Have been playing with the InsightIDR REST API and would like to add new entries (ip addresses) to an existing variable. I have been testing with the PUT command to update an LEQL variable but it seems to overwrite any prior data inside the variable. Any way to add new entries to an LEQL variable without overwriting previous entries?
I don’t think there’s a straight forward method to do it like say an “APPEND” function or anything. My suggestion would be to first do a GET on the variable to grab the whole list, have a function concatenate the current values and your new values, then PUT the full list of items back into the variable.
Using postman on a mac, I was able to read, create, modify, and delete variables through the api. I’ll post a video on how I did it in a bit.