Filtering responses
Many endpoints in the SixMap API support filtering, allowing you to narrow results based on specific criteria.
Applying Filters to Endpoints
To filter the results from a specific API endpoint, you append query parameters to the endpoint's URL. These parameters typically follow the pattern of fieldName.operator=value
. For example, to filter results where the ipAddress
is exactly equal to 192.168.1.1
, you would use the query parameter ipAddress.eq=192.168.1.1
.
You can also combine multiple filter parameters in a single request. When you apply multiple filters, the API will typically return results that satisfy all the specified conditions (logical AND). For example, to find vulnerability instances on 192.168.1.1
with a high severity, you might use ?ipAddress.eq=192.168.1.1&severity.eq=HIGH
.
Filtering for string fields and enum values is generally case-sensitive. For example, service.eq=http
will not match service.eq=HTTP
.
The available filtering parameters and the operators they support vary depending on the specific resource you are requesting.
Here are a few examples illustrating how to apply filters to different endpoints:
-
Filtering Organization Groups by Name: To retrieve organization groups whose names start with "Admin", you would use the
name.startsWith
operator with the "Get organization groups" endpoint:/api/v1/scans/{scanId}/org_groups?name.startsWith=Admin
-
Filtering Domains by IP Address Range: To find domains associated with IP addresses within the
10.0.0.0/8
CIDR range, you would use theipAddress.inRange
operator with the "Get domains" endpoint:/api/v1/scans/{scanId}/domains?ipAddress.inRange=10.0.0.0/8
-
Filtering Vulnerabilities by CVE ID: To retrieve vulnerabilities with the exact CVE identifier "CVE-2023-1234", you would use the
cve.eq
operator with the "Get vulnerabilities" endpoint:/api/v1/scans/{scanId}/vulnerabilities?cve.eq=CVE-2023-1234
-
Filtering Service Instances by Port Number: To find service instances running on port
443
, you would use theport.eq
operator with the "Get service instances" endpoint:/api/v1/scans/{scanId}/service_instances?port.eq=443
The API reference section of the documentation includes a comprehensive list of the filter parameters that are available for each endpoint.