> For the complete documentation index, see [llms.txt](https://docs.onum.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.onum.com/the-workspace/listeners/listener-integrations/pull-data-from-http-endpoints/collect-data-from-hoxhunt.md).

# Collect data from Hoxhunt

## Overview

Get a list of call records using the [Microsoft Graph API](https://learn.microsoft.com/en-us/graph/).

## HTTP Pull Listener configuration

### Parameters

N/A

### Secrets

You must define these credentials in Onum:

* `hoxhuntToken` will reference your Hoxhunt token.

To do it, enter a **Name** for the secret and then click the **Value** field. Click **New secret** to create a new one:

* Give the secret a **Name**.
* Turn off the **Expiration date** option.
* Click **Add new value** and paste the secret corresponding to the value.
* Click **Save**.

You can now select the secret you just created in the corresponding field.

{% hint style="info" %}
Learn more about secrets in Onum in [this article](/administration/global-settings/organization-settings/secrets-management.md).
{% endhint %}

### Configuration

After entering the required parameters and secrets, you can choose to manually enter the API fields, or simply paste the given YAML:

{% tabs %}
{% tab title="Config as YAML" %}
Toggle this **ON** to enable a free text field where you can paste your **Tenable** YAML.

```yaml
withTemporalWindow: true
temporalWindow:
  duration: 5m
  offset: 5m
  tz: UTC
  format: RFC3339
withAuthentication: false
withEnumerationPhase: false
collectionPhase:
  paginationType: "cursor"
  cursorSelector: ".data.incidents.pageInfo.endCursor"
  initialRequest:
    method: POST
    url: "https://app.hoxhunt.com/graphql-external"
    headers:
      - name: Authorization
        value: "Authtoken ${secrets.hoxhuntToken}"
    bodyType: raw
    bodyRaw: |
      {
        "query": "query($startDate: DateTime, $endDate: DateTime) {\n  incidents(\n    first: 100, \n    filter: {\n      createdAt: {\n        gte: $startDate,\n        lte: $endDate\n      }\n    }\n  ) {\n    edges {\n      node {\n        id\n        createdAt\n        updatedAt\n        status\n        severity\n        reportedBy\n        description\n      }\n    }\n    pageInfo {\n      hasNextPage\n      endCursor\n    }\n  }\n}",
        "variables": "{\n  \"startDate\": \"${temporalWindow.from}\",\n  \"endDate\": \"${temporalWindow.to}\"\n}"
      }
  nextRequest:
    method: POST
    url: "https://app.hoxhunt.com/graphql-external"
    headers:
      - name: Authorization
        value: "Authtoken ${secrets.hoxhuntToken}"
    bodyType: raw
    bodyRaw: |
      {
        "query": "query($cursor: String, $startDate: DateTime, $endDate: DateTime) {\n  incidents(\n    first: 100, \n    after: $cursor,\n    filter: {\n      createdAt: {\n        gte: $startDate,\n        lte: $endDate\n      }\n    }\n  ) {\n    edges {\n      node {\n        id\n        createdAt\n        updatedAt\n        status\n        severity\n        reportedBy\n        description\n      }\n    }\n    pageInfo {\n      hasNextPage\n      endCursor\n    }\n  }\n}",
        "variables": "{\n  \"cursor\": \"${pagination.cursor}\"\n  \"startDate\": \"${temporalWindow.from}\",\n  \"endDate\": \"${temporalWindow.to}\"\n}"
      }
  output:
    select: ".data.incidents"
    map: "."
    outputMode: element 
```

{% endtab %}

{% tab title="Manually configure" %}
**Temporal Window**

Toggle **ON** to add a temporal window for events. This repeatedly shifts the time window over which data is collected.

* **Duration** - `5m`
* **Offset** - `5m`
* **Format** - `RFC3339`

**Collection Phase**

* **Pagination Type**<mark style="color:red;">**\***</mark> - `Cursor`
* **Cursor Selector**<mark style="color:$primary;">**\***</mark> - `.data.incidents.pageInfo.endCursor`

**Initial Request**

* **Response Type**<mark style="color:$primary;">**\***</mark> - `JSON`
* **Method**<mark style="color:$primary;">**\***</mark> - `POST`
* **URL**<mark style="color:$primary;">**\***</mark> - `https://app.hoxhunt.com/graphql-external`
* **Headers**
  * **Name** - `Authorization`
  * **Value** - `Authtoken ${secrets.hoxhuntToken}`
* **Body Type**<mark style="color:$primary;">**\***</mark> - `Raw`
* **Body Content**<mark style="color:$primary;">**\***</mark> -&#x20;

```
|
      {
        "query": "query($startDate: DateTime, $endDate: DateTime) {\n  incidents(\n    first: 100, \n    filter: {\n      createdAt: {\n        gte: $startDate,\n        lte: $endDate\n      }\n    }\n  ) {\n    edges {\n      node {\n        id\n        createdAt\n        updatedAt\n        status\n        severity\n        reportedBy\n        description\n      }\n    }\n    pageInfo {\n      hasNextPage\n      endCursor\n    }\n  }\n}",
        "variables": "{\n  \"startDate\": \"${temporalWindow.from}\",\n  \"endDate\": \"${temporalWindow.to}\"\n}"
      }
```

**Next Request**

* **Response Type**<mark style="color:$primary;">**\***</mark> - `JSON`
* **Method**<mark style="color:$primary;">**\***</mark> - `POST`
* **URL**<mark style="color:$primary;">**\***</mark> - `https://app.hoxhunt.com/graphql-external`
* **Headers**
  * **Name** - `Authorization`
  * **Value** - `Authtoken ${secrets.hoxhuntToken}`
* **Body Type**<mark style="color:$primary;">**\***</mark> - `Raw`
* **Body Content**<mark style="color:$primary;">**\***</mark> -&#x20;

```
|
      {
        "query": "query($cursor: String, $startDate: DateTime, $endDate: DateTime) {\n  incidents(\n    first: 100, \n    after: $cursor,\n    filter: {\n      createdAt: {\n        gte: $startDate,\n        lte: $endDate\n      }\n    }\n  ) {\n    edges {\n      node {\n        id\n        createdAt\n        updatedAt\n        status\n        severity\n        reportedBy\n        description\n      }\n    }\n    pageInfo {\n      hasNextPage\n      endCursor\n    }\n  }\n}",
        "variables": "{\n  \"cursor\": \"${pagination.cursor}\"\n  \"startDate\": \"${temporalWindow.from}\",\n  \"endDate\": \"${temporalWindow.to}\"\n}"
      }
```

**Output**

* **Select**<mark style="color:$primary;">**\***</mark> - `.data.incidents`
* **Map** - `.`
* **Output Mode**<mark style="color:$primary;">**\***</mark> - `element`
  {% endtab %}
  {% endtabs %}

Click **Create labels** to move on to the next step and define the required [Labels](/the-workspace/listeners/labels.md) if needed.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.onum.com/the-workspace/listeners/listener-integrations/pull-data-from-http-endpoints/collect-data-from-hoxhunt.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.