Get all Attack Surface Rules

Cortex XSIAM Platform APIs
post /public_api/v1/get_attack_surface_rules

Get all or a subset of attack surface rules.

Required license: Cortex XSIAM Premium or Cortex XSIAM Enterprise Plus. In Cortex XSIAM Enterprise and Cortex NG SIEM, requires the ASM add-on.

Request headers
authorization String required

api-key
Example: {{api_key}}
x-xdr-auth-id String required

api-key-id
Example: {{api_key_id}}
CLIENT REQUEST
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'authorization: {{api_key}}' -H 'x-xdr-auth-id: {{api_key_id}}'
'https://api-yourfqdn/public_api/v1/get_attack_surface_rules'
-d '{ "request_data" : { "search_from" : 0, "filters" : [ { "field" : "attack_surface_rule_id", "value" : "AttackSurfaceRulesFilter_value", "operator" : "in" }, { "field" : "attack_surface_rule_id", "value" : "AttackSurfaceRulesFilter_value", "operator" : "in" } ], "sort" : { "field" : "created", "keyword" : "desc" }, "search_to" : 0 } }'
import http.client conn = http.client.HTTPSConnection("api-yourfqdn") payload = "{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}" headers = { 'authorization': "{{api_key}}", 'x-xdr-auth-id': "{{api_key_id}}", 'content-type': "application/json" } conn.request("POST", "/public_api/v1/get_attack_surface_rules", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-yourfqdn/public_api/v1/get_attack_surface_rules") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["authorization"] = '{{api_key}}' request["x-xdr-auth-id"] = '{{api_key_id}}' request["content-type"] = 'application/json' request.body = "{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "request_data": { "filters": [ { "field": "attack_surface_rule_id", "operator": "in", "value": "string" } ], "search_from": 0, "search_to": 500, "sort": { "field": "enabled_status", "keyword": "ASC" } } }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-yourfqdn/public_api/v1/get_attack_surface_rules"); xhr.setRequestHeader("authorization", "{{api_key}}"); xhr.setRequestHeader("x-xdr-auth-id", "{{api_key_id}}"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/get_attack_surface_rules") .header("authorization", "{{api_key}}") .header("x-xdr-auth-id", "{{api_key_id}}") .header("content-type", "application/json") .body("{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}") .asString();
import Foundation let headers = [ "authorization": "{{api_key}}", "x-xdr-auth-id": "{{api_key_id}}", "content-type": "application/json" ] let parameters = ["request_data": [ "filters": [ [ "field": "attack_surface_rule_id", "operator": "in", "value": "string" ] ], "search_from": 0, "search_to": 500, "sort": [ "field": "enabled_status", "keyword": "ASC" ] ]] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/get_attack_surface_rules")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-yourfqdn/public_api/v1/get_attack_surface_rules", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}", CURLOPT_HTTPHEADER => [ "authorization: {{api_key}}", "content-type: application/json", "x-xdr-auth-id: {{api_key_id}}" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/get_attack_surface_rules"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "authorization: {{api_key}}"); headers = curl_slist_append(headers, "x-xdr-auth-id: {{api_key_id}}"); headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-yourfqdn/public_api/v1/get_attack_surface_rules"); var request = new RestRequest(Method.POST); request.AddHeader("authorization", "{{api_key}}"); request.AddHeader("x-xdr-auth-id", "{{api_key_id}}"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Body parameters
required
application/json
request_dataobjectrequired

(Required) A dictionary containing the API request fields.
An empty dictionary returns all results.

filtersarray

Provides an array of filtered fields. Each JSON object can contain the following keywords:

  • field
  • operators
  • value
[
fieldstring (Enum)

Identifies the alert field the filter is matching. Filters are based on the following keywords:

  • enabled_status
  • category
  • priority
  • attack_surface_rule_id
  • asm_alert_categories
Allowed values:"attack_surface_rule_id""category""priority""enabled_status""asm_alert_categories"
operatorstring (Enum)

String that identifies the comparison operator you want to use for this filter.

  • in
Allowed values:"in"
valueobject

Value that this filter must match. The contents of this field will differ depending on the alert field that you specified for this filter

string

Value that this filter must match. The contents of this field will differ depending on the alert field that you specified for this filter

Array
]
search_frominteger

An integer representing the starting offset within the query result set from which you want attack surface rules returned

search_tointeger

An integer representing the end offset within the result set after which you do not want attack surface rules returned.
Attack surface rules in the alerts list that are indexed higher than this value are not returned in the final results set.

Default:500
sortobject

Identifies the sort order for the result set. By default, the sort is defined as created, DESC.

fieldstring (Enum)
Default:"created"
Allowed values:"enabled_status""priority""category""attack_surface_rule_id""attack_surface_rule_name""created"
keywordstring (Enum)

Can either be ASC (ascending order) or DESC (descending order).

Default:"desc"
Allowed values:"ASC""asc""DESC""desc"
REQUEST
{ "request_data": { "filters": [ { "field": "attack_surface_rule_id", "operator": "in", "value": "example" } ], "search_from": 0, "search_to": 0, "sort": { "field": "enabled_status", "keyword": "ASC" } } }
{ "request_data": { "filters": [ { "field": "attack_surface_rule_id", "operator": "in", "value": [ "example" ] } ], "search_from": 0, "search_to": 0, "sort": { "field": "enabled_status", "keyword": "ASC" } } }
Responses

OK

Body
application/json
replyobject
total_countintegerrequired
result_countintegerrequired
attack_surface_rulesarrayrequired
[
attack_surface_rule_namestringrequired
enabled_statusstringrequired
prioritystringrequired
descriptionstringrequired
attack_surface_rule_idstringrequired
categorystringrequired
knowledge_base_linkstring
createdintegerrequired
modifiedintegerrequired
modified_bystring
remediation_guidancestringrequired
asm_alert_categoriesarray[string]required
]
RESPONSE
{ "reply": { "total_count": 0, "result_count": 0, "attack_surface_rules": [ { "attack_surface_rule_name": "example", "enabled_status": "example", "priority": "example", "description": "example", "attack_surface_rule_id": "example", "category": "example", "knowledge_base_link": "example", "created": 0, "modified": 0, "modified_by": "example", "remediation_guidance": "example", "asm_alert_categories": [ "example" ] } ] } }

Bad Request. Got an invalid JSON.

Body
application/json
replyobjectrequired

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
application/json
replyobjectrequired

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Unauthorized access. User does not have the required license type to run this API.

Body
application/json
replyobjectrequired

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
application/json
replyobjectrequired

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Unprocessable Entity

Body
application/json
codeinteger

Error code

statusstring

Error name

messagestring

Error message

errorsobject

Errors

RESPONSE
{ "code": 0, "status": "example", "message": "example", "errors": {} }

Internal server error. A unified status for API communication type errors.

Body
application/json
replyobjectrequired

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }