Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
k
Kathy Satterlee
05/23/2023, 7:20 PMI noticed a similar error when I had an extra ‘/’ in the request URL. Can you view the request url and body as they are being sent from your platform?
r
Rajesh Kumar
05/23/2023, 7:22 PMScreenshot 2023-05-23 at 3.21.14 PM.png
Has anyone tried doing live query over rest API? I would be curious to see any tested version request - response.
k
Kathy Satterlee
05/23/2023, 7:38 PMimage.png
Response:
{
"summary": {
"targeted_host_count": 1,
"responded_host_count": 1
},
"live_query_results": [
{
"query_id": 778,
"results": [
{
"host_id": 78,
"rows": [
{
"action": "add",
"datetime": "2023-05-19 03:45:36",
"path": "",
"vendor": "Apple"
},
{
"action": "add",
"datetime": "2023-05-19 03:45:36",
"path": "",
"vendor": "Apple"
},
{
"action": "add",
"datetime": "2023-05-19 03:45:36",
"path": "",
"vendor": "Apple"
},
{
"action": "remove",
"datetime": "2023-05-19 03:45:46",
"path": "",
"vendor": "Apple"
},
{
"action": "remove",
"datetime": "2023-05-19 03:45:46",
"path": "",
"vendor": "Apple"
},
{
"action": "remove",
"datetime": "2023-05-19 03:45:46",
"path": "",
"vendor": "Apple"
}
],
"error": null
}
]
}
]
}What version of Fleet are you running?
r
Rajesh Kumar
05/23/2023, 7:41 PMFleet 4.31.0
k
Kathy Satterlee
05/23/2023, 9:04 PMPerfect. Just wanted to make sure. It sounds like something is going awry with the request body. Is anything showing up in the Fleet logs?
r
Rajesh Kumar
05/23/2023, 9:04 PMYes, I tried postman, and even in CLI using curl and it works on postman and terminal but something is going on the request body that it is not accepting and still failing from SOAR. I am still troubleshooting.
k
Kathy Satterlee
05/23/2023, 9:06 PMHow would you feel about hopping on Zoom to see if anything stands out to me?
r
Rajesh Kumar
05/23/2023, 9:07 PMSure. I am available.
k
Kathy Satterlee
05/23/2023, 9:07 PMGive me 2 minutes.
r
Rajesh Kumar
05/23/2023, 10:04 PMSo I resolved the issue. It needed entire request to go in GET request including body parameters. Thanks @Kathy Satterlee for all your help.
k
Kathy Satterlee
05/23/2023, 10:05 PMI was wondering if Tines was being weird about the request body because it was a GET
r
Rajesh Kumar
05/24/2023, 2:20 PMYes it was and what was needed to be done is this -