Search OCSF events
curl --request POST \
--url https://api.wirespeed.co/v1/ocsf/advanced \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"query": "<string>",
"queryId": "<string>",
"startTime": "<string>",
"endTime": "<string>"
}
'import requests
url = "https://api.wirespeed.co/v1/ocsf/advanced"
payload = {
"query": "<string>",
"queryId": "<string>",
"startTime": "<string>",
"endTime": "<string>"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
query: '<string>',
queryId: '<string>',
startTime: '<string>',
endTime: '<string>'
})
};
fetch('https://api.wirespeed.co/v1/ocsf/advanced', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.wirespeed.co/v1/ocsf/advanced",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'query' => '<string>',
'queryId' => '<string>',
'startTime' => '<string>',
'endTime' => '<string>'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.wirespeed.co/v1/ocsf/advanced"
payload := strings.NewReader("{\n \"query\": \"<string>\",\n \"queryId\": \"<string>\",\n \"startTime\": \"<string>\",\n \"endTime\": \"<string>\"\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.wirespeed.co/v1/ocsf/advanced")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"query\": \"<string>\",\n \"queryId\": \"<string>\",\n \"startTime\": \"<string>\",\n \"endTime\": \"<string>\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.wirespeed.co/v1/ocsf/advanced")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"query\": \"<string>\",\n \"queryId\": \"<string>\",\n \"startTime\": \"<string>\",\n \"endTime\": \"<string>\"\n}"
response = http.request(request)
puts response.read_body{
"data": [
{}
],
"totalCount": 123,
"queryId": "<string>",
"rowsRead": 123,
"bytesRead": 123
}{
"message": "<string>",
"statusCode": 123
}OCSF
Search OCSF events
POST
/
v1
/
ocsf
/
advanced
Search OCSF events
curl --request POST \
--url https://api.wirespeed.co/v1/ocsf/advanced \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"query": "<string>",
"queryId": "<string>",
"startTime": "<string>",
"endTime": "<string>"
}
'import requests
url = "https://api.wirespeed.co/v1/ocsf/advanced"
payload = {
"query": "<string>",
"queryId": "<string>",
"startTime": "<string>",
"endTime": "<string>"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
query: '<string>',
queryId: '<string>',
startTime: '<string>',
endTime: '<string>'
})
};
fetch('https://api.wirespeed.co/v1/ocsf/advanced', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.wirespeed.co/v1/ocsf/advanced",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'query' => '<string>',
'queryId' => '<string>',
'startTime' => '<string>',
'endTime' => '<string>'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.wirespeed.co/v1/ocsf/advanced"
payload := strings.NewReader("{\n \"query\": \"<string>\",\n \"queryId\": \"<string>\",\n \"startTime\": \"<string>\",\n \"endTime\": \"<string>\"\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.wirespeed.co/v1/ocsf/advanced")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"query\": \"<string>\",\n \"queryId\": \"<string>\",\n \"startTime\": \"<string>\",\n \"endTime\": \"<string>\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.wirespeed.co/v1/ocsf/advanced")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"query\": \"<string>\",\n \"queryId\": \"<string>\",\n \"startTime\": \"<string>\",\n \"endTime\": \"<string>\"\n}"
response = http.request(request)
puts response.read_body{
"data": [
{}
],
"totalCount": 123,
"queryId": "<string>",
"rowsRead": 123,
"bytesRead": 123
}{
"message": "<string>",
"statusCode": 123
}Authorizations
bearerbearer
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Body
application/json
Response
Array of OCSF search result objects
Total number of results matching the search query, or null if the count query timed out
Unique identifier for this query execution
Number of rows read during query execution
Number of bytes read during query execution
⌘I

