Get CWP Policies (v1)

Cortex XSIAM Platform APIs
get /public_api/v1/cwp/policies

Cloud Workload Policies help you prevent and manage security violations in your cloud runtime instances. They enable you to apply detection logic to specific asset groups at the desired SDLC stage, and define what action needs to be taken if the conditions are met.

Get all CWP policies of the given type. Default behavior is all.

Required license: Requires the Cortex Cloud Runtime Security add-on. Not available in Cortex XSIAM Enterprise Plus.

Request headers
Authorization String required

{api_key}
Example: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP
x-xdr-auth-id String required

{api_key_id}
Example: 241
Query parameters
types array[PolicyType]

The policy type
CLIENT REQUEST
curl -X 'GET'
-H 'Accept: application/json,application/json; charset=UTF-8'
-H 'Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ' -H 'x-xdr-auth-id: 241'
'https://api-yourfqdn/public_api/v1/cwp/policies?types='
import http.client conn = http.client.HTTPSConnection("api-yourfqdn") headers = { 'Authorization': "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ", 'x-xdr-auth-id': "241" } conn.request("GET", "/public_api/v1/cwp/policies?types=SOME_ARRAY_VALUE", headers=headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-yourfqdn/public_api/v1/cwp/policies?types=SOME_ARRAY_VALUE") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Get.new(url) request["Authorization"] = 'UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ' request["x-xdr-auth-id"] = '241' response = http.request(request) puts response.read_body
const data = null; const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("GET", "https://api-yourfqdn/public_api/v1/cwp/policies?types=SOME_ARRAY_VALUE"); xhr.setRequestHeader("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP "); xhr.setRequestHeader("x-xdr-auth-id", "241"); xhr.send(data);
HttpResponse<String> response = Unirest.get("https://api-yourfqdn/public_api/v1/cwp/policies?types=SOME_ARRAY_VALUE") .header("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ") .header("x-xdr-auth-id", "241") .asString();
import Foundation let headers = [ "Authorization": "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ", "x-xdr-auth-id": "241" ] let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/cwp/policies?types=SOME_ARRAY_VALUE")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "GET" request.allHTTPHeaderFields = headers let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-yourfqdn/public_api/v1/cwp/policies?types=SOME_ARRAY_VALUE", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "GET", CURLOPT_HTTPHEADER => [ "Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ", "x-xdr-auth-id: 241" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "GET"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/cwp/policies?types=SOME_ARRAY_VALUE"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP "); headers = curl_slist_append(headers, "x-xdr-auth-id: 241"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-yourfqdn/public_api/v1/cwp/policies?types=SOME_ARRAY_VALUE"); var request = new RestRequest(Method.GET); request.AddHeader("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP "); request.AddHeader("x-xdr-auth-id", "241"); IRestResponse response = client.Execute(request);
Responses

Success

Body
application/json

The response you get when calling the get policies path

[
idstring
revisioninteger
createdAtstringdate-time
modifiedAtstringdate-time
typestring (Enum)required

One of the supported policy types

Example:"MALWARE"
Allowed values:"COMPLIANCE""MALWARE""SECRET""TRUSTED_IMAGES"
createdBystring
disabledboolean
namestringrequired
descriptionstringrequired
evaluationModesarray[string]
evaluationStagestring (Enum)required

One of the supported evaluation stages

Example:"CI"
Allowed values:"CI""RUNTIME""DEPLOY"null
rulesIdsarray[string]required

The UUIDs of the rules that define the condition The rulesIds field is only required for non-compliance policies.

conditionstringrequiredbyte

The condition field is only required for non-compliance policies.

exceptionstringbyte
assetScopestringbyte
assetGroupsIDsarray[integer]required
assetGroupsarray[string]
actionstring (Enum)required

One of the supported policy actions

Example:"ISSUE"
Allowed values:"ISSUE""PREVENT"null
severitystring (Enum)required

One of the supported policy severities

Example:"CRITICAL"
Allowed values:"LOW""MEDIUM""HIGH""CRITICAL"null
missingInformationActionstring (Enum)required

One of the supported policy actions

Example:"ISSUE"
Allowed values:"ISSUE""PREVENT"null
remediationGuidancestring
]
RESPONSE
[ { "id": "1", "revision": 3, "createdAt": "2024-07-28T18:50:55Z", "modifiedAt": "2024-07-28T18:50:55Z", "type": "COMPLIANCE", "createdBy": "admin", "disabled": false, "name": "some policy", "description": "some policy description", "evaluationModes": [ "PERIODIC" ], "evaluationStage": "CI", "rulesIds": [ "1", "2" ], "condition": "U29tZUJhc2U2NEGhdGE=", "exception": "U29tZUJhc2U2NEhhdGE=", "assetScope": "U29tZUJhc2U2NE2hdGE=", "assetGroupsIDs": [ 1, 2 ], "assetGroups": [ "group1", "group2" ], "action": "ISSUE", "severity": "CRITICAL", "remediationGuidance": "some remediation guidance", "missingInformationAction": "ISSUE" } ]

Client error

Body
application/json
err_msgstringrequired

The error message

metadataobject

Details for the PublicAPIError

codestring (Enum)required

A short, programmatically safe string indicating the error code reported

Example:"NOT_FOUND"
Allowed values:"BAD_REQUEST""INTERNAL_ERROR""NOT_FOUND""FORBIDDEN"
RESPONSE
{ "err_msg": "Bad Request", "metadata": { "code": "BAD_REQUEST" } }

Service had unexpected internal error

Body
application/json; charset=UTF-8
err_msgstringrequired

The error message

metadataobject

Details for the PublicAPIError

codestring (Enum)required

A short, programmatically safe string indicating the error code reported

Example:"NOT_FOUND"
Allowed values:"BAD_REQUEST""INTERNAL_ERROR""NOT_FOUND""FORBIDDEN"
RESPONSE
[application/json; charset=UTF-8 content]