Search Reports¶

GET /1.3/reports/search

or

POST /1.3/reports/search

Warning

Returns a maximum of 10,000 results per request. Time ranges are limited to 1 year maximum. To query ranges of size larger than 1 year, break the query into multiple calls.

Description¶

Searches for all reports that contain the given search term. Also allows filtering by date, enclave, and tags. Results are ordered by updated time, descending.

Note that this endpoint can also be used to browse through reports, without applying a search term.

Parameters¶

Note: Only the searchTerm can be given either as a query string parameter (e.g. GET /reports/search?searchTerm="abc") or in the JSON body of a POST request (e.g. POST /reports/search {"searchTerm": "abc"}). Other parameters should be passed as query string parameter.

Parameter	Required	Default	Description
searchTerm	X		The term to search for. If empty, no search term will be applied, and all indicators matching the other filters will be returned. Otherwise, must be at least 3 characters in length.
enclaveIds		All enclaves the user has `READ` access to	comma-separated list of enclave ids; only reports from these enclaves will be returned
from		1 day ago	start of time window (Unix timestamp - milliseconds since epoch). Values more than 1 year before `to` will be truncated to reduce the time range to a max size of 1 year.
to		current time	end of time window (Unix timestamp - milliseconds since epoch)
tags			a list of names of tags to filter by; only reports containing ALL of these tags will be returned
excludedTags			reports containing ANY of these tags will be excluded from the results.
pageNumber		`0`	which page of the result set to get
pageSize		`25`	The number of results per page. Max allowed size is 100.

Response (200)¶

A page of Report objects. Note that the body will be null.

Example Usage¶

Request¶

curl -k -H "Authorization: Bearer {access_token}" \
   "https://api.trustar.co/api/1.3/reports/search?searchTerm=wannacry"

Response¶

{
    "items": [
        {
            "id": "00618551-1924-431d-8e05-ca8eeeec2dcb",
            "created": 1517561071043,
            "updated": 1517561080713,
            "title": "Hit by malware",
            "distributionType": "ENCLAVE",
            "timeBegan": 1517561071028,
            "reportBody": null,
            "enclaveIds": [
                "012858f0-264b-11e8-b467-0ed5f89f718b"
            ]
        },
        {
            "id": "a9e5ebd9-26c4-4683-b75c-e3976f33f206",
            "created": 1517559481323,
            "updated": 1517559481425,
            "title": "Do we have WANNACRY?",
            "distributionType": "ENCLAVE",
            "timeBegan": 1517559477175,
            "reportBody": null,
            "enclaveIds": [
                "012858f0-264b-11e8-b467-0ed5f89f718b"
            ]
        }
    ],
    "hasNext": false,
    "pageSize": 25,
    "pageNumber": 0
}