All Collections
Monarx API
RSQL Filters with Collection And Export Endpoints
RSQL Filters with Collection And Export Endpoints
Will avatar
Written by Will
Updated over a week ago

RSQL Filtering

Collection and export endpoints support RSQL (REST structured query language) based data filtration.

Search Type

Operator

Examples

Equal

==

?filter=file.name==RC-Shell.php

Not Equal

!=

?filter=file.name!='My Shell.php'

Wildcard

==

?filter=file.name=='*Shell.php'

Greater Than

>

?filter=count>1

?filter=audit_created>2020-01-01

Greater Than or Equal

>=

?filter=count>=1

Less Than

<

?filter=count<1

?filter=audit_created<2020-01-01

Less Than or Equal

<=

?filter=count<=1

In

=in=

?filter=agent.version=in=(3.1.1,3.0.0)

Not In

=out=

?filter=agent.version=out=(3.1.1,3.0.0)

Null

=isnull=

?filter=agent.version=isnull=1

Not Null

=notnull=

?filter=agent.version=notnull=1

Conjunctions

N/A

?filter=count>1 and count<100

?filter=audit_created>2020-01-01 and audit_created<=2020-01-07

?filter=file.name==RC-Shell.php or file.name==other.php

Precedence

N/A

?filter=(count>1 and count<10) or (count>100 and count<1000)

Error Handling

A malformed RSQL filter is expected to throw a 400 Bad Request, with error context MX.InvalidCollectionFilter, e.g.:

{ 
"timestamp": "2020-01-06T15:03:47.106+0000", 
"status": 400,
"error": "Bad Request", 
"message": "MX.InvalidCollectionFilter", 
"path": "/v1/enterprise/d6288427-3f2e-4a28-9c9a-ba4c9c7a6eff/agent-file" 
}
Did this answer your question?