Get query spec nodes

GetAssessmentQuerySpecNodes returns the entity details for nodes in the query without generating a result count. This option uses pagination and can be faster for complex queries where the total number of search results is not needed.

The request must include the full query spec object and the source_node_id of the query result to retrieve destination nodes for. Additionally, providing a snapshot_id will return destination nodes based on a Time Machine snapshot.

When specifying a page_size in the query string, responses will include the next_page_token and indicate has_more if additional results are available. Note that a page can be empty even when more results exist.

POST/api/v1/assessments/query_spec:nodes

Query parameters

Body

query_typev1AssessmentQueryType (enum)

SYSTEM_CREATEDSOURCE_TO_DESTINATIONDESTINATION_NODES

source_node_typesv1NodeSpecCollection (object)

destination_node_typesv1NodeSpecCollection (object)

required_intermediate_node_typesv1NodeSpecCollection (object)

avoided_intermediate_node_typesv1NodeSpecCollection (object)

raw_permissionsA collection of raw permission names

effective_permissionsv1EffectivePermissionCollection (object)

customized_variablesarray of v1CreateAssessmentQueryVariableRequest (object)

no_relationuse relates_to_exp

snapshot_idstring (uint64)

node_relationship_typeapi_protosv1NodeRelationshipType (enum)

EFFECTIVE_ACCESSCONFIGURED

relates_to_expA RelatesToExpression E evaluates as "true if source has a path to E; otherwise false". for E = { specs: [A, B, ...], child_expressions: [X, Y, ...], operator, not, }, "source has a path to E" is defined as: - if operator = AND (default): "source has a path to ALL of (A,B, ..., X, Y, ...), i.e. A AND B AND ... AND X AND Y AND ..." - if operator = OR: "source has a path to ANY of (A,B, ..., X, Y, ...), i.e. A OR B OR ... OR X OR Y OR ..." - if not = true, boolean invert the result above

path_summary_node_typesv1NodeSpecCollection (object)

all_entity_conditionNodeSpecCollectionConditionExpression (object)

path_summary_count_conditionsv1CountConditionCollection (object)

result_value_typev1AssessmentQueryResultValueType (enum)

AssessmentQueryResultValueType determines which of the fields (values or path_values) will be populated in the resulting AssessmentQueryNodesResponse message. UNDEFINED is a valid selection and is intended for backward compatibility. When UNDEFINED is selected, the actual result value type will be determined by the backend (BE).

UNDEFINED: Valid selection and intended for backward compatibility, result type determined by BE
SOURCE_NODES_WITH_COUNTS: Returns populated values field containing source nodes and their destination counts
SOURCE_AND_DESTINATION_NODES: Returns path_values with source and destination nodes, excluding path summary.
PATHS: Returns path_values along with path summary.

UNDEFINEDSOURCE_NODES_WITH_COUNTSSOURCE_AND_DESTINATION_NODESPATHS

page_sizestring (int64)

The maximum number of results to be returned. Fewer results may be returned even when more pages exist.

page_tokenstring

The token specifying the specific page of results to retrieve.

Response

A successful response.

Body

valuesarray of v1AssessmentQueryNode (object)

path_valuesarray of v1AssessmentQueryNodePath (object)

next_page_tokenstring

The token to retrieve the next page of results.

has_moreboolean

If true, more results are available.

Request

const response = await fetch('/api/v1/assessments/query_spec:nodes', {
    method: 'POST',
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({}),
});
const data = await response.json();

Response

{
  "values": [
    {
      "id": "text",
      "type": "text",
      "permissions": [],
      "engagement_access_stats": {
        "total_count": "text",
        "accessed_count": "text"
      },
      "access_stats": {
        "last_used": "2024-04-30T18:51:17.801Z",
        "concrete_permissions": [
          "text"
        ],
        "canonical_permissions": [
          "text"
        ]
      },
      "destination_node_ids": [
        "text"
      ],
      "risk_level": "NONE",
      "raw_permissions": [
        "text"
      ],
      "effective_permissions": [
        "text"
      ]
    }
  ],
  "path_values": [
    {
      "source": {
        "id": "text",
        "type": "text",
        "permissions": [],
        "engagement_access_stats": {
          "total_count": "text",
          "accessed_count": "text"
        },
        "access_stats": {
          "last_used": "2024-04-30T18:51:17.801Z",
          "concrete_permissions": [
            "text"
          ],
          "canonical_permissions": [
            "text"
          ]
        },
        "destination_node_ids": [
          "text"
        ],
        "risk_level": "NONE",
        "raw_permissions": [
          "text"
        ],
        "effective_permissions": [
          "text"
        ]
      },
      "abstract_permissions": [
        "text"
      ],
      "concrete_permissions": [
        "text"
      ],
      "destination": {
        "id": "text",
        "type": "text",
        "permissions": [],
        "engagement_access_stats": {
          "total_count": "text",
          "accessed_count": "text"
        },
        "access_stats": {
          "last_used": "2024-04-30T18:51:17.801Z",
          "concrete_permissions": [
            "text"
          ],
          "canonical_permissions": [
            "text"
          ]
        },
        "destination_node_ids": [
          "text"
        ],
        "risk_level": "NONE",
        "raw_permissions": [
          "text"
        ],
        "effective_permissions": [
          "text"
        ]
      },
      "path_summary_nodes": [
        {
          "id": "text",
          "type": "text",
          "permissions": [],
          "engagement_access_stats": {
            "total_count": "text",
            "accessed_count": "text"
          },
          "access_stats": {
            "last_used": "2024-04-30T18:51:17.801Z",
            "concrete_permissions": [
              "text"
            ],
            "canonical_permissions": [
              "text"
            ]
          },
          "destination_node_ids": [
            "text"
          ],
          "risk_level": "NONE",
          "raw_permissions": [
            "text"
          ],
          "effective_permissions": [
            "text"
          ]
        }
      ],
      "results_truncated": false
    }
  ],
  "next_page_token": "text",
  "has_more": false
}

Sample request:

The following example searches for AWS IAM users with permissions to modify S3 bucket ACLs:

curl -X 'POST' \
"$BASE_URL/api/v1/assessments/query_spec:nodes?page_size=1&page_token=" \
-H "authorization: Bearer $VEZA_TOKEN" \
-d '{
  "query_type": "SOURCE_TO_DESTINATION",
  "include_nodes": true,
  "source_node_types": {
    "nodes": [
      {
        "node_type": "AwsIamUser"
      }
    ]
  },
  "destination_node_types": {
    "nodes": [
      {
        "node_type": "S3Bucket"
      }
    ]
  },
  "no_relation": false,
  "raw_permissions": {
    "operator": "OR",
    "values": [
      "s3:PutBucketAcl"
    ]
  }
}'

Sample response:

{
  "values": [
    {
      "id": "arn:aws:iam::877042069677:user/j.smith",
      "type": "AwsIamUser",
      "properties": {
        "aws_account_id": "877042069677",
        "created_at": "2021-11-15T15:14:47Z",
        "datasource_id": "877042069677:awsiam",
        "full_admin": true,
        "identity_unique_id": "j.smith",
        "last_used_at": "2023-05-25T00:00:00Z",
        "name": "j.smith",
        "password_last_used_at": "2023-05-25T00:00:00Z",
        "permission_boundary_controlled": false,
        "programmatic_access_count": 1,
        "programmatic_last_used_at": "2022-04-20T00:00:00Z",
        "provider_id": "877042069677",
        "root": false,
        "user_type": ""
      },
      "destination_node_count": 25,
      "permissions": [],
      "engagement_access_stats": null,
      "access_stats": null,
      "destination_node_ids": [],
      "risk_level": "CRITICAL",
      "raw_permissions": [],
      "effective_permissions": []
    }
  ],
  "path_values": [],
  "next_page_token": "eyJGaXJzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjRmYWIxZDUyLWYzZjgtNGNkZS05MmVmLWVmZTc4OThlM2M2MCIsImlkIjoiYXJuOmF3czppYW06Ojg3NzA0MjA2OTY3Nzp1c2VyL2Fhcm9uLmJpbmZvcmQiLCJsb3dlcl9uYW1lIjoiYWFyb24uYmluZm9yZCJ9LCJMYXN0Ijp7ImR1cGxpY2F0aW9uX3Njb3BlX2lkIjoiNGZhYjFkNTItZjNmOC00Y2RlLTkyZWYtZWZlNzg5OGUzYzYwIiwiaWQiOiJhcm46YXdzOmlhbTo6ODc3MDQyMDY5Njc3OnVzZXIvYWFyb24uYmluZm9yZCIsImxvd2VyX25hbWUiOiJhYXJvbi5iaW5mb3JkIn19",
  "has_more": true
}

Here is a more complex example, which identifies Okta Users related to Snowflake Local Roles.

Using conditions, the query will only return users related to the BILLING group AND another group, either the AUDITOR role OR ROLE_A

Request:

curl -X 'POST' \
"$BASE_URL/api/v1/assessments/query_spec:nodes?page_size=1&page_token=" \
-H "authorization: Bearer $VEZA_TOKEN" \
-d '{"query_type":"SOURCE_TO_DESTINATION","source_node_types":{"nodes":[{"node_type":"OktaUser","tags":[],"conditions":[],"condition_expression":null,"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"destination_node_types":null,"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":null,"customized_variables":[],"no_relation":false,"snapshot_id":"0","access_filter":null,"node_relationship_type":"EFFECTIVE_ACCESS","relates_to_exp":{"specs":[{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/BILLING","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"}],"child_expressions":[{"specs":[{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/AUDITOR","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"},{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/ROLE_A","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"}],"child_expressions":[],"operator":"OR","not":false,"and_op_type":"INFERRED"}],"operator":"AND","not":false,"and_op_type":"SOURCE_INTERSECT"},"path_summary_node_types":null,"all_entity_condition":null}'

Response:

{"values":[{"id":"00upfs3bV7G3ImWCL5d5","type":"OktaUser","properties":{"created_at":"2020-11-12T21:10:47Z","datasource_id":"dev-5150036.okta.com","email":"Simona_Morasca@cookiedemo.onmicrosoft.com","first_name":"Simona","idp_unique_id":"Simona_Morasca@cookiedemo.onmicrosoft.com","is_active":true,"last_name":"Morasca","login":"Simona_Morasca@cookiedemo.onmicrosoft.com","mfa_active":false,"name":"Simona_Morasca@cookiedemo.onmicrosoft.com","provider_id":"dev-5150036.okta.com","status":"STAGED","updated_at":"2020-11-12T21:10:47Z"},"destination_node_count":0,"permissions":[],"engagement_access_stats":null,"access_stats":null,"destination_node_ids":[],"risk_level":"CRITICAL","raw_permissions":[],"effective_permissions":[]}],"path_values":[],"next_page_token":"eyJGaXJzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjQwZjFlZGZiLWQ1Y2UtNGU4ZC1hNWVmLWY2MzhmMDgxYzMzYiIsImlkIjoiMDB1Nmg4cnI2dkFzSUJqMW41ZDciLCJsb3dlcl9uYW1lIjoiYWFyb24uYmluZm9yZEB2ZXphdGVzdC5jb20ifSwiTGFzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjQwZjFlZGZiLWQ1Y2UtNGU4ZC1hNWVmLWY2MzhmMDgxYzMzYiIsImlkIjoiMDB1NTJzc3FldkozQ1d3QlM1ZDciLCJsb3dlcl9uYW1lIjoieXV3dUB2ZXphLmNvbSJ9fQ==","has_more":false}

PreviousGet query spec node destinations NextGet query spec results

Last updated 6 months ago