Returns list of resources which reported by posture report as affected resource

Query params

customerGUID - required
Gloabl filters (cluster, namespace)
relatedExceptions - optional. Possible values: true/false. Default - "false". Whether to fill the relatedExceptions list.
recommendations - optional. Possible values: true/false. Default - "false". Whether to fill the recommendations list.
controlName - optional. The name of the control to fill the exceptions for (overrides the controlID in the "failedControls" inner filter)

Request object

Standart request body for pagination APIs

Request object examples

Get top 5 resources with the highest number of failed controls from all frameworks:

{
  "pageSize": 5,
  "orderBy": "failedControlsCount:desc"
}

Get all failed Pods resources for "MITRE" framework:

{
  "innerFilters": [
    {
      "frameworkName": "MITRE",
      "resourceKind": "Pod"
    }
  ]
}

Get all resources for a given failed control in a given framework in specific report:

{
  "innerFilters": [
    {
      "frameworkName": "MITRE",
      "statusText": "failed",
      "failedControls": "C0002",
      "reportGUID": "adsdsad-fdsfdsf-fdsfdsf-fdsfdf-fdsf"
    }
  ]
}

Response object

Standart response body for pagination APIs
There is no gurentee there will be any resource in the "response" list or to the numbers of the elements in it.
"failedControls" field is combined from all the failed controls + the warning controls, while the "warningControls" holds just the list of warning controls.

Response object example

{
  "total": {
    "value": 186,
    "relation": "eq"
  },
  "response": [
    {
      "designators": {
        "attributes": {
          "cluster": "cluster1",
          "namespace": "namespace2",
          "kind": "pod",
          "name": "my-pod"
        }
      },
      "name": "wlid://cluster-cluster1/namespace-namespace2/pod-my-pod",
      "failedControls": [
        "C0023",
        "C0329",
        "C0720"
      ],
      "failedControlsCount": 8,
      "warningControls": [
        "C0027",
        "C0322",
        "C0721"
      ],
      "warningControlsCount": 34,
      "statusText": "warning",
      "status": 2,
      "remediation": [
        "C0027: remove privilege",
        "C0721: use another image"
      ],
      "resourceKind": "Pod",
      "frameworkName": "MITRE",
      "exceptionRecommendaion": "e.g. This resource usually has privileged permissions",
      "recommendations": [
        {
          "guid": "ca1f0029-fed8-4be4-b3a6-da6a04f8f394",
          "name": "Exception recommendation associated by ARMO aggregator for 'C-0057' on 'wlid://cluster-bez-minikube-25-10/namespace-kube-system/DaemonSet-kube-proxy'",
          "context": [
            {
              "attribute": "namespace",
              "value": "kube-system",
              "source": "designators.attributes"
            },
            {
              "attribute": "controlID",
              "value": "C-0057",
              "source": ""
            }
          ],
          "recommendationDetails": {
            "action": "create an exception",
            "description": "Expect pods in namespace 'kubesystem' to run with high privileges",
            "descriptionLink": "",
            "context": [
              {
                "attribute": "namespace",
                "value": "kube-system",
                "source": "designators.attributes"
              },
              {
                "attribute": "controlID",
                "value": "C-0057",
                "source": ""
              }
            ],
            "approvement": 1
          },
          "status": 1
        },
        {
          "guid": "ca1f0029-fed8-4be4-b3a6-da6a04f8f394",
          "name": "Exception recommendation associated by ARMO aggregator for 'C-0057' on 'wlid://cluster-bez-minikube-25-10/namespace-kube-system/DaemonSet-kube-proxy'",
          "context": [
            {
              "attribute": "namespace",
              "value": "kube-system",
              "source": "designators.attributes"
            },
            {
              "attribute": "controlID",
              "value": "C-0057",
              "source": ""
            }
          ],
          "recommendationDetails": {
            "action": "update image",
            "description": "new version has no such issue",
            "descriptionLink": "",
            "context": [
              {
                "attribute": "namespace",
                "value": "kube-system",
                "source": "designators.attributes"
              },
              {
                "attribute": "controlID",
                "value": "C-0057",
                "source": ""
              }
            ],
            "approvement": 1
          },
          "status": 1
        },
        {
          "guid": "ca1f0029-fed8-4be4-b3a6-da6a04f8f394",
          "name": "Exception recommendation associated by ARMO aggregator for 'C-0057' on 'wlid://cluster-bez-minikube-25-10/namespace-kube-system/DaemonSet-kube-proxy'",
          "context": [
            {
              "attribute": "namespace",
              "value": "kube-system",
              "source": "designators.attributes"
            }
          ],
          "recommendationDetails": {
            "action": "update image",
            "description": "new version has no such issue",
            "descriptionLink": "",
            "context": [
              {
                "attribute": "namespace",
                "value": "kube-system",
                "source": "designators.attributes"
              }
            ],
            "approvement": 1
          },
          "status": 1
        }
      ],
      "relatedExceptions": [
        {
          "policyType": "postureExceptionPolicy",
          "name": "post111",
          "guid": "fsdfsdfs-dfgdfg-452354365-nvbjgf-34235",
          "actions": [
            "alertOnly"
          ],
          "resources": [
            {
              "designatorType": "attribute",
              "attributes": {
                "cluster": "cluster1",
                "namespace": "namespace2",
                "kind": "pod",
                "name": "my-pod"
              }
            }
          ],
          "posturePolicies": [
            {
              "frameworkName": "MITRE",
              "controlName": "Privileged container"
            }
          ]
        }
      ],
      "exceptionApplied": [
        {
          "policyType": "postureExceptionPolicy",
          "name": "post111",
          "guid": "fsdfsdfs-dfgdfg-452354365-nvbjgf-34235",
          "actions": [
            "alertOnly"
          ],
          "resources": [
            {
              "designatorType": "attribute",
              "attributes": {
                "cluster": "cluster1",
                "namespace": "namespace2",
                "kind": "pod",
                "name": "my-pod"
              }
            }
          ],
          "posturePolicies": [
            {
              "frameworkName": "MITRE",
              "controlName": "Privileged container"
            }
          ]
        }
      ]
    }
  ],
  "cursor": ""
}
Language
Authorization
Header
URL
Click Try It! to start a request and see the response here!