VQL API

API documentation for executing VQL queries through the Assessment Query API.

PreviousSyntax NextAccess Intelligence

Last updated 23 days ago

Was this helpful?

Retrieves the result count for the given VQL query.

post

Authorizations

Body

querystringOptional

page_sizestringOptionalDeprecated

The maximum number of results to be returned. Fewer results may be returned even when more pages exist.

page_tokenstringOptionalDeprecated

The token specifying the specific page of results to retrieve.

Responses

post

POST /api/v1/assessments/vql:result HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 16

{
  "query": "text"
}

{
  "result_type": "text",
  "number_value": "text",
  "timestamp_value": "text",
  "nodes_value": {
    "values": [
      {
        "id": "text",
        "type": "text",
        "properties": {},
        "destination_node_count": 1,
        "engagement_access_stats": {
          "engagement_score": 1,
          "over_provisioned_score": 1,
          "total_count": "text",
          "accessed_count": "text"
        },
        "access_stats": {
          "last_used": "2025-04-26T09:49:39.425Z",
          "count": 1,
          "concrete_permissions": [
            "text"
          ],
          "canonical_permissions": [
            "text"
          ]
        },
        "risk_level": 1,
        "raw_permissions": [
          "text"
        ],
        "effective_permissions": [
          "text"
        ],
        "destination_node_percentage_of_total": 1,
        "tags": [
          {
            "type": "text",
            "key": "text",
            "value": "text",
            "properties": {
              "ANY_ADDITIONAL_PROPERTY": null
            }
          }
        ],
        "specified_tags": [
          {
            "type": "text",
            "key": "text",
            "value": "text",
            "properties": {
              "ANY_ADDITIONAL_PROPERTY": null
            }
          }
        ],
        "filtered_raw_permissions": [
          "text"
        ],
        "corresponding_effective_permissions": [
          "text"
        ],
        "single_entity_access_stats": {
          "last_used": "2025-04-26T09:49:39.425Z",
          "last_used_with_events_for": [
            {
              "name": "text",
              "last_used": "2025-04-26T09:49:39.425Z"
            }
          ]
        },
        "additional_node_properties": {
          "role_substitution_recommended_role": "text",
          "role_substitution_reason_for_high_priv_role": "text",
          "role_substitution_error": "text",
          "default_cohort_role_users_in_cohort": [
            "text"
          ],
          "default_cohort_role": "text",
          "default_cohort_role_all_common_roles": [
            "text"
          ],
          "default_cohort_role_error": "text",
          "login_anomaly_detection_stats": [
            {
              "time": "2025-04-26T09:49:39.425Z",
              "login_count": "text",
              "median_login_count": 1,
              "outlier_prediction": 1
            }
          ],
          "outlier_prediction": {
            "prediction": 1,
            "score": 1,
            "contributing_features": [
              {
                "name": "text",
                "value": 1,
                "explanation": "text"
              }
            ]
          }
        },
        "integration_type": "text"
      }
    ],
    "next_page_token": "text",
    "has_more": true
  },
  "result_statistics": {
    "max_destination_node_count": "text",
    "min_destination_node_count": "text",
    "avg_destination_node_count": 1
  },
  "approx_total_source_nodes_count": "text"
}

Retrieves the result nodes for the given VQL query.

post

Returns results as source nodes with optional destination entities and paths.

Authorizations

Body

querystringOptional

page_sizestringOptionalDeprecated

The maximum number of results to be returned. Fewer results may be returned even when more pages exist.

page_tokenstringOptionalDeprecated

The token specifying the specific page of results to retrieve.

Responses

post

POST /api/v1/assessments/vql:nodes HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 16

{
  "query": "text"
}

{
  "values": [
    {
      "id": "text",
      "type": "text",
      "properties": {},
      "destination_node_count": 1,
      "engagement_access_stats": {
        "engagement_score": 1,
        "over_provisioned_score": 1,
        "total_count": "text",
        "accessed_count": "text"
      },
      "access_stats": {
        "last_used": "2025-04-26T09:49:39.425Z",
        "count": 1,
        "concrete_permissions": [
          "text"
        ],
        "canonical_permissions": [
          "text"
        ]
      },
      "risk_level": 1,
      "raw_permissions": [
        "text"
      ],
      "effective_permissions": [
        "text"
      ],
      "destination_node_percentage_of_total": 1,
      "tags": [
        {
          "type": "text",
          "key": "text",
          "value": "text",
          "properties": {
            "ANY_ADDITIONAL_PROPERTY": null
          }
        }
      ],
      "specified_tags": [
        {
          "type": "text",
          "key": "text",
          "value": "text",
          "properties": {
            "ANY_ADDITIONAL_PROPERTY": null
          }
        }
      ],
      "filtered_raw_permissions": [
        "text"
      ],
      "corresponding_effective_permissions": [
        "text"
      ],
      "single_entity_access_stats": {
        "last_used": "2025-04-26T09:49:39.425Z",
        "last_used_with_events_for": [
          {
            "name": "text",
            "last_used": "2025-04-26T09:49:39.425Z"
          }
        ]
      },
      "additional_node_properties": {
        "role_substitution_recommended_role": "text",
        "role_substitution_reason_for_high_priv_role": "text",
        "role_substitution_error": "text",
        "default_cohort_role_users_in_cohort": [
          "text"
        ],
        "default_cohort_role": "text",
        "default_cohort_role_all_common_roles": [
          "text"
        ],
        "default_cohort_role_error": "text",
        "login_anomaly_detection_stats": [
          {
            "time": "2025-04-26T09:49:39.425Z",
            "login_count": "text",
            "median_login_count": 1,
            "outlier_prediction": 1
          }
        ],
        "outlier_prediction": {
          "prediction": 1,
          "score": 1,
          "contributing_features": [
            {
              "name": "text",
              "value": 1,
              "explanation": "text"
            }
          ]
        }
      },
      "integration_type": "text"
    }
  ],
  "path_values": [
    {
      "source": {
        "id": "text",
        "type": "text",
        "properties": {},
        "destination_node_count": 1,
        "engagement_access_stats": {
          "engagement_score": 1,
          "over_provisioned_score": 1,
          "total_count": "text",
          "accessed_count": "text"
        },
        "access_stats": {
          "last_used": "2025-04-26T09:49:39.425Z",
          "count": 1,
          "concrete_permissions": [
            "text"
          ],
          "canonical_permissions": [
            "text"
          ]
        },
        "risk_level": 1,
        "raw_permissions": [
          "text"
        ],
        "effective_permissions": [
          "text"
        ],
        "destination_node_percentage_of_total": 1,
        "tags": [
          {
            "type": "text",
            "key": "text",
            "value": "text",
            "properties": {
              "ANY_ADDITIONAL_PROPERTY": null
            }
          }
        ],
        "specified_tags": [
          {
            "type": "text",
            "key": "text",
            "value": "text",
            "properties": {
              "ANY_ADDITIONAL_PROPERTY": null
            }
          }
        ],
        "filtered_raw_permissions": [
          "text"
        ],
        "corresponding_effective_permissions": [
          "text"
        ],
        "single_entity_access_stats": {
          "last_used": "2025-04-26T09:49:39.425Z",
          "last_used_with_events_for": [
            {
              "name": "text",
              "last_used": "2025-04-26T09:49:39.425Z"
            }
          ]
        },
        "additional_node_properties": {
          "role_substitution_recommended_role": "text",
          "role_substitution_reason_for_high_priv_role": "text",
          "role_substitution_error": "text",
          "default_cohort_role_users_in_cohort": [
            "text"
          ],
          "default_cohort_role": "text",
          "default_cohort_role_all_common_roles": [
            "text"
          ],
          "default_cohort_role_error": "text",
          "login_anomaly_detection_stats": [
            {
              "time": "2025-04-26T09:49:39.425Z",
              "login_count": "text",
              "median_login_count": 1,
              "outlier_prediction": 1
            }
          ],
          "outlier_prediction": {
            "prediction": 1,
            "score": 1,
            "contributing_features": [
              {
                "name": "text",
                "value": 1,
                "explanation": "text"
              }
            ]
          }
        },
        "integration_type": "text"
      },
      "abstract_permissions": [
        "text"
      ],
      "concrete_permissions": [
        "text"
      ],
      "destination": {
        "id": "text",
        "type": "text",
        "properties": {},
        "destination_node_count": 1,
        "engagement_access_stats": {
          "engagement_score": 1,
          "over_provisioned_score": 1,
          "total_count": "text",
          "accessed_count": "text"
        },
        "access_stats": {
          "last_used": "2025-04-26T09:49:39.425Z",
          "count": 1,
          "concrete_permissions": [
            "text"
          ],
          "canonical_permissions": [
            "text"
          ]
        },
        "risk_level": 1,
        "raw_permissions": [
          "text"
        ],
        "effective_permissions": [
          "text"
        ],
        "destination_node_percentage_of_total": 1,
        "tags": [
          {
            "type": "text",
            "key": "text",
            "value": "text",
            "properties": {
              "ANY_ADDITIONAL_PROPERTY": null
            }
          }
        ],
        "specified_tags": [
          {
            "type": "text",
            "key": "text",
            "value": "text",
            "properties": {
              "ANY_ADDITIONAL_PROPERTY": null
            }
          }
        ],
        "filtered_raw_permissions": [
          "text"
        ],
        "corresponding_effective_permissions": [
          "text"
        ],
        "single_entity_access_stats": {
          "last_used": "2025-04-26T09:49:39.425Z",
          "last_used_with_events_for": [
            {
              "name": "text",
              "last_used": "2025-04-26T09:49:39.425Z"
            }
          ]
        },
        "additional_node_properties": {
          "role_substitution_recommended_role": "text",
          "role_substitution_reason_for_high_priv_role": "text",
          "role_substitution_error": "text",
          "default_cohort_role_users_in_cohort": [
            "text"
          ],
          "default_cohort_role": "text",
          "default_cohort_role_all_common_roles": [
            "text"
          ],
          "default_cohort_role_error": "text",
          "login_anomaly_detection_stats": [
            {
              "time": "2025-04-26T09:49:39.425Z",
              "login_count": "text",
              "median_login_count": 1,
              "outlier_prediction": 1
            }
          ],
          "outlier_prediction": {
            "prediction": 1,
            "score": 1,
            "contributing_features": [
              {
                "name": "text",
                "value": 1,
                "explanation": "text"
              }
            ]
          }
        },
        "integration_type": "text"
      },
      "path_summary_nodes": [
        {
          "id": "text",
          "type": "text",
          "properties": {},
          "destination_node_count": 1,
          "engagement_access_stats": {
            "engagement_score": 1,
            "over_provisioned_score": 1,
            "total_count": "text",
            "accessed_count": "text"
          },
          "access_stats": {
            "last_used": "2025-04-26T09:49:39.425Z",
            "count": 1,
            "concrete_permissions": [
              "text"
            ],
            "canonical_permissions": [
              "text"
            ]
          },
          "risk_level": 1,
          "raw_permissions": [
            "text"
          ],
          "effective_permissions": [
            "text"
          ],
          "destination_node_percentage_of_total": 1,
          "tags": [
            {
              "type": "text",
              "key": "text",
              "value": "text",
              "properties": {
                "ANY_ADDITIONAL_PROPERTY": null
              }
            }
          ],
          "specified_tags": [
            {
              "type": "text",
              "key": "text",
              "value": "text",
              "properties": {
                "ANY_ADDITIONAL_PROPERTY": null
              }
            }
          ],
          "filtered_raw_permissions": [
            "text"
          ],
          "corresponding_effective_permissions": [
            "text"
          ],
          "single_entity_access_stats": {
            "last_used": "2025-04-26T09:49:39.425Z",
            "last_used_with_events_for": [
              {
                "name": "text",
                "last_used": "2025-04-26T09:49:39.425Z"
              }
            ]
          },
          "additional_node_properties": {
            "role_substitution_recommended_role": "text",
            "role_substitution_reason_for_high_priv_role": "text",
            "role_substitution_error": "text",
            "default_cohort_role_users_in_cohort": [
              "text"
            ],
            "default_cohort_role": "text",
            "default_cohort_role_all_common_roles": [
              "text"
            ],
            "default_cohort_role_error": "text",
            "login_anomaly_detection_stats": [
              {
                "time": "2025-04-26T09:49:39.425Z",
                "login_count": "text",
                "median_login_count": 1,
                "outlier_prediction": 1
              }
            ],
            "outlier_prediction": {
              "prediction": 1,
              "score": 1,
              "contributing_features": [
                {
                  "name": "text",
                  "value": 1,
                  "explanation": "text"
                }
              ]
            }
          },
          "integration_type": "text"
        }
      ],
      "results_truncated": true,
      "filtered_concrete_permissions": [
        "text"
      ],
      "corresponding_abstract_permissions": [
        "text"
      ],
      "filtered_concrete_permission_groups": [
        {
          "permissions": [
            "text"
          ]
        }
      ],
      "joined_nodes": {
        "ANY_ADDITIONAL_PROPERTY": {
          "id": "text",
          "type": "text",
          "properties": {},
          "destination_node_count": 1,
          "engagement_access_stats": {
            "engagement_score": 1,
            "over_provisioned_score": 1,
            "total_count": "text",
            "accessed_count": "text"
          },
          "access_stats": {
            "last_used": "2025-04-26T09:49:39.425Z",
            "count": 1,
            "concrete_permissions": [
              "text"
            ],
            "canonical_permissions": [
              "text"
            ]
          },
          "risk_level": 1,
          "raw_permissions": [
            "text"
          ],
          "effective_permissions": [
            "text"
          ],
          "destination_node_percentage_of_total": 1,
          "tags": [
            {
              "type": "text",
              "key": "text",
              "value": "text",
              "properties": {
                "ANY_ADDITIONAL_PROPERTY": null
              }
            }
          ],
          "specified_tags": [
            {
              "type": "text",
              "key": "text",
              "value": "text",
              "properties": {
                "ANY_ADDITIONAL_PROPERTY": null
              }
            }
          ],
          "filtered_raw_permissions": [
            "text"
          ],
          "corresponding_effective_permissions": [
            "text"
          ],
          "single_entity_access_stats": {
            "last_used": "2025-04-26T09:49:39.425Z",
            "last_used_with_events_for": [
              {
                "name": "text",
                "last_used": "2025-04-26T09:49:39.425Z"
              }
            ]
          },
          "additional_node_properties": {
            "role_substitution_recommended_role": "text",
            "role_substitution_reason_for_high_priv_role": "text",
            "role_substitution_error": "text",
            "default_cohort_role_users_in_cohort": [
              "text"
            ],
            "default_cohort_role": "text",
            "default_cohort_role_all_common_roles": [
              "text"
            ],
            "default_cohort_role_error": "text",
            "login_anomaly_detection_stats": [
              {
                "time": "2025-04-26T09:49:39.425Z",
                "login_count": "text",
                "median_login_count": 1,
                "outlier_prediction": 1
              }
            ],
            "outlier_prediction": {
              "prediction": 1,
              "score": 1,
              "contributing_features": [
                {
                  "name": "text",
                  "value": 1,
                  "explanation": "text"
                }
              ]
            }
          },
          "integration_type": "text"
        }
      },
      "additional_path_properties": {
        "outlier_prediction": {
          "prediction": 1,
          "score": 1,
          "contributing_features": [
            {
              "name": "text",
              "value": 1,
              "explanation": "text"
            }
          ]
        }
      }
    }
  ],
  "approx_total_source_nodes_count": "text",
  "next_page_token": "text",
  "has_more": true
}

VQL API

VQL API

Overview

VQL vs. Traditional Approaches

Example Comparison

Requirements

API Endpoints

Get Query Results (Count)

Get Query Results (Nodes)

Example Request

Understanding the API Response

Overview

VQL vs. Traditional Approaches

Example Comparison

Requirements

API Endpoints

Get Query Results (Count)

Get Query Results (Nodes)

Example Request

Understanding the API Response

Retrieves the result count for the given VQL query.

Retrieves the result nodes for the given VQL query.

Overview

VQL vs. Traditional Approaches

Example Comparison

Requirements

API Endpoints

Get Query Results (Count)

Get Query Results (Nodes)

Example Request

Understanding the API Response

Pagination

Related Documentation

Overview

VQL vs. Traditional Approaches

Example Comparison

Requirements

API Endpoints

Get Query Results (Count)

Get Query Results (Nodes)

Example Request

Understanding the API Response

Pagination

Related Documentation

Retrieves the result count for the given VQL query.

Retrieves the result nodes for the given VQL query.