Fetching events by using the Redrock/query API

Use the curl command and the OAuth access token extracted in the previous step:

Copy
curl  -H "Authorization: Bearer <oauth_access_token>" -H "X-CENTRIFY-NATIVE-CLIENT:True -d '{"Script":"<query>"}' https://<tenant>/Redrock/query

Sample curl commands

This sample curl command fetches events for the last 24 hours:

Copy
curl  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Ijk5QzA4QjQzMjk4N0ZDQjRCN0E5MTEwMTdDMTI3QzA4NTZCMjAxQzkiLCJ4NXQiOiJtY0NMUXltSF9MUzNxUkVCZkJKOENGYXlBY2siLCJhcHBfaWQiOiJvYXV0aHNpZW0ifQ.eyJpYXQiOjE1MjE2OTkzNzgsInVuaXF1ZV9uYW1lIjoic2llbXVzZXJAY2VudHJpZnkuY29tIiwiZXhwIjoxNTIxNzE3Mzc4LCJzdWIiOiI0NDZjOTc5Ni1lOWE4LTRiMDgtYmJkZi02ZGZlNTJiOGRkOTIiLCJzY29wZSI6InNpZW0ifQ.e5oE58Cxv0qkIb1Z-nCXyhbIxcL_6Bs3znVVyBG6aFb6oHSlb_y5pPnWaLfQdmfnx6hyHtM0GGRoK6HTVJulSbrCFzqHKBHoW38YPh5M7IzTJflJ-8k0ip9we3ElWm2QiOcbR8AmULYaDR8OnvpIVtmBJ2ZBJng9oFippwoNtBi2gYFjjJsGtRClpqvlHrTytPAqe3SvM0whm8yfbq8YhIapcdk_mfJl2YEPX_pyl-Kxzyz9_nHw-_jm0LXzMazvPiAz-sFCrc8ngtzQZgvDe1wUnPqqEiB0G2Hg2-NCPYi9hcR8OUyeKD4erkgyXRq1KvvrS7G9iLHT1VrLSu0o2g" -H "X-CENTRIFY-NATIVE-CLIENT:True" -d '{"Script":"Select * from Event where WhenOccurred > datefunc('\''now'\'', '\''-1'\'')"}' https://aaa0056.my-dev.centrify.com/Redrock/query

This sample curl command fetches events between two timestamps:

Copy
curl  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Ijk5QzA4QjQzMjk4N0ZDQjRCN0E5MTEwMTdDMTI3QzA4NTZCMjAxQzkiLCJ4NXQiOiJtY0NMUXltSF9MUzNxUkVCZkJKOENGYXlBY2siLCJhcHBfaWQiOiJvYXV0aHNpZW0ifQ.eyJpYXQiOjE1MjE2OTkzNzgsInVuaXF1ZV9uYW1lIjoic2llbXVzZXJAY2VudHJpZnkuY29tIiwiZXhwIjoxNTIxNzE3Mzc4LCJzdWIiOiI0NDZjOTc5Ni1lOWE4LTRiMDgtYmJkZi02ZGZlNTJiOGRkOTIiLCJzY29wZSI6InNpZW0ifQ.e5oE58Cxv0qkIb1Z-nCXyhbIxcL_6Bs3znVVyBG6aFb6oHSlb_y5pPnWaLfQdmfnx6hyHtM0GGRoK6HTVJulSbrCFzqHKBHoW38YPh5M7IzTJflJ-8k0ip9we3ElWm2QiOcbR8AmULYaDR8OnvpIVtmBJ2ZBJng9oFippwoNtBi2gYFjjJsGtRClpqvlHrTytPAqe3SvM0whm8yfbq8YhIapcdk_mfJl2YEPX_pyl-Kxzyz9_nHw-_jm0LXzMazvPiAz-sFCrc8ngtzQZgvDe1wUnPqqEiB0G2Hg2-NCPYi9hcR8OUyeKD4erkgyXRq1KvvrS7G9iLHT1VrLSu0o2g" -H "X-CENTRIFY-NATIVE-CLIENT:True -d '{"Script":"Select * from Event where WhenOccurred >= '\''2018-03-15T11:33:59.273000Z'\'' and  WhenOccurred < '\''2018-03-21T11:33:59.273000Z'\''"}' https://aaa0056.my-dev.centrify.com/Redrock/query

Parsing the response received from Redrock/query

Refer to the following sample Python code to extract events data from a response:

Copy
import json
response_json = json.loads(response.text)
events = response_json['Result']['Results']
headers = []
for column in response_json['Result']['Columns']:    
    headers.append(column['Name'])
    
for idx, event in enumerate(events):
    print('\n Row Number:' + str(idx))
    for header in headers:
        if event['Row'][header] is not None:
            print(header + "=" + str(event['Row'][header]))

References

For additional information, see:

https://developer.centrify.com/docs/use-queries

https://docs.centrify.com/Content/CoreServices/Reports/FilterEvents.htm