Execute a detection query
Execute an ad-hoc detection query against a connected SIEM platform. Returns sample results.
Authorizations
API Key authentication for programmatic access. Include your API key in the Authorization header as: Bearer your_api_key_here
Body
The detection query to execute
The SIEM platform/tool type to execute against
1Optional platform config used for enhanced platform-native testing (e.g., Datadog rule validate/test/preview).
- Option 1
- Option 2
Time range in hours (1-168, default: 24)
1 <= x <= 168Max rows to return (1-100, default: 10)
1 <= x <= 100Response
Successful response
Total matching rows in the test time window (may exceed returned sample size)
Single best platform-specific estimate used to display hits/hr