Skip to main content

Query for Active and Public Hosts

This article provides an example demonstrating how to execute a GraphQL query via the Brinqa API to retrieve specific hosts based on your selected criteria. While this example focuses on a specific set of attributes, you can tailor the query to include the attributes that fit your needs. For more details on the GraphiQL explorer, see how to use the GraphiQL explorer.

To query for active and critical hosts with public IP addresses in the GraphiQL Explorer, follow these steps:

  1. Log in to your Brinqa Platform as a System Administrator.

  2. Navigate to Administration admin button > System > GraphQL Explorer.

  3. Click GraphiQL Explorer icon Show GraphiQL Explorer to display or switch to the GraphiQL Explorer.

  4. Click hosts to display the options and fields for hosts.

  5. To specify a filter, select the filter option and provide a condition such as status=active, riskRating=critical, and publicIpAddresses EXISTS.

  6. To specify the number of records to be returned, select the limit option and type a number. The default number is 10.

  7. To include specific fields in your query, select them from the available fields. For example, you can select baseRiskScore, dataIntegrationTitles, displayName, firstSeen, id, macAddresses, openFindingCount, and os. If needed, click the field again to remove it from the query.

  8. To include the owner of the hosts in your query, select owners, and then select emails and name.

tip

For a brief description of each field, refer to the Docs GraphiQL Documentation Explorer icon menu within the GraphQL Explorer. You can use the search function to find specific attributes, or browse the list to get a brief description of each field.

  1. After you've selected all the desired fields, click Execute query or press Ctrl-Enter to run the query.

The right pane displays the results. You can modify the query by changing the filter conditions and the limit, or by selecting different fields to include in the response.

Hosts query

After you've verified that the query is fetching the desired data, you can either copy the query itself or click GraphiQL Code Exporter icon Show GraphiQL Code Exporter to obtain the cURL command.

Here's the cURL command corresponding to the query in the screenshot. It sends a POST request to the Brinqa GraphQL endpoint with specific headers, such as Content-Type and Authorization, to ensure proper handling of the JSON content and authentication:

curl 'https://<BrinqaPlatformName>.brinqa.net/graphql/caasm' \
--compressed \
-X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <your-access-token>" \
-H "Accept: application/json" \
-H "Accept-Encoding: gzip, deflate" \
--data '{ 
  "query": "query MyQuery {  hosts(    filter: "status=active and riskRating=critical and publicIpAddresses EXISTS"    limit: 10  ) {    baseRiskScore    dataIntegrationTitles    displayName    firstSeen    id    macAddresses    openFindingCount    os    owners {      emails      name    }  }}",
  "variables": null,
  "operationName": "MyQuery"
}'
note

Replace <BrinqaPlatformName> with the actual name of your Brinqa Platform and replace <your-access-token> with your access token.

The result of this query is a JSON object containing an array of hosts. Each host item consists of the fields you have selected in your query. The provided result is a snapshot of the hosts that meet the criteria specified in the query:

{
  "data": {
    "hosts": [
      {
        "baseRiskScore": 10,
        "dataIntegrationTitles": "[Armis, Crowdstrike, Brinqa Manual Entry, Microsoft endpoint configuration manager, Qualys VM, ServiceNow]",
        "displayName": "QQNS9715.brinqa.com",
        "firstSeen": "2023-02-12T19:06:55.205Z",
        "id": "1624846130314362889",
        "macAddresses": "[B0:B1:36:1B:74:AF]",
        "openFindingCount": 52,
        "os": "Windows Server 2022",
        "owners": [
          {"emails": "[felipe.gould@example.com]", "name": "Felipe Gould"},
          {"emails": "[teodoro.gaboury@example.com]", "name": "Teodoro Gaboury"},
          {"emails": "[maryanne.whyman@example.com]", "name": "Maryanne Whyman"},
          {"emails": "[barton.friesner@example.com]", "name": "Barton Friesner"}
        ]
      },
      {
        "baseRiskScore": 10,
        "dataIntegrationTitles": "[Armis, Crowdstrike, Brinqa Manual Entry, Microsoft endpoint configuration manager, Qualys VM, ServiceNow]",
        "displayName": "EWRQ3377.brinqa.com",
        "firstSeen": "2023-02-12T19:06:55.247Z",
        "id": "1624846130314362896",
        "macAddresses": "[B9:49:3D:CE:13:16]",
        "openFindingCount": 38,
        "os": "Windows Server 2022",
        "owners": [
          {"emails": "[maryanne.whyman@example.com]", "name": "Maryanne Whyman"},
          {"emails": "[christa.bodenschatz@example.com]", "name": "Christa Bodenschatz"},
          {"emails": "[teodoro.gaboury@example.com]", "name": "Teodoro Gaboury"}
        ]
      },
      // ... other hosts ...
    ]
  }
}