Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Cylance User API guide
  4. InstaQuery API
  5. Get InstaQuery

Get InstaQuery

Request a specific InstaQuery resource belonging to a tenant.
Service endpoint
/instaqueries/v2{queryID}
Optional query string parameters
Example
https://protectapi.cylance.com/instaqueries/v2/AF593F38EDC1B743BDC0A6FCC53A03CE
Method
HTTP/1.1 GET
Request headers
  • Accept: application/json
  • Authorization: Bearer
    JWT Token returned by Auth API
     with the opticssurvey:read scope encoded

Request

None

Response

Please see the Response status codes for more information.

Response JSON schema

Field Name
Description
name
This is the name of the InstaQuery.
description
This is the description of the InstaQuery.
artifact
This is the type of artifact to search. Possible values are "File", "Process", "NetworkConnection", and "RegistryKey".
match_value_type
This is the type of value (also known as a facet) to search. Possible values are dependent on the selected artifact type. Valid selections for each are as follows:
  • File
    • Path
    • MD5
    • SHA256
    • Owner
    • CreationDateTime
  • Process
    • Name
    • CommandLine
    • PrimaryImagePath
    • PrimaryImageMd5
    • StartDateTime
  • NetworkConnection
    • DestAddr
    • DestPort
  • RegistryKey
    • ProcessName
    • ProcessPrimaryImagePath
    • ValueName
    • FilePath
    • FileMd5
    • IsPersistencePoint
match_values
This is a list of strings to be matched against for the InstaQuery.
case_sensitive
This determines whether to consider case sensitivity when matching values.
match_type
This determines whether or not to use an exact or "fuzzy" match. The default behavior of InstaQuery is to use a "fuzzy" match. Possible values are:
  • Fuzzy
  • Exact
zones
This is a list of zone IDs to perform the InstaQuery against.
filters
This is a list of filters when performing the InstaQuery.
aspect
This is the aspect (or type) of filters (for example, "OS").
value
This is the value to filter for (for example, "Windows").
relations
This is a list of objects (for example, Focus View URLs) that are related to the InstaQuery. This is similar to the "Pivot Query" functionality in the Console.
object
This is the URL of the focus view that the InstaQuery relates to.
relationship
This is how the InstaQuery relates to the URL. This should almost always be "originated-from".
id
This is the unique identifier of the created InstaQuery.
archived
This is the timestamp of when the InstaQuery was archived.
results_available
This determines if the InstaQuery has returned any results.
created_at
This is the date and time that the InstaQuery was created.
progress
This is the progress of the InstaQuery.