API Live discover

Hi,

i have a problem when i use the Live Discover API to run a query on Sophos.
I follow the procedure described at the URL https://developer.sophos.com/docs/live-discover-v1/1/routes/queries/runs/post

That is my sended json:

{
    "matchEndpoints": {
        "filters": [
            {
                "ids": [
                    "c3a1b995-ccf5-47d0-a9b7-ef13d74b1a2b"
                ]
            }
        ]
    },
    "savedQuery": {
        "queryId": "ae9338d5-eed3-4e38-a4ad-057f5fb68e81"
    },
    "variables": [
        {
            "value": "2021-01-01T00:00:00",
            "dataType": "dateTime",
            "name": "start_time"
        },
        {
            "value": "2023-01-01T00:00:00",
            "dataType": "dateTime",
            "name": "end_time"
        }
    ]
}

But whatever value we enter in start_time or end_time i got error shown below.

Error result:

{
"error": "badRequest",
"correlationId": "774a639b-2598-4a55-baa5-a5fa39f6efa2",
"requestId": "8196806f-2f3f-4e9c-ba5e-d69ebbee0996",
"message": "Some variables do not have values: start_time,end_time. "
}

I have no other details that allow me to investigate. Can you help me on the errors we are encountering.

Top Replies

Gladys 11 months ago in reply to Mickael PRIVITERA +1

Hi Mickael PRIVITERA , Could you confirm if you’re only using a standard query documented on our APIs page , or you're using a custom query? Sophos also has a Postman Collection of all our current…

Parents

0 Mickael PRIVITERA 11 months ago

Hi,

Any idea for this point? Does this route work in someone with this date setting?

Thanks in advance

Regards

Mickael
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Gladys 11 months ago in reply to Mickael PRIVITERA

Hi Mickael PRIVITERA ,

Thank you for reaching out to our Community Forum. Have you tried using other date and time formats? Can you try either of the following?

2023-06-01T10:00:00.000-05:00
2023-06-01T10:00:00.000

Let me know how it goes. Thank you.

Gladys Reyes
Global Community Support Engineer
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Mickael PRIVITERA 11 months ago in reply to Gladys

Thanks for your feedback.

yes, I tried different date types and different format but the result is always the same. I also tried with the dates that you proposed to me but it is always the same.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Gladys 11 months ago in reply to Mickael PRIVITERA

Hi Mickael PRIVITERA ,

Could you confirm if you’re only using a standard query documented on our APIs page, or you're using a custom query?

Sophos also has a Postman Collection of all our current queries (including the Live Discover ones). We'd suggest that you try and get this, and then you can see all of the variable data that can be used.

Gladys Reyes
Global Community Support Engineer
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Mickael PRIVITERA 11 months ago in reply to Gladys
Hi,

Yes i'm using a standard query ("ae9338d5-eed3-4e38-a4ad-057f5fb68e81" :"Common suspicious directories (Non-Windows directories").

I've tried the postman collection but in there example, the use a common and simple case with not real infomation:

"variables": [ { "name": "non dolore dolor ", "dataType": "dateTime", "value": "laborum labore" }, { "name": "est dolore", "dataType": "boolean", "value": "exercitation sint do magna " } ]

Could you test on your side please?

Many thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Mickael PRIVITERA 11 months ago in reply to Gladys
Hi,

Yes i'm using a standard query ("ae9338d5-eed3-4e38-a4ad-057f5fb68e81" :"Common suspicious directories (Non-Windows directories").

I've tried the postman collection but in there example, the use a common and simple case with not real infomation:

"variables": [ { "name": "non dolore dolor ", "dataType": "dateTime", "value": "laborum labore" }, { "name": "est dolore", "dataType": "boolean", "value": "exercitation sint do magna " } ]

Could you test on your side please?

Many thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data