Skip to main content

VAST Rest API ("0.1")

Download OpenAPI specification:Download

This API can be used to interact with a VAST Node in a RESTful manner.

All API requests must be authenticated with a valid token, which must be supplied in the X-VAST-Token request header. The token can be generated on the command-line using the vast rest generate-token command.

Create new query

Create a new export query in VAST

Authorizations:
VastToken
query Parameters
query
required
string
Example: query=:ip in 10.42.0.0/16 | head 100

The query used, optionally including an open pipeline.

ttl
string
Example: ttl=5.0m

The time after which a query is cancelled. Use the /query/:id/next endpoint to refresh the TTL. To refresh the TTL without requesting further events, request zero events.

expand
boolean

Whether to use the expanded output schema.

flatten
boolean
Default: false

Flatten nested elements in the response data.

omit-nulls
boolean
Default: false

Omit null elements in the response data.

numeric-durations
boolean
Default: false

Render durations as numeric values.

Responses

Response samples

Content type
application/json
{
  • "id": "c91019bf-21fe-4999-8323-4d28aeb111ab"
}

Get additional query results

Return n additional results from the specified query.

Authorizations:
VastToken
path Parameters
id
required
string
Example: e84308a2-1ba4-4559-9e0f-597dfea4fd3e

The query ID.

query Parameters
n
integer
Example: n=10

Maximum number of returned events

Responses

Response samples

Content type
application/json
{
  • "events": [
    ],
  • "schemas": [
    ]
}

Return current status

Returns the current status of the whole node.

Authorizations:
VastToken
query Parameters
component
string
Example: component=index

If specified, return the status for that component only.

verbosity
string
Default: "info"
Enum: "info" "detailed" "debug"
Example: verbosity=detailed

The verbosity level of the status response.

Responses

Response samples

Content type
application/json
{
  • "catalog": {
    },
  • "version": {
    }
}