Example searches for understanding fundamental VQL concepts and options.
SHOW S3Bucket;SHOW AwsIamUser
WHERE is_active = true
RELATED TO S3Bucket;SHOW AwsIamUser
RELATED TO S3Bucket
RESULT INCLUDE DESTINATION NODES;SHOW S3Bucket;SHOW S3Bucket { created_at, block_public_access_enabled };SHOW AwsIamUser
RELATED TO S3Bucket;SHOW S3Bucket
RELATED TO AwsIamUser;SHOW AwsIamUser
RELATED TO S3Bucket
WHERE block_public_acls != true OR object_lock_enabled = true;SHOW AwsIamUser
RELATED TO S3Bucket
WITH PATH AwsIamRole;SHOW AwsIamUser
RELATED TO S3Bucket
NOT WITH PATH AwsIamGroup;SHOW AwsIamUser
RELATED TO S3Bucket
WITH PATH AwsIamRole
RESULT INCLUDE DESTINATION NODES;SHOW AwsIamUser
RELATED TO S3Bucket
WITH PATH AwsIamRole
RESULT INCLUDE PATH SUMMARY;SHOW AwsIamUser
RELATED TO S3Bucket
HAVING entity_result_count > 10;SHOW AwsIamUser
RELATED TO S3Bucket
HAVING percentage_of_total_count > 20;SHOW AwsIamRole
RELATED TO S3Bucket
WITH QUERY OPTIONS (over_provisioned_score < 85);SHOW AwsIamUser
RELATED TO S3Bucket
LIMIT 50;SHOW AwsIamUser
RELATED TO S3Bucket
AFTER CURSOR 'elcl9uYW1lIjoicjJkMiJ9fQ=='
LIMIT 50;Reference documentation for Veza Query Language.
SHOW [NodeSpec] -- Specifies the source node type
[ [NOT] RELATED TO [NodeSpec]] -- Filters results by related node type
[WITH | NOT WITH] PATH [NodeSpec] -- Filters on intermediate nodes
[WHERE (filter expressions)]
[RESULT INCLUDE [DESTINATION NODES | DESTINATION NODE COUNT | PATH SUMMARY]]
[HAVING [entity_result_count (condition) | percentage_of_total_count (condition)]]
[WITH QUERY OPTIONS (options)]
[AFTER CURSOR 'cursor_token'] -- For pagination, use cursor token from previous results
[LIMIT <number>]; -- Limit number of results returned[NodeType] [{ attribute1, attribute2, ... }] [WHERE (<attribute_name> <operator> <value> [AND|OR] ...)]SHOW AwsIamUserSHOW AwsIamUser { created_at, is_active, full_admin }SHOW AwsIamUser WHERE is_active = trueSHOW AwsIamUser { created_at, email } WHERE is_active = true AND risk_score > 70SHOW OktaUser { email, last_login_at, department }
WHERE last_login_at >= CURRENT_DATE - 30
RELATED TO S3Bucket
WHERE block_public_acls = false
WITH PATH OktaGroup
WITH QUERY OPTIONS ( over_provisioned_score > 85 )SHOW AwsIamUser
RELATED TO S3Bucket
WITH SYSTEM PERMISSIONS = ANY ('s3:CreateBucket');SHOW AwsIamRole
RELATED TO S3Bucket
WHERE is_active = false
WITH EFFECTIVE PERMISSIONS = ALL ('METADATA_READ', 'METADATA_WRITE');SHOW OktaUser
RELATED TO SnowflakeTable
WITH PATH SnowflakeUser;SHOW OktaUser
RELATED TO SnowflakeTable
NOT WITH PATH OktaGroup;SHOW AwsIamUser
WHERE is_active = true AND risk_score > 70;SHOW AwsIamUser
RELATED TO S3Bucket
LIMIT 50;SHOW AwsIamUser
RELATED TO S3Bucket
AFTER CURSOR 'elcl9uYW1lIjoicjJkMiJ9fQ=='
LIMIT 50;SHOW AwsIamUser
RELATED TO S3Bucket
RESULT INCLUDE DESTINATION NODES;RELATED TO clause.CONTAINSREGEX-- Basic entity query
SHOW <entity_type>;
-- Query with filters
SHOW <entity_type>
WHERE <property>[operator]<value>;
-- Relationship query
SHOW <entity_type>
RELATED TO <entity_type>;
-- Complex query with multiple conditions
SHOW <entity_type>
WHERE <condition1> AND <condition2>
RELATED TO <entity_type>
WITH PATH <entity_type>
RESULT INCLUDE DESTINATION NODES;
HAVING entity_result_count > 10;SHOW S3Bucket;SHOW AwsIamUser
WHERE is_active = true
RELATED TO S3Bucket
RESULT INCLUDE DESTINATION NODES;SHOW [SourceNodeSpec]
[ [NOT] RELATED TO [DestinationNodeSpec]]
[WHERE (filter conditions)]
[WITH | NOT WITH] PATH [IntermediateNodeSpec]
HAVING [ ENTITY_RESULT_COUNT | PERCENTAGE_OF_TOTAL_COUNT] [>|>=<|<=|!=] <numeric_value> ]
[RESULT INCLUDE [DESTINATION NODES | DESTINATION NODE COUNT | PATH SUMMARY]]
[WITH QUERY OPTIONS (options)];SHOW S3Bucket;SHOW AwsIamUser
RELATED TO S3Bucket;SHOW OktaUser
WHERE is_active = true AND department = 'Engineering';SHOW AwsIamUser
RELATED TO S3Bucket
RESULT INCLUDE DESTINATION NODES;SHOW AwsIamUser
RELATED TO S3Bucket
WITH PATH AwsIamRole;SHOW AwsIamUser
RELATED TO S3Bucket
NOT WITH PATH AwsIamRole;SHOW AwsIamRole
RELATED TO S3Bucket
WITH query options (over_provisioned_score > 85);SHOW AwsIamUser
RELATED TO S3Bucket
HAVING entity_result_count > 10;SHOW OktaUser
WHERE last_login_at >= CURRENT_DATE - 30;POST /api/v1/assessments/vql:nodes
{
"query": "SHOW OktaUser WHERE is_active = true RELATED TO S3Bucket RESULT INCLUDE DESTINATION NODES LIMIT 50;"
}{
"values": [],
"path_values": [
{
"source": {
"id": "00u5pqrs7xyP9uvw30z9",
"type": "OktaUser",
"properties": {
"activated_at": "2023-06-12T15:21:34Z",
"created_at": "2023-04-20T04:30:37Z",
"credentials_provider_name": "OKTA",
"credentials_provider_type": "OKTA",
"datasource_id": "example.oktapreview.com",
"email": "[email protected]",
"first_name": "John",
"identity_type": "HUMAN",
"idp_unique_id": "[email protected]",
"is_active": true,
"last_login_at": "2024-08-02T05:52:42Z",
"last_name": "Smith",
"login": "[email protected]",
"mfa_active": true,
"mfa_factors": [
"question"
],
"name": "[email protected]",
"okta_user_type_id": "otyf8xyz92hv7mnP60j9",
"owners": "[{\"entity_id\":\"00ukmnop51qR3s4TU6e8\",\"entity_type\":\"OktaUser\",\"entity_name\":\"Maria Rodriguez\"}]",
"password_exists": true,
"password_last_set": "2024-08-02T05:52:42Z",
"provider_id": "example.oktapreview.com",
"recovery_question_exists": true,
"risk_score": 100,
"status": "ACTIVE",
"status_updated_at": "2024-08-02T05:52:42Z",
"updated_at": "2025-01-16T05:53:38Z"
},
"risk_level": "CRITICAL"
},
"abstract_permissions": [
"MetadataRead"
],
"concrete_permissions": [
"s3:ListBucket"
],
"destination": {
"id": "arn:aws:s3:::aws-cloudtrail-logs-123456789012-abcdef12",
"type": "S3Bucket",
"properties": {
"allows_acls": false,
"aws_account_id": "123456789012",
"aws_account_name": "",
"block_public_access_enabled": true,
"block_public_acls": true,
"block_public_policy": true,
"created_at": "2024-05-04T04:50:42Z",
"datasource_id": "123456789012:s3",
"default_encryption_enabled": true,
"default_retention_mode": "DISABLED",
"hosts_website": false,
"ignore_public_acls": true,
"name": "aws-cloudtrail-logs-123456789012-abcdef12",
"object_lock_enabled": false,
"object_ownership_controls": "BucketOwnerEnforced",
"provider_id": "123456789012",
"region": "us-east-1",
"replication_rules_count": 0,
"request_payer": "BucketOwner",
"restrict_public_buckets": true,
"risk_score": 27,
"server_access_logs_enabled": false
},
"risk_level": "LOW"
}
}
],
"next_page_token": "",
"has_more": false
}{
"query_type": "SOURCE_TO_DESTINATION",
"source_node_types": {
"nodes": [
{
"node_type": "AwsIamUser",
"condition_expression": {
"specs": [
{
"fn": "EQ",
"property": "is_active",
"value": true
}
]
}
}
]
},
"destination_node_types": {
"nodes": [
{
"node_type": "S3Bucket"
}
]
}
}SHOW AwsIamUser WHERE is_active = true RELATED_TO S3BucketPOST /api/v1/assessments/vql:nodes
{
"query": "SHOW OktaUser WHERE is_active = true RELATED TO S3Bucket RESULT INCLUDE DESTINATION NODES LIMIT 50;"
}{
"path_values": [
{
"source": {
"id": "00u5pqrs7xyP9uvw30z9",
"type": "OktaUser",
"properties": {
"email": "[email protected]",
"name": "[email protected]",
"first_name": "John",
"last_name": "Smith",
"is_active": true,
"identity_type": "HUMAN"
},
"risk_level": "CRITICAL"
},
"abstract_permissions": [
"MetadataRead"
],
"concrete_permissions": [
"s3:ListBucket"
],
"destination": {
"id": "arn:aws:s3:::aws-cloudtrail-logs-123456789012-abcdef12",
"type": "S3Bucket",
"properties": {
"name": "aws-cloudtrail-logs-123456789012-abcdef12",
"region": "us-east-1",
"block_public_access_enabled": true
},
"risk_level": "LOW"
}
}
],
"cursor": "eyJsaW1pdCI6NTAsInN0YXJ0IjpbInNlcV9pZP...",
"has_more": true
}{
"query": "SHOW SnowflakeUser RELATED TO SnowflakeTable WITH EFFECTIVE PERMISSIONS = ANY ('DATA_DELETE') LIMIT 50;"
}{
"query": "SHOW SnowflakeUser RELATED TO SnowflakeTable WITH EFFECTIVE PERMISSIONS = ANY ('DATA_DELETE') AFTER CURSOR 'elcl9uYW1lIjoicjJkMiJ9fQ==' LIMIT 50;"
}Veza API key for authentication. Generate keys in Administration > API Keys.
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
The token specifying the specific page of results to retrieve.
OK
Default error response
Returns results as source nodes with optional destination entities and paths.
Veza API key for authentication. Generate keys in Administration > API Keys.
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
The token specifying the specific page of results to retrieve.
OK
Default error response
{
"result_type": "text",
"number_value": "text",
"timestamp_value": "text",
"nodes_value": {
"values": [
{
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-02-03T18:28:38.155Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-02-03T18:28:38.155Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"permissions": "[Circular Reference]",
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-02-03T18:28:38.155Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-02-03T18:28:38.155Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": "[Circular Reference]",
"additional_spec_properties": {}
}
},
"additional_spec_properties": {}
}
],
"next_page_token": "text",
"has_more": true
},
"result_statistics": {
"max_destination_node_count": "text",
"min_destination_node_count": "text",
"avg_destination_node_count": 1
},
"approx_total_source_nodes_count": "text"
}{
"values": [
{
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-02-03T18:28:38.155Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-02-03T18:28:38.155Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-02-03T18:28:38.155Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-02-03T18:28:38.155Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": "[Circular Reference]"
},
"additional_spec_properties": {}
}
},
"additional_spec_properties": {}
}
],
"path_values": [
{
"source": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-02-03T18:28:38.155Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-02-03T18:28:38.155Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-02-03T18:28:38.155Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-02-03T18:28:38.155Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": "[Circular Reference]"
},
"additional_spec_properties": {}
}
},
"additional_spec_properties": {}
},
"abstract_permissions": [
"text"
],
"concrete_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-02-03T18:28:38.155Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-02-03T18:28:38.155Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-02-03T18:28:38.155Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-02-03T18:28:38.155Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": "[Circular Reference]"
},
"additional_spec_properties": {}
}
},
"additional_spec_properties": {}
},
"path_summary_nodes": [
{
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-02-03T18:28:38.155Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-02-03T18:28:38.155Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-02-03T18:28:38.155Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-02-03T18:28:38.155Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": "[Circular Reference]"
},
"additional_spec_properties": {}
}
},
"additional_spec_properties": {}
}
],
"results_truncated": true,
"filtered_concrete_permissions": [
"text"
],
"corresponding_abstract_permissions": [
"text"
],
"filtered_concrete_permission_groups": [
{
"permissions": [
"text"
]
}
],
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-02-03T18:28:38.155Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-02-03T18:28:38.155Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-02-03T18:28:38.155Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-02-03T18:28:38.155Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": "[Circular Reference]"
},
"additional_spec_properties": {}
}
},
"additional_spec_properties": {}
}
},
"additional_path_properties": {
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"waypoint": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-02-03T18:28:38.155Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-02-03T18:28:38.155Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2026-02-03T18:28:38.155Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2026-02-03T18:28:38.155Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2026-02-03T18:28:38.155Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text",
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": "[Circular Reference]"
},
"additional_spec_properties": {}
}
},
"additional_spec_properties": {}
},
"additional_spec_properties": {}
}
],
"approx_total_source_nodes_count": "text",
"next_page_token": "text",
"has_more": true
}POST /api/v1/assessments/vql:result HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 16
{
"query": "text"
}POST /api/v1/assessments/vql:nodes HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 16
{
"query": "text"
}