, you would use the port.eq operator with the "Get service instances" endpoint:

    /api/v1/scans/{scanId}/service_instances?port.eq=443
info

The API reference section of the documentation includes a comprehensive list of the filter parameters that are available for each endpoint.