Query params

customerGUID - required. Gloabl filters (cluster, namespace)

Request object

Standart request body for pagination APIs

Request object examples

Get top 5 controls with the highest number of affected resources from all frameworks:

{
"pageSize": 5,
"orderBy": "affectedResourcesCount:desc"
}

Get all failed controls for "MITRE" framework:

{
"pageSize": 50,
"innerFilters": [
{
"frameworkName": "MITRE",
"statusText": "failed"
}
]
}

Get next page of previous request:

{
"pageSize": 50,
"pageNum": 2,
"innerFilters": [
{
"frameworkName": "MITRE",
"statusText": "failed"
}
]
}

Discussion: The following request (control for resource) needs new API? Get all failed controls for resource "wlid://cluster-cluster1/namespace-namespace2/pod-my-pod" for "MITRE" framework in specific report:

{
"innerFilters":[
{
"frameworkName":"MITRE",
"statusText":"failed",
"resource.name":"wlid://cluster-cluster1/namespace-namespace2/pod-my-pod",
"reportGUID":"adsdsad-fdsfdsf-fdsfdsf-fdsfdf-fdsf"
}
]
}

Response object

Standart response body for pagination APIs There is no gurentee there will be any control in the "response" list or to the numbers of the elements in it.

Response object example

{
"total": {
"value": 186,
"relation": "eq"
},
"response": [
{
"designators": {
"designatorType": "",
"attributes": {
"cluster": "minikube1",
"customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566",
"rbacQuery": "Show who can access secrets"
}
},
"id": "C-0001",
"guid":"111111111-aaaaaaaaaaaaa-bbbbbbbbb-aaaaaaaaaa",
"name": "Privilege escalation",
"affectedResourcesCount": 10,
"previousAffectedResourcesCount": 5,
"frameworkName": "MITRE",
"remediation": "don't give high privileges to container",
"status": 3,
"statusText": "failed",
"description": "lorem ipsum ...",
"section": "Initial access",
"relevantCloudProvides": null,
"controlInputs": null
},
{
"designators": {
"designatorType": "",
"attributes": {
"cluster": "minikube1",
"customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566",
"hostSensor": "true"
}
},
"id": "C-0021",
"guid":"111111111-aaaaaaaaaaaaa-bbbbbbbbb-cccccc",
"name": "Untrusted image registry",
"affectedResourcesCount": 45,
"previousAffectedResourcesCount": 15,
"frameworkName": "MITRE",
"remediation": "don't give high privileges to container",
"status": 2,
"statusText": "warning",
"description": "lorem ipsum ...",
"section": "Initial access",
"relevantCloudProvides": ["EKS", "GKE"],
"controlInputs":  [
{
"Rulename": "rule-credentials-configmap",
"Inputs": [
{
"attributeName": "sensitiveValues",
"values": [ "PRIVATE KEY", "eyJhbGciO"]
}
]
}
]
}
],
"cursor": ""
}

Special fields explanation

complianceScore - how compliant this control is (returns -1 for old versions that don't have this information) relevantCloudProvides - this control is relevant for clusters managed by one of these cloud providers. controlInputs - name of configurable list and it's values that were used in this scan, per rule. designators.attributes.rbacQuery - if appears = name of query in rbac visualizer that's related to this control. designators.attributes.hostSensor - if appears and value is "true" = indication of host sensor control.