Skip to main content

Retrieve New Findings

This article provides an example demonstrating how to execute a GraphQL query via the Brinqa API to retrieve specific findings based on your selected criteria. While this example focuses on a specific set of attributes, you can tailor the query to include the attributes that fit your needs. For more details on the GraphiQL explorer, see how to use the GraphiQL explorer.

To query for new findings in the GraphiQL Explorer, follow these steps:

  1. Log in to your Brinqa Platform as a System Administrator.

  2. Navigate to Administration admin button > System > GraphQL Explorer.

  3. Click GraphiQL Explorer icon Show GraphiQL Explorer to display or switch to the GraphiQL Explorer.

  4. Click findings to display the options and fields for findings.

  5. To specify a filter, select the filter option and provide a condition such as ageInDays < 30 to retrieve all findings younger than 30 days.

  6. To specify the number of records to be returned, select the limit option and type a number. The default number is 10.

  7. To include specific fields in your query, select them from the available fields. For example, you can select connectorNames, firstFound, id, riskRating, statusCategory, type > name, type > openFindingCount, type > patchAvailable, and recommendation. If needed, click the field again to remove it from the query.

tip

For a brief description of each field, refer to the Docs GraphiQL Documentation Explorer icon menu within the GraphQL Explorer. You can use the search function to find specific attributes, or browse the list to get a brief description of each field.

  1. After you've selected all the desired fields, click Execute query or press Ctrl-Enter to run the query.

The right pane displays the results. You can modify the query by changing the filter conditions and the limit, or by selecting different fields to include in the response.

Findings query

After you've verified that the query is fetching the desired data, you can either copy the query itself or click GraphiQL Code Exporter icon Show GraphiQL Code Exporter to obtain the cURL command.

Here's the cURL command corresponding to the query in the screenshot. It sends a POST request to the Brinqa GraphQL endpoint with specific headers, such as Content-Type and Authorization, to ensure proper handling of the JSON content and authentication:

curl 'https://<BrinqaPlatformName>.brinqa.net/graphql/caasm' \
--compressed \
-X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <your-access-token>" \
-H "Accept: application/json" \
-H "Accept-Encoding: gzip, deflate" \
--data '{
"query": "query MyQuery { findings(filter: "ageInDays < 30", limit: 10) { connectorNames firstFound id riskRating statusCategory type { name openFindingCount patchAvailable recommendation } }}",
"variables": null,
"operationName": "MyQuery"
}'
note

Replace <BrinqaPlatformName> with the actual name of your Brinqa Platform and replace <your-access-token> with your access token.

The result of this query is a JSON object containing an array of findings. Each finding item consists of the fields you have selected in your query. The provided result is a snapshot of the findings that meet the criteria specified in the query:

{
{
"data": {
"findings": [
{
"connectorNames": "[Qualys Vulnerability Management]",
"firstFound": "2016-07-24T18:05:32Z",
"id": "1688658462571626517",
"riskRating": "Medium",
"statusCategory": "Closed",
"type": {
"name": "OpenSSH GSSAPI Credential Disclosure Vulnerability",
"openFindingCount": 8,
"patchAvailable": true,
"recommendation": "This issue affects versions of OpenSSH prior to 4.2. The vendor released OpenSSH version 4.2 to address this issue..."
}
},
{
"connectorNames": "[Brinqa Connect, Brinqa Manual Entry]",
"firstFound": "2022-03-22T00:00:00Z",
"id": "1687513571912466447",
"riskRating": "Low",
"statusCategory": "Closed"
},
{
// .. other findings ..
}
]
}
}