Query params
customerGUID - required.
Gloabl filters (cluster, namespace)
Request object
Standart request body for pagination APIs
Request object examples
Get top 5 controls with the highest number of affected resources from all frameworks:
{
"pageSize": 5,
"orderBy": "affectedResourcesCount:desc"
}
Get all failed controls for "MITRE" framework:
{
"pageSize": 50,
"innerFilters": [
{
"frameworkName": "MITRE",
"statusText": "failed"
}
]
}
Get next page of previous request:
{
"pageSize": 50,
"pageNum": 2,
"innerFilters": [
{
"frameworkName": "MITRE",
"statusText": "failed"
}
]
}
Discussion: The following request (control for resource) needs new API?
Get all failed controls for resource "wlid://cluster-cluster1/namespace-namespace2/pod-my-pod" for "MITRE" framework in specific report:
{
"innerFilters": [
{
"frameworkName": "MITRE",
"statusText": "failed",
"resource.name": "wlid://cluster-cluster1/namespace-namespace2/pod-my-pod",
"reportGUID": "adsdsad-fdsfdsf-fdsfdsf-fdsfdf-fdsf"
}
]
}
Response object
Standart response body for pagination APIs
There is no gurentee there will be any control in the "response" list or to the numbers of the elements in it.
Response object example
{
"total": {
"value": 186,
"relation": "eq"
},
"response": [
{
"designators": {
"designatorType": "",
"attributes": {
"cluster": "minikube1",
"customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566",
"rbacQuery": "Show who can access secrets"
}
},
"id": "C-0001",
"guid": "111111111-aaaaaaaaaaaaa-bbbbbbbbb-aaaaaaaaaa",
"name": "Privilege escalation",
"affectedResourcesCount": 10,
"previousAffectedResourcesCount": 5,
"frameworkName": "MITRE",
"remediation": "don't give high privileges to container",
"status": 3,
"statusText": "failed",
"description": "lorem ipsum ...",
"section": "Initial access",
"relevantCloudProvides": null,
"controlInputs": null
},
{
"designators": {
"designatorType": "",
"attributes": {
"cluster": "minikube1",
"customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566",
"hostSensor": "true"
}
},
"id": "C-0021",
"guid": "111111111-aaaaaaaaaaaaa-bbbbbbbbb-cccccc",
"name": "Untrusted image registry",
"affectedResourcesCount": 45,
"previousAffectedResourcesCount": 15,
"frameworkName": "MITRE",
"remediation": "don't give high privileges to container",
"status": 2,
"statusText": "warning",
"description": "lorem ipsum ...",
"section": "Initial access",
"relevantCloudProvides": [
"EKS",
"GKE"
],
"controlInputs": [
{
"Rulename": "rule-credentials-configmap",
"Inputs": [
{
"attributeName": "sensitiveValues",
"values": [
"PRIVATE KEY",
"eyJhbGciO"
]
}
]
}
]
}
],
"cursor": ""
}
Special fields explanation
scoreImprove - what is the change in the riskScore since the previous framework run
riskScore - how harmful this control is
relevantCloudProvides - this control is relevant for clusters managed by one of these cloud providers.
controlInputs - name of configurable list and it's values that were used in this scan, per rule.
designators.attributes.rbacQuery - if appears = name of query in rbac visualizer that's related to this control.
designators.attributes.hostSensor - if appears and value is "true" = indication of host sensor control.