000031625 - How to extract specific data within a specific timeframe using the REST API in Security Analytics 10.4 and higher

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000031625
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics Servers
RSA Version/Condition: 10.4.x,10.5.x
Platform: CentOS
O/S Version: EL6
ResolutionTo begin, login to the rest API of the device you would like to query
http://<concentrator_IP>:50105/sdk/packets
http://<logdecoder_IP>:50102/sdk/packets
http://<Packetdecoder_IP>:50104/sdk/packets
http://<Archiver_IP>:50108/sdk/packets

Execute your query in the where clause:
For example, to extract data collected from a device with ip address 192.168.10.11 between March 4th 2015 at 8:15 AM and March 6th 2015 at 8:20AM, the following is the syntax to use in the where clause"
ip.src="192.168.10.11" && time="2015-Mar-4 8:15"-"2015-Mar-6 8:20"

Attachments

    Outcomes