API Reference
HomeGitHubSign Up

Returns list of posture controls run results

post https://api.armosec.io/api/v1/posture/controls

Query params

customerGUID - required.
Gloabl filters (cluster, namespace)

Request object

Standart request body for pagination APIs

Request object examples

Get top 5 controls with the highest number of affected resources from all frameworks:

{
  "pageSize": 5,
  "orderBy": "affectedResourcesCount:desc"
}

Get all failed controls for "MITRE" framework:

{
  "pageSize": 50,
  "innerFilters": [
    {
      "frameworkName": "MITRE",
      "statusText": "failed"
    }
  ]
}

Get next page of previous request:

{
  "pageSize": 50,
  "pageNum": 2,
  "innerFilters": [
    {
      "frameworkName": "MITRE",
      "statusText": "failed"
    }
  ]
}

Discussion: The following request (control for resource) needs new API?
Get all failed controls for resource "wlid://cluster-cluster1/namespace-namespace2/pod-my-pod" for "MITRE" framework in specific report:

{
  "innerFilters": [
    {
      "frameworkName": "MITRE",
      "statusText": "failed",
      "resource.name": "wlid://cluster-cluster1/namespace-namespace2/pod-my-pod",
      "reportGUID": "adsdsad-fdsfdsf-fdsfdsf-fdsfdf-fdsf"
    }
  ]
}

Response object

Standart response body for pagination APIs
There is no gurentee there will be any control in the "response" list or to the numbers of the elements in it.

Response object example

{
  "total": {
    "value": 186,
    "relation": "eq"
  },
  "response": [
    {
      "designators": {
        "designatorType": "",
        "attributes": {
          "cluster": "minikube1",
          "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566",
          "rbacQuery": "Show who can access secrets"
        }
      },
      "id": "C-0001",
      "guid": "111111111-aaaaaaaaaaaaa-bbbbbbbbb-aaaaaaaaaa",
      "name": "Privilege escalation",
      "affectedResourcesCount": 10,
      "previousAffectedResourcesCount": 5,
      "frameworkName": "MITRE",
      "remediation": "don't give high privileges to container",
      "status": 3,
      "statusText": "failed",
      "description": "lorem ipsum ...",
      "section": "Initial access",
      "relevantCloudProvides": null,
      "controlInputs": null
    },
    {
      "designators": {
        "designatorType": "",
        "attributes": {
          "cluster": "minikube1",
          "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566",
          "hostSensor": "true"
        }
      },
      "id": "C-0021",
      "guid": "111111111-aaaaaaaaaaaaa-bbbbbbbbb-cccccc",
      "name": "Untrusted image registry",
      "affectedResourcesCount": 45,
      "previousAffectedResourcesCount": 15,
      "frameworkName": "MITRE",
      "remediation": "don't give high privileges to container",
      "status": 2,
      "statusText": "warning",
      "description": "lorem ipsum ...",
      "section": "Initial access",
      "relevantCloudProvides": [
        "EKS",
        "GKE"
      ],
      "controlInputs": [
        {
          "Rulename": "rule-credentials-configmap",
          "Inputs": [
            {
              "attributeName": "sensitiveValues",
              "values": [
                "PRIVATE KEY",
                "eyJhbGciO"
              ]
            }
          ]
        }
      ]
    }
  ],
  "cursor": ""
}

Special fields explanation

scoreImprove - what is the change in the riskScore since the previous framework run
riskScore - how harmful this control is
relevantCloudProvides - this control is relevant for clusters managed by one of these cloud providers.
controlInputs - name of configurable list and it's values that were used in this scan, per rule.
designators.attributes.rbacQuery - if appears = name of query in rbac visualizer that's related to this control.
designators.attributes.hostSensor - if appears and value is "true" = indication of host sensor control.

Language
Credentials
Header
URL
Click Try It! to start a request and see the response here!