https://pastein.ru/t/Gwq
Загрузка данных
{{siem_host}}/api/assets_temporal_readmodel/v1/assets_grid
auth - pat_E479E685779957D2F7875FBCE82D17DD807FF49977EC4EA748C5B11A1D306D43
так задаю тут pdql
{
"pdql": "select(@Host, host.Fqdn, host.IpAddress, host.@vulners.Status, Host.OsName, Host.OsVersion, Host.@AuditTime, Host.@Vulners.CVEs, Host.@Vulners.SeverityRating, Host.@Vulners.IssueTime, Host.@Vulners.Description, Host.@Vulners.VulnerableEntity.Name, Host.@Vulners.VulnerableEntity.Version, Host.@Vulners.Patch, Host.@Vulners.HowToFix) | filter(host.@vulners.Status = 'new') | sort(Host.@Vulners.SeverityRating ASC) | filter(Host.@Vulners.SeverityRating != 'None') | sort(Host.@Vulners.SeverityRating DESC) | limit(0)",
"selectedGroupIds": [],
"additionalFilterParameters": {
"groupIds": [],
"assetIds": []
},
"includeNestedGroups": true,
"utcOffset": "+03:00"
}
возвращает так
{
"token": "zAkWHoBaAbAAAAAAAAYeeA",
"isPotentiallySlow": false,
"hasTimepointPipe": false,
"hasTimeseriesPipe": false,
"fields": [
{
"name": "@Host",
"localizedName": "Узел",
"type": "assetInfo",
"isArray": false,
"origin": "dataField"
},
{
"name": "host.Fqdn",
"localizedName": "Полное имя узла",
"type": "string",
"isArray": false,
"origin": "dataField"
},
{
"name": "host.IpAddress",
"localizedName": "Доступен по IP-адресу",
"type": "ipAddress",
"isArray": false,
"origin": "dataField"
},
{
"name": "host.@vulners.Status",
"localizedName": "Статус уязвимости",
"type": "vulnerabilityStatus",
"isArray": false,
"origin": "dataField"
},
{
"name": "Host.OsName",
"localizedName": "Название ОС",
"type": "string",
"isArray": false,
"origin": "dataField"
},
{
"name": "Host.OsVersion",
"localizedName": "Версия ОС",
"type": "string",
"isArray": false,
"origin": "dataField"
},
{
"name": "Host.@AuditTime",
"localizedName": "Дата и время последнего аудита",
"type": "dateTime",
"isArray": false,
"origin": "dataField"
},
{
"name": "Host.@Vulners.CVEs",
"localizedName": null,
"type": "hyperlink",
"isArray": false,
"origin": "dataField"
},
{
"name": "Host.@Vulners.SeverityRating",
"localizedName": "Уровень опасности уязвимости",
"type": "vulnerabilitySeverityRating",
"isArray": false,
"origin": "dataField"
},
{
"name": "Host.@Vulners.IssueTime",
"localizedName": "Дата публикации паспорта уязвимости",
"type": "dateTime",
"isArray": false,
"origin": "dataField"
},
{
"name": "Host.@Vulners.Description",
"localizedName": "Описание уязвимости",
"type": "string",
"isArray": false,
"origin": "dataField"
},
{
"name": "Host.@Vulners.VulnerableEntity.Name",
"localizedName": "Название уязвимой сущности",
"type": "string",
"isArray": false,
"origin": "dataField"
},
{
"name": "Host.@Vulners.VulnerableEntity.Version",
"localizedName": "Версия уязвимой сущности",
"type": "string",
"isArray": false,
"origin": "dataField"
},
{
"name": "Host.@Vulners.Patch",
"localizedName": "Патч",
"type": "vulnerabilityPatchInfo",
"isArray": false,
"origin": "dataField"
},
{
"name": "Host.@Vulners.HowToFix",
"localizedName": "Способ устранения уязвимости",
"type": "string",
"isArray": false,
"origin": "dataField"
}
]
}
далее беру {{siem_host}}/api/assets_temporal_readmodel/v1/assets_grid/data?limit={{limit}}&pdqlToken={{api_pdql_token}}
указываю токен и получаю значения [
{
"pdqlToken": "{{api_pdql_token}}"
}
]
{
"records": [
{
"@Host": {
"name": "n00583f29b4b3.roscap.com (10.28.128.182)",
"id": "1d5b9427-bf40-0001-0000-00000000002e",
"deviceType": "Workstation",
"type": "OperatingSystem.Windows.WindowsHost",
"displayTime": null,
"version": "792"
},
"host.Fqdn": "n00583f29b4b3.roscap.com",
"host.IpAddress": "10.28.128.182",
"host.@vulners.Status": {
"value": "new",
"id": "1"
},
"Host.OsName": "windows 10",
"Host.OsVersion": "10.0.19045",
"Host.@AuditTime": "2026-04-14T10:27:13Z",
"Host.@Vulners.CVEs": {
"displayName": "CVE-2025-10585",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10585"
},
"Host.@Vulners.SeverityRating": {
"value": "critical",
"id": "7"
},
"Host.@Vulners.IssueTime": "2025-09-17T00:00:00Z",
"Host.@Vulners.Description": "Уязвимость в google chrome",
"Host.@Vulners.VulnerableEntity.Name": "Google Chrome",
"Host.@Vulners.VulnerableEntity.Version": "138.0.7204.184",
"Host.@Vulners.Patch": {
"displayName": null,
"patchType": null,
"patchDate": null,
"patchLink": null
},
"Host.@Vulners.HowToFix": "Для устранения уязвимости обновите Google Chrome.\nУязвимость устранена, если версия Google Chrome больше или равна 140.0.7339.185.\n\nДля максимальной защиты обновите Google Chrome до версии 148.0.7778.96.\nПоследнюю версию Google Chrome можно скачать с официального сайта вендора: https://www.google.com/chrome/."
},
{
"@Host": {
"name": "n84470909d8cb.roscap.com (10.1.64.42)",
"id": "1cf593d1-4900-0001-0000-000000000ac2",
"deviceType": "Workstation",
"type": "OperatingSystem.Windows.WindowsHost",
"displayTime": null,
"version": "1566"
},