1. sources
Anzenna Public API
  • data exfiltration
    • Query database exfiltration events
      POST
    • List file movement activities
      POST
    • Get file movement activity by id
      GET
    • List files used with data exfiltration.
      POST
    • Get a specific data exfiltration file
      GET
    • List git events
      POST
    • Get a specific git event by id
      GET
    • List git repositories
      POST
    • Get a specific git repository
      GET
  • api key
    • Get API key information
      GET
  • login events
    • List login events
      POST
    • Get a login event by ID
      GET
  • browser applications
    • Query all browser applications
      POST
    • Get a browser application by id
      GET
    • List browser application instances
      POST
  • browser history
    • List browser history entries
      POST
  • data sharing
    • List file sharing instances
      POST
    • Query database share grants
      POST
    • Query database share user additions
      POST
    • List documents
      POST
    • Get document by id
      GET
  • devices
    • List devices
      POST
    • Get a device
      GET
    • List USB device connection events
      POST
    • Get a USB connection event
      GET
  • device policies
    • List device policies
    • Get a device policy
  • device applications
    • List device applications
    • Get a device application
    • Query device application instances.
  • device infections
    • List device infections
    • Get a device infection
  • ide applications
    • List IDE applications
    • Get an IDE application
  • ide application instances
    • Query IDE application instances.
  • mcp servers
    • List MCP servers
    • Get an MCP server
    • Query MCP server installations
  • mfa
    • Query all mfa statuses
  • oauth applications
    • Query all OAuth applications
    • Get an OAuth application by id
    • Query all OAuth application instances
  • passwords
    • Query all password reuse instances
  • people
    • Query all people
    • Get a person by id
    • Add a category to multiple people
    • Remove a category from multiple people
  • account
    • List accounts
    • Get an account by id
  • phishing interactions
    • Query all phishing interactions
  • email flows
    • Query all outbound email events
    • Get an outbound email event by id
  • company wide risk trends
    • Get company risk trends
  • high risk organizations
    • Get number of high risk organizations
  • detections
    • Get key finding detections
    • Get detection details
    • List users associated with a given detection
  • events
    • List security events
  • shadow it
    • Query all Shadow IT instances
  • web host
    • Query all web host resources
    • Get a web host resource by id
  • advanced query
    • Execute an advanced query
  • sources
    • Query raw events
      POST
  • allowlist
    • Query all allowlists
    • Create a new allowlist
    • Delete an allowlist
    • Update an allowlist
  1. sources

Query raw events

POST
/sources/raw-events/{other_id}
This is a pre-release API and is guaranteed to change in the future.
Query raw events from a data source for a specific id.
It accepts most ids used by other endpoints with the exception of people ids.

Request

Authorization
Bearer Token
Provide your bearer token in the
Authorization
header when making requests to protected resources.
Example:
Authorization: Bearer ********************
or
Path Params

Body Params application/jsonRequired

Examples

Responses

🟢200OK
application/json
Successful operation
Body

🟠400Bad Request
🟠401Unauthorized
🟠403Forbidden
Request Request Example
Shell
JavaScript
Java
Swift
curl --location --request POST '/sources/raw-events/' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "distinct_count": "string",
    "include_total_count": true,
    "limit": 10,
    "offset": 0,
    "query": "name='\''WINPC-4291'\'' AND status IN ('\''active'\'', '\''pending'\'')",
    "sort": "name desc, id"
}'
Response Response Example
200 - Example 1
{
    "distinct_values": [
        {
            "count": 0,
            "value": null
        }
    ],
    "pagination": {
        "count": 0,
        "total_count": 1000
    },
    "items": [
        {
            "data": "string",
            "id": "string",
            "recorded_at": "2019-08-24T14:15:22.123Z",
            "timestamp": "2019-08-24T14:15:22.123Z"
        }
    ]
}
Modified at 2026-03-31 19:28:57
Previous
Execute an advanced query
Next
Query all allowlists
Built with