SPQL queries can be executed via the Silent Push API’s Xperimental Scandata Search endpoint. This article explains how to structure API calls. Refer to SPQL Syntax Rules for query construction and SPQL Query Examples for sample queries.
API Endpoint
URL:
https://api.silentpush.com/api/v1/merge-api/explore/scandata/search/raw
Method: POST
Note: SPQL is not supported in the Silent Push UI Query Builder; use tools like
curl
or Postman.
Request Structure
Body: JSON object with:
query
: SPQL query string (JSON-encoded, escape double quotes).fields
(optional): List of field names to return (e.g.,["domain", "ip"]
). If omitted, all fields are returned. See Understand Field Names.sort
(optional): List of fields and sort order (e.g.,["domain/asc", "scan_date/desc"]
). Defaults to["scan_date/desc", "domain/asc"]
if omitted.
URL Parameters
limit=<n>
: Maximum results (e.g.,100
).skip=<n>
: Results to skip (e.g.,0
).with_metadata=1
: Returns metadata, including ajob_id
to recall results for 30 days.
Recall Results
Use job_id
at https://api.silentpush.com/api/v1/merge-api/explore/job/<job_id>
.
Example 1: Query for DDoS with all fields
curl -ks -X POST -H 'content-type:application/json' -H 'x-api-key:<api_key>' \
'https://api.silentpush.com/api/v1/merge-api/explore/scandata/search/raw?limit=100' \
-d '{"query": "htmltitle = \"DDoS* not configured\" AND response > 200 AND header.server = ddos*"}'
Example 2: Query with specific fields
curl -ks -X POST -H 'content-type:application/json' -H 'x-api-key:<api_key>' \
'https://api.silentpush.com/api/v1/merge-api/explore/scandata/search/raw?limit=100' \
-d '{"query": "htmltitle = \"DDoS* not configured\" AND response = 200 AND header.server = ddos*", "fields": ["domain", "scan_date", "ip", "htmltitle"]}'
Example 3: Regular expression query with nested sorting
curl -ks -X POST -H 'content-type:application/json' -H 'x-api-key:<api_key>' \
'https://api.silentpush.com/api/v1/merge-api/explore/scandata/search/raw?limit=100' \
-d '{"query": "scan_date > now-30d AND ssl.sans ~= /^silent[a-z].+\\.io$/ AND domain !~= /silent.*/ AND domain ~= /.+/ AND ip = [13.249.0.0/16, 52.84.0.0/16]", "sort": ["domain/asc", "hostname/asc", "scan_date/desc"]}'
Note: Use SPQL Command Line Utility as an alternative to direct API calls. Ensure proper JSON encoding for regular expressions (double-backslash for literal
\
).