Create an application

post /public_api/appsec/v1/application

Creates a new application asset based on the provided details, such as name, criticality, and asset selection.

Required license:

Cortex XSIAM Premium. In Cortex XSIAM Enterprise and Cortex NG SIEM, requires the Cortex Cloud Posture Management add-on. Not supported in XSIAM Enterprise Plus.

Request headers

Authorization String required

{api_key}

Example:

UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP

x-xdr-auth-id String required

{api_key_id}

Example: 241

CLIENT REQUEST

          curl -X 'POST'

        -H
        'Accept: application/json'
      

        -H
        'Content-Type: application/json'
      

          -H
          'Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP '
          -H
          'x-xdr-auth-id: 241'
      

      'https://api-yourfqdn/public_api/appsec/v1/application'
    

      -d
      '{
  "productManager" : [ "productManager", "productManager" ],
  "assetSelection" : {
    "filter" : {
      "values" : [ "values", "values" ]
    },
    "assetIds" : [ "assetIds", "assetIds" ]
  },
  "businessUnit" : "businessUnit",
  "name" : "name",
  "description" : "description",
  "devOwner" : [ "devOwner", "devOwner" ],
  "devOpsOwner" : [ "devOpsOwner", "devOpsOwner" ],
  "businessOwner" : [ "businessOwner", "businessOwner" ]
}'
    


      

import http.client

conn = http.client.HTTPSConnection("api-yourfqdn")

payload = "{\"name\":\"string\",\"businessCriticality\":\"Critical\",\"businessUnit\":\"string\",\"creationType\":\"Auto\",\"description\":\"string\",\"compliance\":\"PCI-DSS\",\"businessOwner\":[\"string\"],\"devOwner\":[\"string\"],\"devOpsOwner\":[\"string\"],\"productManager\":[\"string\"],\"assetSelection\":{\"selectionType\":\"filter\",\"section\":\"code\",\"filter\":{\"values\":[\"string\"],\"provider\":\"CIRCLE_CI\",\"filterType\":\"REPOSITORY\"},\"assetIds\":[\"string\"]}}"

headers = {
    'Authorization': "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ",
    'x-xdr-auth-id': "241",
    'content-type': "application/json"
    }

conn.request("POST", "/public_api/appsec/v1/application", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://api-yourfqdn/public_api/appsec/v1/application")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["Authorization"] = 'UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP '
request["x-xdr-auth-id"] = '241'
request["content-type"] = 'application/json'
request.body = "{\"name\":\"string\",\"businessCriticality\":\"Critical\",\"businessUnit\":\"string\",\"creationType\":\"Auto\",\"description\":\"string\",\"compliance\":\"PCI-DSS\",\"businessOwner\":[\"string\"],\"devOwner\":[\"string\"],\"devOpsOwner\":[\"string\"],\"productManager\":[\"string\"],\"assetSelection\":{\"selectionType\":\"filter\",\"section\":\"code\",\"filter\":{\"values\":[\"string\"],\"provider\":\"CIRCLE_CI\",\"filterType\":\"REPOSITORY\"},\"assetIds\":[\"string\"]}}"

response = http.request(request)
puts response.read_body

const data = JSON.stringify({
  "name": "string",
  "businessCriticality": "Critical",
  "businessUnit": "string",
  "creationType": "Auto",
  "description": "string",
  "compliance": "PCI-DSS",
  "businessOwner": [
    "string"
  ],
  "devOwner": [
    "string"
  ],
  "devOpsOwner": [
    "string"
  ],
  "productManager": [
    "string"
  ],
  "assetSelection": {
    "selectionType": "filter",
    "section": "code",
    "filter": {
      "values": [
        "string"
      ],
      "provider": "CIRCLE_CI",
      "filterType": "REPOSITORY"
    },
    "assetIds": [
      "string"
    ]
  }
});

const xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api-yourfqdn/public_api/appsec/v1/application");
xhr.setRequestHeader("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ");
xhr.setRequestHeader("x-xdr-auth-id", "241");
xhr.setRequestHeader("content-type", "application/json");

xhr.send(data);

HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/appsec/v1/application")
  .header("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ")
  .header("x-xdr-auth-id", "241")
  .header("content-type", "application/json")
  .body("{\"name\":\"string\",\"businessCriticality\":\"Critical\",\"businessUnit\":\"string\",\"creationType\":\"Auto\",\"description\":\"string\",\"compliance\":\"PCI-DSS\",\"businessOwner\":[\"string\"],\"devOwner\":[\"string\"],\"devOpsOwner\":[\"string\"],\"productManager\":[\"string\"],\"assetSelection\":{\"selectionType\":\"filter\",\"section\":\"code\",\"filter\":{\"values\":[\"string\"],\"provider\":\"CIRCLE_CI\",\"filterType\":\"REPOSITORY\"},\"assetIds\":[\"string\"]}}")
  .asString();

import Foundation

let headers = [
  "Authorization": "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ",
  "x-xdr-auth-id": "241",
  "content-type": "application/json"
]
let parameters = [
  "name": "string",
  "businessCriticality": "Critical",
  "businessUnit": "string",
  "creationType": "Auto",
  "description": "string",
  "compliance": "PCI-DSS",
  "businessOwner": ["string"],
  "devOwner": ["string"],
  "devOpsOwner": ["string"],
  "productManager": ["string"],
  "assetSelection": [
    "selectionType": "filter",
    "section": "code",
    "filter": [
      "values": ["string"],
      "provider": "CIRCLE_CI",
      "filterType": "REPOSITORY"
    ],
    "assetIds": ["string"]
  ]
] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/appsec/v1/application")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()

<?php

$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://api-yourfqdn/public_api/appsec/v1/application",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "{\"name\":\"string\",\"businessCriticality\":\"Critical\",\"businessUnit\":\"string\",\"creationType\":\"Auto\",\"description\":\"string\",\"compliance\":\"PCI-DSS\",\"businessOwner\":[\"string\"],\"devOwner\":[\"string\"],\"devOpsOwner\":[\"string\"],\"productManager\":[\"string\"],\"assetSelection\":{\"selectionType\":\"filter\",\"section\":\"code\",\"filter\":{\"values\":[\"string\"],\"provider\":\"CIRCLE_CI\",\"filterType\":\"REPOSITORY\"},\"assetIds\":[\"string\"]}}",
  CURLOPT_HTTPHEADER => [
    "Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ",
    "content-type: application/json",
    "x-xdr-auth-id: 241"
  ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

CURL *hnd = curl_easy_init();

curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/appsec/v1/application");

struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ");
headers = curl_slist_append(headers, "x-xdr-auth-id: 241");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);

curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"name\":\"string\",\"businessCriticality\":\"Critical\",\"businessUnit\":\"string\",\"creationType\":\"Auto\",\"description\":\"string\",\"compliance\":\"PCI-DSS\",\"businessOwner\":[\"string\"],\"devOwner\":[\"string\"],\"devOpsOwner\":[\"string\"],\"productManager\":[\"string\"],\"assetSelection\":{\"selectionType\":\"filter\",\"section\":\"code\",\"filter\":{\"values\":[\"string\"],\"provider\":\"CIRCLE_CI\",\"filterType\":\"REPOSITORY\"},\"assetIds\":[\"string\"]}}");

CURLcode ret = curl_easy_perform(hnd);

var client = new RestClient("https://api-yourfqdn/public_api/appsec/v1/application");
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ");
request.AddHeader("x-xdr-auth-id", "241");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"name\":\"string\",\"businessCriticality\":\"Critical\",\"businessUnit\":\"string\",\"creationType\":\"Auto\",\"description\":\"string\",\"compliance\":\"PCI-DSS\",\"businessOwner\":[\"string\"],\"devOwner\":[\"string\"],\"devOpsOwner\":[\"string\"],\"productManager\":[\"string\"],\"assetSelection\":{\"selectionType\":\"filter\",\"section\":\"code\",\"filter\":{\"values\":[\"string\"],\"provider\":\"CIRCLE_CI\",\"filterType\":\"REPOSITORY\"},\"assetIds\":[\"string\"]}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);

Body parameters

required

application/json

namestringrequired

A unique name for the application asset.

businessCriticalitystring (Enum)required

The operational importance of the asset.

Allowed values:"Critical""High""Medium""Low"

businessUnitstring

Business unit responsible for the asset.

creationTypestring (Enum)required

Defines how the application asset is created.

Allowed values:"Auto""Manual"

descriptionstring

A brief description of the asset's purpose.

compliancestring (Enum)

The compliance status or requirement category for an asset.

Allowed values:"PCI-DSS""ISO 27001""SOX""NIST""GDPR""CCPA""HIPAA""FedRAMP"

businessOwnerarray[string]

A list of stakeholders responsible for the asset from the business side.

devOwnerarray[string]

A list of primary developers or engineering leads responsible for the code.

devOpsOwnerarray[string]

A list of SRE or DevOps engineers managing the infrastructure.

productManagerarray[string]

A list of product managers responsible for overseeing the application asset.

assetSelectionobject

Define the logic for how specific technical assets must be linked to this application.

selectionTypestring (Enum)required

Method to select application assets.

Allowed values:"filter""assetIds"

sectionstring (Enum)required

Identifies the functional section to which the asset selection applies.

Allowed values:"code""run"

filterobject

Defines filter criteria to dynamically select application assets. This field supports one of the supported application asset selection filter types.

Any of

valuesarray[string]required

If the filterType is REPOSITORY, enter the repository ID as the value. If the filterType is ORGANIZATION, enter the organization URL of the provider.

providerobject

Any of

string (Enum)

Build system or CI provider used for the asset. Allowed values: CIRCLE_CI JENKINS GITLAB_CI AZURE_PIPELINES GITHUB_ACTIONS

Allowed values:"CIRCLE_CI""JENKINS""GITLAB_CI""AZURE_PIPELINES""GITHUB_ACTIONS"

string (Enum)

Source code management (SCM) or code hosting provider. Allowed values: GITLAB, GITHUB, BITBUCKET, AZURE_REPOS, AWS_CODE_COMMIT

Allowed values:"GITLAB""GITHUB""BITBUCKET""AZURE_REPOS""AWS_CODE_COMMIT"

string (Enum)

Runtime or execution environment provider for the application or asset. Allowed Values: GCP, AWS, AZURE

Allowed values:"GCP""AWS""AZURE"

string (Enum)

Deployment platform or system used to deploy the application or asset. Allowed values: ACR ECR GAR JFrog Docker

Allowed values:"ACR""ECR""GAR""JFrog""Docker"

filterTypeobjectrequired

The asset attribute used to filter assets from the selected provider.

Any of

string (Enum)

Specifies the available values for the code type filter.

Allowed values:"REPOSITORY""ORGANIZATION""CODE"

string (Enum)

Specifies the available values for the run type filter.

Allowed values:"K8S_NAMESPACE""K8S_CLUSTER""ORGANIZATION""RESOURCE_TAG""VPC""ACCOUNT"

valuesobjectrequired

Container for filter values used to match application assets.

orgUrlstring

Organization URL used to filter assets belonging to a specific organization.

repositoryIdstring

Unique identifier of the repository used to filter assets.

projectUrlstring

Project URL used to filter assets belonging to a specific project.

orgUnifyFilterobject

Defines unification rules applied at the organization level.

providersobjectrequired

Any of

string (Enum)

Build system or CI provider used for the asset. Allowed values: CIRCLE_CI JENKINS GITLAB_CI AZURE_PIPELINES GITHUB_ACTIONS

Allowed values:"CIRCLE_CI""JENKINS""GITLAB_CI""AZURE_PIPELINES""GITHUB_ACTIONS"

string (Enum)

Source code management (SCM) or code hosting provider. Allowed values: GITLAB, GITHUB, BITBUCKET, AZURE_REPOS, AWS_CODE_COMMIT

Allowed values:"GITLAB""GITHUB""BITBUCKET""AZURE_REPOS""AWS_CODE_COMMIT"

string (Enum)

Runtime or execution environment provider for the application or asset. Allowed Values: GCP, AWS, AZURE

Allowed values:"GCP""AWS""AZURE"

string (Enum)

Deployment platform or system used to deploy the application or asset. Allowed values: ACR ECR GAR JFrog Docker

Allowed values:"ACR""ECR""GAR""JFrog""Docker"

namestringrequired

Name of the organization used for asset unification.

projectUnifyFilterobject

Defines unification rules applied at the project level.

providersobjectrequired

Any of

string (Enum)

Build system or CI provider used for the asset. Allowed values: CIRCLE_CI JENKINS GITLAB_CI AZURE_PIPELINES GITHUB_ACTIONS

Allowed values:"CIRCLE_CI""JENKINS""GITLAB_CI""AZURE_PIPELINES""GITHUB_ACTIONS"

string (Enum)

Source code management (SCM) or code hosting provider. Allowed values: GITLAB, GITHUB, BITBUCKET, AZURE_REPOS, AWS_CODE_COMMIT

Allowed values:"GITLAB""GITHUB""BITBUCKET""AZURE_REPOS""AWS_CODE_COMMIT"

string (Enum)

Runtime or execution environment provider for the application or asset. Allowed Values: GCP, AWS, AZURE

Allowed values:"GCP""AWS""AZURE"

string (Enum)

Deployment platform or system used to deploy the application or asset. Allowed values: ACR ECR GAR JFrog Docker

Allowed values:"ACR""ECR""GAR""JFrog""Docker"

namestringrequired

Name of the project used for asset unification.

repositoryUnifyFilterobject

Defines unification rules applied at the repository level.

providersobjectrequired

Any of

string (Enum)

Build system or CI provider used for the asset. Allowed values: CIRCLE_CI JENKINS GITLAB_CI AZURE_PIPELINES GITHUB_ACTIONS

Allowed values:"CIRCLE_CI""JENKINS""GITLAB_CI""AZURE_PIPELINES""GITHUB_ACTIONS"

string (Enum)

Source code management (SCM) or code hosting provider. Allowed values: GITLAB, GITHUB, BITBUCKET, AZURE_REPOS, AWS_CODE_COMMIT

Allowed values:"GITLAB""GITHUB""BITBUCKET""AZURE_REPOS""AWS_CODE_COMMIT"

string (Enum)

Runtime or execution environment provider for the application or asset. Allowed Values: GCP, AWS, AZURE

Allowed values:"GCP""AWS""AZURE"

string (Enum)

Deployment platform or system used to deploy the application or asset. Allowed values: ACR ECR GAR JFrog Docker

Allowed values:"ACR""ECR""GAR""JFrog""Docker"

namestringrequired

Name of the repository used for asset unification.

filterTypeobject

The asset attribute used to filter assets from the selected provider.

Any of

string (Enum)

Specifies the available values for the code type filter.

Allowed values:"REPOSITORY""ORGANIZATION""CODE"

string (Enum)

Specifies the available values for the run type filter.

Allowed values:"K8S_NAMESPACE""K8S_CLUSTER""ORGANIZATION""RESOURCE_TAG""VPC""ACCOUNT"

string

Defines filter criteria to dynamically select application assets. This field supports one of the supported application asset selection filter types.

assetIdsarray[string]

A list of unique identifiers representing the assets to be included.

REQUESTExample 1
{
  "name": "test-app",
  "businessCriticality": "Low",
  "businessUnit": "string",
  "creationType": "Auto",
  "description": "string",
  "businessOwner": [],
  "devOwner": [],
  "devOpsOwner": [],
  "productManager": [],
  "assetSelection": {
    "selectionType": "filter",
    "section": "code",
    "filter": {
      "values": [
        "928aa0b599d2df33978d958e96d146fc299ac68f02fda5cc376440f41452c2e0"
      ],
      "provider": "GITHUB",
      "filterType": "REPOSITORY"
    },
    "assetIds": []
  }
}

Responses

Body

application/json

statusbooleanrequired

Displays the status of the application.

Default:true

applicationIdstring

Displays the Asset ID of the application.

Example:"a7dc11ea688c73dbbc759459ba661d7f7a7edaad229a3fdb50701b6548535f5b"

RESPONSE
{
  "status": false,
  "applicationId": "a7dc11ea688c73dbbc759459ba661d7f7a7edaad229a3fdb50701b6548535f5b"
}

Not Found

Body

application/json

errorCodestring

Displays the error code.

Example:"\"errorCode\": \"_NotFoundError\""

messagestring

Displays the error message.

Example:"\"message\": \"Some assets do not exist in the database.\""

RESPONSE
{
  "errorCode": "\"errorCode\": \"_NotFoundError\"",
  "message": "\"message\": \"Some assets do not exist in the database.\""
}

Conflict. Occurs when an application with the specified name already exists.

Resolution

Provide a unique name for the application.

Body

application/json

errorCodestring

Displays the error code.

Example:"\"errorCode\": \"_ConflictError\""

messagestring

Displays the error message.

Example:"\"message\": \"Application already exists\""

RESPONSEExample 1
{
  "error": "string",
  "message": "string"
}

Internal Server Error. Occurs when the server encounters an unexpected condition that prevents it from fulfilling the request.

Resolution

This is a server-side issue. No action is required from you. If the problem persists, try again later.

Body

application/json

errorCodestring

Default:"InternalServerError"

messagestring

Default:"Internal Server Error"

RESPONSE
{
  "errorCode": "example",
  "message": "example"
}