Search Reports

GET /1.3/reports/search


POST /1.3/reports/search


Returns a maximum of 10,000 results per request. Time ranges are limited to 1 year maximum. To query ranges of size larger than 1 year, break the query into multiple calls.


Searches for all reports that contain the given search term. Also allows filtering by date, enclave, and tags. Results are ordered by updated time, descending.

Note that this endpoint can also be used to browse through reports, without applying a search term.


Note: Only the searchTerm can be given either as a query string parameter (e.g. GET /reports/search?searchTerm="abc") or in the JSON body of a POST request (e.g. POST /reports/search {"searchTerm": "abc"}). Other parameters should be passed as query string parameter.

Parameter Required Default Description
searchTerm X   The term to search for. If empty, no search term will be applied, and all indicators matching the other filters will be returned. Otherwise, must be at least 3 characters in length.
enclaveIds   All enclaves the user has READ access to comma-separated list of enclave ids; only reports from these enclaves will be returned
from   1 day ago start of time window (Unix timestamp - milliseconds since epoch). Values more than 1 year before to will be truncated to reduce the time range to a max size of 1 year.
to   current time end of time window (Unix timestamp - milliseconds since epoch)
tags     a list of names of tags to filter by; only reports containing ALL of these tags will be returned
excludedTags     reports containing ANY of these tags will be excluded from the results.
pageNumber   0 which page of the result set to get
pageSize   25 The number of results per page. Max allowed size is 100.

Response (200)

A page of Report objects. Note that the body will be null.

Example Usage


curl -k -H "Authorization: Bearer {access_token}" \


    "items": [
            "id": "00618551-1924-431d-8e05-ca8eeeec2dcb",
            "created": 1517561071043,
            "updated": 1517561080713,
            "title": "Hit by malware",
            "distributionType": "ENCLAVE",
            "timeBegan": 1517561071028,
            "reportBody": null,
            "enclaveIds": [
            "id": "a9e5ebd9-26c4-4683-b75c-e3976f33f206",
            "created": 1517559481323,
            "updated": 1517559481425,
            "title": "Do we have WANNACRY?",
            "distributionType": "ENCLAVE",
            "timeBegan": 1517559477175,
            "reportBody": null,
            "enclaveIds": [
    "hasNext": false,
    "pageSize": 25,
    "pageNumber": 0