Hello,
I have been trying to get all endpoints utilizing the following API according to the documentation here: Get All Endpoints (paloaltonetworks.com)
The following is my attempt at accomplishing it, however I am still limited to just 100 rows, please suggest the best way to use the "search_from" & "search_to" parameters from the API documentation to accomplish getting all endpoints.
In my case I would like to get a maximumof 120000 endpoints.
let
body = "{ ""request_data"": {}}",
GetJson = Web.Contents("https://FDQN.paloaltonetworks.com/public_api/v1/endpoints/get_endpoint/",
[
Query = [
search_from = "100",
search_to = "120000"
],
Headers = [#"Content-Type" = "application/json",
#"x-xdr-auth-id" = "Auth_Key",
#"Authorization" = "API_Key"
],
Content = Text.ToBinary(body)
]
),
FormatAsJson = Json.Document(GetJson),
#"Converted to Table" = Record.ToTable(FormatAsJson),
Value = #"Converted to Table"{0}[Value],
endpoints = Value[endpoints],
#"Converted to Table1" = Table.FromList(endpoints, Splitter.SplitByNothing(), null, null, ExtraValues.Error),
#"Expanded Column1" = Table.ExpandRecordColumn(#"Converted to Table1", "Column1", {"endpoint_id", "endpoint_name", "endpoint_type", "endpoint_status", "os_type", "os_version", "ip", "users", "domain", "alias", "first_seen", "last_seen", "content_version", "installation_package", "active_directory", "install_date", "endpoint_version", "is_isolated", "isolated_date", "group_name", "operational_status", "operational_status_description", "scan_status", "content_release_timestamp", "last_content_update_time"}, {"endpoint_id", "endpoint_name", "endpoint_type", "endpoint_status", "os_type", "os_version", "ip", "users", "domain", "alias", "first_seen", "last_seen", "content_version", "installation_package", "active_directory", "install_date", "endpoint_version", "is_isolated", "isolated_date", "group_name", "operational_status", "operational_status_description", "scan_status", "content_release_timestamp", "last_content_update_time"})
in
#"Expanded Column1"
