Skip to content

New-SophosXdrQueriesDataLakeRun

SYNOPSIS

Run a query against the Sophos Data Lake, passing the SQL code as the value of a field in the request JSON. The schema reference is available here (https://docs.sophos.com/central/References/schemas/index.html?schema=xdr_schema_docs).

SYNTAX

New-SophosXdrQueriesDataLakeRun [-Token] <String> [-TenantId] <String> [-ApiHost] <String> [-Query] <String>
 [-StartDate] <DateTime> [-EndDate] <DateTime> [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm]
 [<CommonParameters>]

DESCRIPTION

Run a query against the Sophos Data Lake, passing the SQL code as the value of a field in the request JSON. The schema reference is available here (https://docs.sophos.com/central/References/schemas/index.html?schema=xdr_schema_docs).

EXAMPLES

EXAMPLE 1

$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx"
PS>$partnerId = Get-SophosPartnerId -Token $token
PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'}
ps>$query = 'select * from \"xdr_data\" limit 10'
PS>New-SophosXdrQueriesDataLakeRun -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -Query $query -StartDate $(Get-Date).Adddays(-30) -EndDate $(Get-Date).Adddays(-1)

PARAMETERS

-Token

JWT token from oauth API

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-TenantId

Tenant ID

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ApiHost

API host location URL of the tenant

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Query

ADHoc Query

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-StartDate

Start lookup date

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: True
Position: 5
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-EndDate

End lookup date

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: True
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ProgressAction

{{ Fill ProgressAction Description }}

Type: ActionPreference
Parameter Sets: (All)
Aliases: proga

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES