Get Risk Score

post /public_api/v1/get_risk_score

Retrieve the risk score of a specific user or endpoint in your environment, along with the reason for the score.

Required license: Identity Threat Module

CURL

  curl -X POST \

-H "Accept: application/json" \
 -H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/get_risk_score" \
 -d '{
  "request_data" : {
    "id" : "id"
  }
}'
  

Request

Body

optional

Example: {"request_data":{"id":""}}

request_data

optional

A dictionary containing the API request fields.

required

String

Unique ID of a specific user or endpoint.

User ID should be in the following format: netBIOS/samAccount
Endpoint ID is the Cortex Agent ID. You can only request one ID at a time.

Responses

Body

optional

JSON object containing the query result.

type

optional

String

Form of identification element.

optional

String

Identification value of the type field.

score

optional

Integer

The score assigned to the type.

norm_risk_score

optional

Integer

Normalization of the risk score.

risk_level

optional

String (Enum)

The risk level.

Allowed values:

LOW

MED

HIGH

reasons

optional

Array

Details describing when and which incident name affected the score.

date created

optional

String

description

optional

String

severity

optional

String

status

optional

String

points

optional

Integer

Bad Request. Got an invalid JSON.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Unauthorized access. User does not have the required license type to run this API.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Internal server error. A unified status for API communication type errors.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.