LogoLogo
User GuideDeveloper DocumentationIntegrationsRelease Notes
  • ๐Ÿ Veza Documentation
  • โ˜‘๏ธGetting Started
  • ๐Ÿ“–Veza Glossary
  • โ“Product FAQ
  • ๐Ÿ›ก๏ธSecurity FAQ
    • Advanced Security FAQ
  • Release Notes
    • ๐Ÿ—’๏ธRelease Notes
      • Release Notes: 2025-04-30
      • Release Notes: 2025-04-16
      • Release Notes: 2025-04-02
      • Release Notes: 2025-03-19
      • Archive
        • 2024.9.23
        • 2024.9.16
        • 2024.9.9
        • 2024.9.2
        • 2024.8.26
        • 2024.8.19
        • 2024.8.12
        • 2024.8.5
        • 2024.7.29
        • 2024.7.22
        • 2024.7.15
        • 2024.7.1
        • 2024.6.24
        • 2024.6.17
        • 2024.6.10
        • 2024.6.3
        • 2024.5.27
        • 2024.5.20
        • 2024.5.13
        • 2024.5.6
        • 2024.4.29
        • 2024.4.22
        • 2024.4.15
        • 2024.4.8
        • 2024.4.1
        • 2024.3.25
        • 2024.3.18
        • 2024.3.11
        • 2024.3.4
        • 2024.2.26
        • 2024.2.19
        • 2024.2.12
        • 2024.2.5
        • 2024.1.29
        • 2024.1.22
        • 2024.1.15
        • 2024.1.8
        • 2024.1.1
        • 2023.12.18
        • 2023.12.11
        • 2023.12.4
        • 2023.11.27
        • 2023.11.20
        • 2023.11.13
        • 2023.11.6
        • 2023.10.30
        • 2023.10.23
        • 2023.10.16
        • 2023.10.9
        • 2023.10.2
        • 2023.9.25
        • 2023.9.18
        • 2023.9.11
        • 2023.9.4
        • 2023.8.28
        • 2023.8.21
        • 2023.8.14
        • 2023.8.7
        • 2023.7.31
        • 2023.7.24
        • 2023.7.17
        • 2023.7.10
        • 2023.7.3
        • 2023.6.26
        • 2023.6.19
        • 2023.6.12
        • 2023.6.5
        • 2023.5.29
        • 2023.5.22
        • 2023.5.15
        • 2023.5.8
        • 2023.5.1
        • 2023.4.24
        • 2023.4.17
        • 2023.4.10
        • 2023.4.3
        • 2023.3.27
        • 2023.3.20
        • 2023.3.13
        • 2023.3.6
        • 2023.2.27
        • 2023.2.20
        • 2023.2.13
        • 2023.2.6
        • 2023.1.30
        • 2023.1.23
        • 2023.1.16
        • 2023.1.9
        • 2023.1.2
        • 2022.12.12
        • 2022.12.5
        • 2022.11.28
        • 2022.11.14
        • 2022.11.7
        • 2022.10.31
        • 2022.10.24
        • 2022.10.17
        • 2022.10.1
        • 2022.6.2
        • 2022.6.1
        • 2022.5.1
        • 2022.4.1
        • 2022.3.1
  • Features
    • ๐Ÿ”ŽAccess Visibility
      • Graph
      • Query Builder
      • Saved Queries
      • Filters
      • Query Mode
      • Intermediate Entities
      • Regular Expressions
      • Tags
      • Tagged Entity Search
      • Assumed AWS IAM Roles
      • Veza Query Language
        • Quick Start
        • Syntax
        • VQL API
    • ๐Ÿ’กAccess Intelligence
      • Overview
      • Dashboards
        • Reports
        • Scheduled Exports of Query Results via a Secure Email Link
      • Risks
      • Analyze
      • Compare
      • Rules and Alerts
      • Entities
      • NHI Identify Classification Logic
      • NHI Secrets
    • ๐Ÿ”Access Reviews
      • Get Started: Access Reviewers
      • Get Started: Review Operators
      • Access Review Tasks
        • Assign Reviewers
        • Create a Configuration
        • Create a Review
        • Draft Reviews
        • Edit a Configuration
        • Filters and Bulk Actions
        • Manage Access Reviews
        • Using the Reviewer Interface
        • Row Grouping for Access Reviews
        • Schedule an Access Review
      • Access Review Configuration
        • Access Reviews Query Builder
        • Access Reviews Global Settings
        • Configuring a Global Identity Provider
          • Alternate Manager Lookup
        • Customizing Default Columns
        • Email Notifications and Reminders
        • Identity Provider and HRIS Enrichment
        • Managers and Resource Owners
        • Multi-Level Review
        • 1-Step Access Reviews
        • On-Demand Reviews
        • Veza Actions for Access Reviews
        • Review Intelligence Policies
        • Review Presentation Options
        • Reviewer Selection Methods
        • Reviewer Digest Notifications
      • Access Review Scenarios
        • Access Reviews: Active Directory Security Groups
        • Access Reviews: Okta App Assignments
        • Access Reviews: Okta Group Membership
        • Access Reviews: Okta Admin Roles
        • Access Reviews: Azure AD Roles
        • Access Reviews with Saved Queries
        • Source-Only Access Reviews
    • ๐Ÿ“ŠAccess Monitoring
    • ๐Ÿ”„Lifecycle Management
      • Implementation and Core Concepts
      • Access Profiles
      • Policies
      • Conditions and Actions
      • Attribute Sync and Transformers
        • Lookup Tables
      • Integrations
        • Active Directory
        • Exchange Server
        • Okta
        • Salesforce
        • Workday
    • โš–๏ธSeparation of Duties (SoD)
      • Managing SoD Risks with Veza
      • Creating SoD Detection Queries
      • Analyzing Separation of Duties Query Results
      • Example Separation of Duties Queries
      • SoD Manager Assignment
      • Access Reviews for SoD
  • Integrations
    • โœจVeza Integrations
      • Adobe Enterprise
      • Amazon Web Services
        • Add Existing AWS Accounts
        • Automatically Add New AWS Accounts
        • AWS DynamoDB
        • AWS KMS
        • AWS RDS MySQL
        • AWS RDS PostgreSQL
        • AWS Redshift
        • Activity Monitoring for AWS
        • Using AWS Secrets Manager for RDS Extraction
        • Notes & Supported Entities
      • Anaplan
      • Atlassian Cloud Products
      • Auth0
      • BambooHR
      • Bitbucket Data Center
      • BlackLine
      • Beeline
      • Boomi
      • Box
      • Bullhorn
      • Cassandra
      • Cisco Duo
      • Clickhouse
      • Concur
      • Confluence Server
      • Confluent
      • Coupa
      • Coupa Contingent Workforce
      • Crowdstrike Falcon
      • CSV Upload
        • CSV Upload Examples
        • CSV Upload Troubleshooting
        • CSV Upload API
      • Databricks (Single Workspace)
      • Databricks (Unity Catalog)
      • Delinea Secret Server
      • Device42
      • DocuSign
      • Dropbox
      • Egnyte
      • Expensify
      • Exchange Online (Microsoft 365)
      • Fastly
      • Google Cloud
        • Check Google Cloud Permissions
        • Notes & Supported Entities
      • Google Drive
      • GitHub
      • GitLab
      • HashiCorp Vault
      • HiBob
      • Hubspot
      • IBM Aspera
      • iManage
      • Ivanti Neurons
      • Jamf Pro
      • Jenkins
      • JFrog Artifactory
      • Jira Data Center
      • Kubernetes
      • LastPass
      • Looker
      • MongoDB
      • Microsoft Active Directory
      • Microsoft Azure
        • Azure SQL Database
        • Azure PostgreSQL Database
        • Microsoft Dynamics 365 CRM
        • Microsoft Dynamics 365 ERP
        • Notes & Supported Entities
      • Microsoft Azure AD
      • Microsoft SharePoint Online
      • Microsoft SharePoint Server
      • Microsoft SQL Server
      • MuleSoft
      • MySQL
      • NetSuite
      • New Relic
      • Okta
        • Okta MFA status
      • OneLogin
      • OpenAI
      • Oracle Cloud Infrastructure
      • Oracle Database
      • Oracle Database (AWS RDS)
      • Oracle E-Business Suite (EBS)
      • Oracle EPM
      • Oracle Fusion Cloud
      • Oracle JD Edwards EnterpriseOne
      • PagerDuty
      • Palo Alto Networks SASE/Prisma Access
      • PingOne
      • PostgreSQL
      • Power BI
      • Privacera
      • PTC Windchill
      • Qualys
      • QNXT
      • Ramp
      • Redis Cloud
      • Rollbar
      • Salesforce
      • Salesforce Commerce Cloud
      • SCIM integration
      • ServiceNow
      • Slack
      • Smartsheet
      • Snowflake
        • Snowflake Native Application
        • Snowflake Masking Policies
        • Exporting Saved Query Results to Snowflake
        • Audit Log Export
        • Event Export
      • Solarwinds
      • Spotio
      • Sumo Logic
      • Tableau Cloud
      • Teleport
      • Terraform
      • ThoughtSpot
      • Trello
      • Trino (PrestoSQL)
      • UKGPro
      • Veza
      • Windows Server
        • Enterprise Deployment
      • Workato
      • Workday
      • YouTrack
      • Zendesk
      • Zip
      • Zoom
      • Zscaler
      • 1Password
    • ๐ŸŽฏIntegrations Overview
    • โš ๏ธPrerequisites and Connectivity
      • Insight Point
        • Deploying an Insight Point using the install script
        • Deploy with AWS EC2
        • Deploy with Virtual Appliance
          • Deploy with Virtual Appliance (Legacy)
        • Deploy with Azure Container Instances
        • Insight Point (Helm Chart)
      • Certificates with OpenSSL
    • โš™๏ธConfiguring Integrations
      • Integrations FAQ
      • Extraction and Discovery Intervals
      • Custom Identity Mappings
      • Limiting Extractions
      • Enrichment Rules
      • โ„น๏ธRunning Veza Scripts with Python
  • Administration
    • ๐Ÿ› ๏ธVeza Administration
      • Securing Your Veza Tenant
      • Veza Actions
        • Slack
        • ServiceNow
        • Jira
        • Webhooks
      • Virtual Private Veza
      • System Events
      • Sign-In Settings
        • Single Sign-On with Okta
        • Single Sign-On with Okta (OIDC)
        • Single Sign-On with Microsoft Entra
      • User Management
        • Multi-factor Authentication
        • Team Management
        • Support User Access
  • Developers
    • ๐ŸŒVeza APIs
      • Authentication
      • Troubleshooting
      • Pagination
      • Open Authorization API
        • Getting Started
        • Core Concepts
          • Connector Requirements
          • Using OAA Templates
          • Providers, Data Sources, Names and Types
          • Sourcing and Extracting Metadata
          • Naming and Identifying OAA Entities
          • Modeling Users, Permissions, and Roles
          • Custom Properties
          • Tagging with OAA
          • Cross Service IdP Connections
          • Incremental Updates
        • OAA Push API
          • OAA Operations
        • OAA Templates
          • Custom Application
          • Custom Identity Provider
          • Custom HRIS Provider
        • OAA .NET SDK
          • C# OAA Application Connector
        • OAA Python SDK
          • Application Outline
          • oaaclient modules
            • Client
            • Structures
            • Templates
            • Utils
        • Sample Apps
        • Example Connectors
      • Integration APIs
        • Enable/Disable Providers
        • Cloud Platforms and Data Providers
        • Identity Providers
        • Data Sources
        • Sync and Parse Status
      • Query APIs
        • Quick Start
        • Query Builder Terminology
        • Query Builder Parameters
        • Query Builder Results
        • List saved queries
        • Save a query
        • Get a saved query
        • Update a query
        • Delete a query
        • Get query node destinations
        • Get query nodes
        • Get query result
        • Get query spec node destinations
        • Get query spec nodes
        • Get query spec results
        • Private APIs
          • Get Access Relationship
          • Role Existence
          • Role Maintenance
          • Cohort Role Analysis
        • Tags
          • Create, Add, Remove Tag
          • Promoted Tags
      • Access Reviews APIs
        • Workflow Parameters Reference
        • List Workflows
        • List Certifications
        • List Certification Results
        • Update Certification Result
        • Force Update Result
        • Update Webhook Info
        • Get Certification Result
        • Manage Reviewer Deny List
        • Quick Filters
        • Help Page Templates
        • Smart Action Definitions
        • Delegate Reviewers
        • List Reviewer Infos
        • Get Access Graph
        • Automations API
        • Global Settings APIs
      • System Audit Logs
      • System Events
      • Notification Templates
        • Notification Templates API
      • Team and User Management APIs
        • Team API Keys
      • SCIM Provisioning
        • SCIM API Reference
        • SCIM Provisioning with Okta
  • Product Updates
    • ๐Ÿ†•Product Updates
      • Product Update: March'25
      • Product Update: February'25
      • UX Update - Integration Management
      • Product Update: January'25
      • Product Update: December'24
      • Product Update: November'24
      • Product Update: October'24
      • Product Update: September'24
      • Product Update: August'24
      • UX Update: Veza Integrations
      • Product Update: July'24
      • Product Update: June'24
      • Product Update: May'24
      • Product Update: April'24
      • UX Update - Enhanced Reviewer Experience for Veza Access Reviews
      • Product Update: March'24
      • Product Update: February'24
      • Design Update: February'24
      • UX Update - New Navigation Experience
      • UX Update - Access Review Dashboards
      • Building Vezaโ€™s Platform and Products
      • Veza Product Update - Jan'24
      • Veza Product Update - 2H 2023
      • Veza Product Update - December'23
      • Veza Product Update - November'23
      • Veza Product Update - October'23
      • Veza Product Update - September'23
      • Veza Product Update - August'23
      • Veza Product Update - July'23
      • Veza Product Update - June'23
      • Veza Product Update - May'23
      • Veza Product Update - April'23
      • Veza Product Update - March'23
      • Veza Product Update - Feb'23
      • Veza Product Update - Jan'23
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Developers
  2. Veza APIs
  3. Query APIs

List saved queries

PreviousQuery Builder ResultsNextSave a query

Last updated 8 months ago

Was this helpful?

ListAssessmentQueries retrieves a list of all built-in and user-created queries.

By default, this endpoint returns only the queries that are currently enabled. When the risks_only parameter is set to true, it will only return queries with a risk level.

Sample request

curl -X 'GET' \
"$BASE_URL/api/v1/assessments/queries?page_size=1&risks_only=true&filter=name+co+%22User%22" \
-H "authorization: Bearer $VEZA_TOKEN"

Sample response:

{
  "values": [
    {
      "id": "95ccaca3-c9f6-4711-9219-887e5c102701",
      "name": "AWS IAM Groups with iam:CreateAccessKey permission",
      "description": "AWS IAM Groups with iam:CreateAccessKey permission",
      "result_type": "NUMBER",
      "query_type": "SYSTEM_CREATED",
      "raw_permissions": {
        "values": [],
        "operator": "AND"
      },
      "effective_permissions": {
        "values": [],
        "operator": "AND"
      },
      "variables": [
        "AWS_ACCOUNT_LIST"
      ],
      "source_node_types": {
        "nodes": [
          {
            "node_type": "AwsIamGroup",
            "tags": [],
            "conditions": [],
            "condition_expression": {
              "specs": [
                {
                  "fn": "IN",
                  "property": "aws_account_id",
                  "value": [
                    "527398259632",
                    "877042069677",
                    "340069577982",
                    "241721837758",
                    "998048473876",
                    "973979857296"
                  ],
                  "not": false,
                  "value_property_name": "",
                  "value_property_from_other_node": false
                }
              ],
              "child_expressions": [],
              "operator": "AND",
              "not": false
            },
            "node_id": "",
            "excluded_tags": [],
            "count_conditions": [],
            "direct_relationship_only": false,
            "node_type_grouping_constraint": null
          }
        ],
        "nodes_operator": "AND"
      },
      "required_intermediate_node_types": {
        "nodes": [],
        "nodes_operator": "AND"
      },
      "avoided_intermediate_node_types": {
        "nodes": [],
        "nodes_operator": "AND"
      },
      "destination_node_types": {
        "nodes": [],
        "nodes_operator": "AND"
      },
      "no_relation": false,
      "access_filter": null,
      "created_by": "",
      "visibility": "PUBLIC",
      "owners": [],
      "node_relationship_type": "CONFIGURED",
      "integration_types": [
        "aws"
      ],
      "labels": [],
      "created_at": "2023-02-01T04:32:18.126875729Z",
      "updated_at": "2023-04-07T16:00:52.761867936Z",
      "source_type": "AwsIamGroup",
      "destination_types": [],
      "relates_to_exp": {
        "specs": [
          {
            "node_types": {
              "nodes": [
                {
                  "node_type": "AwsIamGroupedPermission",
                  "tags": [],
                  "conditions": [],
                  "condition_expression": {
                    "specs": [
                      {
                        "fn": "LIST_CONTAINS",
                        "property": "permissions",
                        "value": "iam:CreateAccessKey",
                        "not": false,
                        "value_property_name": "",
                        "value_property_from_other_node": false
                      },
                      {
                        "fn": "EXISTS",
                        "property": "deny",
                        "value": null,
                        "not": true,
                        "value_property_name": "",
                        "value_property_from_other_node": false
                      }
                    ],
                    "child_expressions": [],
                    "operator": "AND",
                    "not": false
                  },
                  "node_id": "",
                  "excluded_tags": [],
                  "count_conditions": [],
                  "direct_relationship_only": false,
                  "node_type_grouping_constraint": null
                }
              ],
              "nodes_operator": "AND"
            },
            "required_intermediate_node_types": null,
            "avoided_intermediate_node_types": null,
            "raw_permissions": null,
            "effective_permissions": null,
            "no_relation": false,
            "direction": "ANY_DIRECTION"
          }
        ],
        "child_expressions": [],
        "operator": "AND",
        "not": false,
        "and_op_type": "INFERRED"
      },
      "all_entity_condition": {
        "specs": [],
        "child_expressions": [],
        "operator": "AND",
        "not": false
      },
      "risk_level": "WARNING",
      "risk_suppressed_constraints": null,
      "analysis_type": "UNSET",
      "result": 0,
      "result_evaluated_at": null,
      "result_evaluated": false
    }
  ],
  "next_page_token": "eyJOZXh0Q3Vy==",
  "has_more": true
}

See for more information about the saved query object.

๐ŸŒ
Parameters
get
Authorizations
Query parameters
include_inactive_queriesbooleanOptional
violations_onlybooleanOptionalDeprecated
risks_onlybooleanOptional
include_resultsbooleanOptional
include_natural_languagebooleanOptional
filterstringOptional
order_bystringOptional
page_sizeinteger ยท int32Optional

The maximum number of results to be returned. Fewer results may be returned even when more pages exist.

page_tokenstringOptional

The token specifying the specific page of results to retrieve.

Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/assessments/queries HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{
  "values": [
    {
      "id": "text",
      "name": "text",
      "description": "text",
      "result_type": 1,
      "query_type": 1,
      "raw_permissions": {
        "values": [
          "text"
        ],
        "operator": 1
      },
      "effective_permissions": {
        "values": [
          1
        ],
        "operator": 1
      },
      "variables": [
        "text"
      ],
      "source_node_types": {
        "nodes": [
          {
            "node_type": "text",
            "condition_expression": "[Circular Reference]",
            "node_id": "text",
            "count_condition_expression": "[Circular Reference]",
            "direct_relationship_only": true,
            "node_type_grouping_constraint": {
              "node_types": [
                "text"
              ],
              "constraint_type": 1
            },
            "properties_to_get": [
              "text"
            ],
            "tags_to_get": [
              {
                "type": 1,
                "key": "text"
              }
            ],
            "integration_types": [
              "text"
            ]
          }
        ],
        "nodes_operator": 1
      },
      "required_intermediate_node_types": {
        "nodes": [
          {
            "node_type": "text",
            "condition_expression": "[Circular Reference]",
            "node_id": "text",
            "count_condition_expression": "[Circular Reference]",
            "direct_relationship_only": true,
            "node_type_grouping_constraint": {
              "node_types": [
                "text"
              ],
              "constraint_type": 1
            },
            "properties_to_get": [
              "text"
            ],
            "tags_to_get": [
              {
                "type": 1,
                "key": "text"
              }
            ],
            "integration_types": [
              "text"
            ]
          }
        ],
        "nodes_operator": 1
      },
      "avoided_intermediate_node_types": {
        "nodes": [
          {
            "node_type": "text",
            "condition_expression": "[Circular Reference]",
            "node_id": "text",
            "count_condition_expression": "[Circular Reference]",
            "direct_relationship_only": true,
            "node_type_grouping_constraint": {
              "node_types": [
                "text"
              ],
              "constraint_type": 1
            },
            "properties_to_get": [
              "text"
            ],
            "tags_to_get": [
              {
                "type": 1,
                "key": "text"
              }
            ],
            "integration_types": [
              "text"
            ]
          }
        ],
        "nodes_operator": 1
      },
      "destination_node_types": {
        "nodes": [
          {
            "node_type": "text",
            "condition_expression": "[Circular Reference]",
            "node_id": "text",
            "count_condition_expression": "[Circular Reference]",
            "direct_relationship_only": true,
            "node_type_grouping_constraint": {
              "node_types": [
                "text"
              ],
              "constraint_type": 1
            },
            "properties_to_get": [
              "text"
            ],
            "tags_to_get": [
              {
                "type": 1,
                "key": "text"
              }
            ],
            "integration_types": [
              "text"
            ]
          }
        ],
        "nodes_operator": 1
      },
      "access_filter": {
        "engagement_score": {
          "op": 1,
          "value": 1
        },
        "over_provisioned_score": {
          "op": 1,
          "value": 1
        },
        "include_secondary_grantee": true,
        "include_indirect_resource": true,
        "exclude_indirect_grantee": true,
        "anomaly_detection_history_days": "text",
        "last_used": {
          "op": 1,
          "value": "2025-05-09T04:34:15.223Z",
          "target": 1
        }
      },
      "created_by": "text",
      "visibility": 1,
      "owners": [
        "text"
      ],
      "node_relationship_type": 1,
      "integration_types": [
        "text"
      ],
      "labels": [
        "text"
      ],
      "created_at": "2025-05-09T04:34:15.223Z",
      "updated_at": "2025-05-09T04:34:15.223Z",
      "source_type": "text",
      "destination_types": [
        "text"
      ],
      "relates_to_exp": {
        "specs": [
          "[Circular Reference]"
        ],
        "child_expressions": [
          "[Circular Reference]"
        ],
        "operator": 1,
        "not": true,
        "and_op_type": 1
      },
      "all_entity_condition": {
        "specs": [
          {
            "fn": 1,
            "property": "text",
            "value": null,
            "not": true,
            "value_property_name": "text",
            "value_property_from_other_node": true
          }
        ],
        "tag_specs": [
          {
            "tag": {
              "type": "text",
              "key": "text",
              "value": "text",
              "properties": {
                "ANY_ADDITIONAL_PROPERTY": null
              }
            },
            "exclude": true
          }
        ],
        "child_expressions": [
          {
            "specs": [
              {
                "fn": 1,
                "property": "text",
                "value": null,
                "not": true,
                "value_property_name": "text",
                "value_property_from_other_node": true
              }
            ],
            "tag_specs": [
              {
                "tag": {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                },
                "exclude": true
              }
            ],
            "child_expressions": "[Circular Reference]",
            "operator": 1,
            "not": true
          }
        ],
        "operator": 1,
        "not": true
      },
      "path_summary_node_types": {
        "nodes": [
          {
            "node_type": "text",
            "condition_expression": "[Circular Reference]",
            "node_id": "text",
            "count_condition_expression": "[Circular Reference]",
            "direct_relationship_only": true,
            "node_type_grouping_constraint": {
              "node_types": [
                "text"
              ],
              "constraint_type": 1
            },
            "properties_to_get": [
              "text"
            ],
            "tags_to_get": [
              {
                "type": 1,
                "key": "text"
              }
            ],
            "integration_types": [
              "text"
            ]
          }
        ],
        "nodes_operator": 1
      },
      "path_summary_count_conditions": {
        "conditions": [
          {
            "fn": 1,
            "value": "text",
            "value_as": 1
          }
        ]
      },
      "risk_level": 1,
      "risk_suppressed_constraints": {
        "nodes": [
          "[Circular Reference]"
        ]
      },
      "analysis_type": 1,
      "result": 1,
      "result_evaluated_at": "2025-05-09T04:34:15.223Z",
      "result_evaluated": true,
      "risk_explanation": "text",
      "risk_remediation": "text",
      "updated_by": "text",
      "natural_language": "text",
      "result_enrichment": {
        "join_node_specs": [
          {
            "with": "text",
            "node_spec": "[Circular Reference]",
            "as": "text"
          }
        ],
        "outlier_detection": {
          "type": 1
        }
      },
      "change_source": 1,
      "uneditable": true,
      "approx_total_source_nodes_count": "text",
      "include_sub_permissions": true,
      "save_mode": 1,
      "vql_query": "text",
      "source_type_integration": "text"
    }
  ],
  "next_page_token": "text",
  "has_more": true
}