Create Live Query Template
POST {{cb_url}}/livequery/v1/orgs/{{cb_org_key}}/templates
Creates a Live Query Template.
This route includes osquery validation:
- Validates the
osquery SQL, ensuring tables are correct, table columns match, etc. - Validates that the
osquery SQLis compatible with the selected device type(s). Device compatibility is checked against the osquery schema. The schema version depends upon the device type of the sensor. The following device schemas can be used to query for a specific device:
WINDOWS: https://osquery.io/schema/3.3.2
MAC: https://osquery.io/schema/4.1.2
LINUX: https://osquery.io/schema/4.1.2
Note: Queries will still be allowed to be added when a list of device ids is specified in the filter and none of the corresponding devices are compatible with the query. In these cases, no results will be returned and the query will be shown as NOT_SUPPORTED in the query result device summaries.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
| livequery.manage | CREATE |
Request Body
{"sql"=>"<string>", "device_filter"=>{"device_id"=>["<long>", "<long>"], "os"=>["<string>", "<string>"], "policy_id"=>["<long>", "<long>"]}, "name"=>"<string>", "notify_on_finish"=>"<boolean>", "schedule"=>{"cancellation_time"=>"<string>", "cancelled_by"=>"<string>", "next_run_time"=>"<string>", "previous_run_time"=>"<string>", "recurrence"=>"<string>", "rrule"=>"<string>", "status"=>"<string>", "timezone"=>"<string>"}}
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Content-Type | string |