Query params
customerGUID - required
Gloabl filters (cluster, namespace)
relatedExceptions - optional. Possible values: true/false. Default - "false". Whether to fill the relatedExceptions list.
recommendations - optional. Possible values: true/false. Default - "false". Whether to fill the recommendations list.
controlName - optional. The name of the control to fill the exceptions for (overrides the controlID in the "failedControls" inner filter)
Request object
Standart request body for pagination APIs
Request object examples
Get top 5 resources with the highest number of failed controls from all frameworks:
{
"pageSize": 5,
"orderBy": "failedControlsCount:desc"
}
Get all failed Pods resources for "MITRE" framework:
{
"innerFilters": [
{
"frameworkName": "MITRE",
"resourceKind": "Pod"
}
]
}
Get all resources for a given failed control in a given framework in specific report:
{
"innerFilters": [
{
"frameworkName": "MITRE",
"statusText": "failed",
"failedControls": "C0002",
"reportGUID": "adsdsad-fdsfdsf-fdsfdsf-fdsfdf-fdsf"
}
]
}
Response object
Standart response body for pagination APIs
There is no gurentee there will be any resource in the "response" list or to the numbers of the elements in it.
"failedControls" field is combined from all the failed controls + the warning controls, while the "warningControls" holds just the list of warning controls.
Response object example
{
"total": {
"value": 186,
"relation": "eq"
},
"response": [
{
"designators": {
"attributes": {
"cluster": "cluster1",
"namespace": "namespace2",
"kind": "pod",
"name": "my-pod"
}
},
"name": "wlid://cluster-cluster1/namespace-namespace2/pod-my-pod",
"failedControls": [
"C0023",
"C0329",
"C0720"
],
"failedControlsCount": 8,
"warningControls": [
"C0027",
"C0322",
"C0721"
],
"warningControlsCount": 34,
"statusText": "warning",
"status": 2,
"remediation": [
"C0027: remove privilege",
"C0721: use another image"
],
"resourceKind": "Pod",
"frameworkName": "MITRE",
"exceptionRecommendaion": "e.g. This resource usually has privileged permissions",
"recommendations": [
{
"guid": "ca1f0029-fed8-4be4-b3a6-da6a04f8f394",
"name": "Exception recommendation associated by ARMO aggregator for 'C-0057' on 'wlid://cluster-bez-minikube-25-10/namespace-kube-system/DaemonSet-kube-proxy'",
"context": [
{
"attribute": "namespace",
"value": "kube-system",
"source": "designators.attributes"
},
{
"attribute": "controlID",
"value": "C-0057",
"source": ""
}
],
"recommendationDetails": {
"action": "create an exception",
"description": "Expect pods in namespace 'kubesystem' to run with high privileges",
"descriptionLink": "",
"context": [
{
"attribute": "namespace",
"value": "kube-system",
"source": "designators.attributes"
},
{
"attribute": "controlID",
"value": "C-0057",
"source": ""
}
],
"approvement": 1
},
"status": 1
},
{
"guid": "ca1f0029-fed8-4be4-b3a6-da6a04f8f394",
"name": "Exception recommendation associated by ARMO aggregator for 'C-0057' on 'wlid://cluster-bez-minikube-25-10/namespace-kube-system/DaemonSet-kube-proxy'",
"context": [
{
"attribute": "namespace",
"value": "kube-system",
"source": "designators.attributes"
},
{
"attribute": "controlID",
"value": "C-0057",
"source": ""
}
],
"recommendationDetails": {
"action": "update image",
"description": "new version has no such issue",
"descriptionLink": "",
"context": [
{
"attribute": "namespace",
"value": "kube-system",
"source": "designators.attributes"
},
{
"attribute": "controlID",
"value": "C-0057",
"source": ""
}
],
"approvement": 1
},
"status": 1
},
{
"guid": "ca1f0029-fed8-4be4-b3a6-da6a04f8f394",
"name": "Exception recommendation associated by ARMO aggregator for 'C-0057' on 'wlid://cluster-bez-minikube-25-10/namespace-kube-system/DaemonSet-kube-proxy'",
"context": [
{
"attribute": "namespace",
"value": "kube-system",
"source": "designators.attributes"
}
],
"recommendationDetails": {
"action": "update image",
"description": "new version has no such issue",
"descriptionLink": "",
"context": [
{
"attribute": "namespace",
"value": "kube-system",
"source": "designators.attributes"
}
],
"approvement": 1
},
"status": 1
}
],
"relatedExceptions": [
{
"policyType": "postureExceptionPolicy",
"name": "post111",
"guid": "fsdfsdfs-dfgdfg-452354365-nvbjgf-34235",
"actions": [
"alertOnly"
],
"resources": [
{
"designatorType": "attribute",
"attributes": {
"cluster": "cluster1",
"namespace": "namespace2",
"kind": "pod",
"name": "my-pod"
}
}
],
"posturePolicies": [
{
"frameworkName": "MITRE",
"controlName": "Privileged container"
}
]
}
],
"exceptionApplied": [
{
"policyType": "postureExceptionPolicy",
"name": "post111",
"guid": "fsdfsdfs-dfgdfg-452354365-nvbjgf-34235",
"actions": [
"alertOnly"
],
"resources": [
{
"designatorType": "attribute",
"attributes": {
"cluster": "cluster1",
"namespace": "namespace2",
"kind": "pod",
"name": "my-pod"
}
}
],
"posturePolicies": [
{
"frameworkName": "MITRE",
"controlName": "Privileged container"
}
]
}
]
}
],
"cursor": ""
}