Retrieve a list of all data source instances configured in your Cortex environment. You can filter the results by data source type and category.
Required license:
Cortex XSIAM Premium. In Cortex XSIAM Enterprise and Cortex NG SIEM, requires the Cortex Cloud Posture Management add-on. Not supported in XSIAM Enterprise Plus.
Authorization
String
required
{api_key}
{api_key}
your_api_key_here
x-xdr-auth-id
String
required
{api_key_id}
{api_key_id}
1
type
UrlIntegrationType
Type of data source instance to retrieve.
Type of data source instance to retrieve.
type_category
UrlIntegrationTypeCategory
Category of data source instances to retrieve.
Category of data source instances to retrieve.
curl -X 'GET'
-H
'Accept: application/json'
-H
'Authorization: your_api_key_here'
-H
'x-xdr-auth-id: 1'
'https://api-yourfqdn/public_api/appsec/v1/data_source_instances?type=&type_category='
import http.client
conn = http.client.HTTPSConnection("api-yourfqdn")
headers = {
'Authorization': "your_api_key_here",
'x-xdr-auth-id': "1"
}
conn.request("GET", "/public_api/appsec/v1/data_source_instances?type=SOME_STRING_VALUE&type_category=SOME_STRING_VALUE", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-yourfqdn/public_api/appsec/v1/data_source_instances?type=SOME_STRING_VALUE&type_category=SOME_STRING_VALUE")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Get.new(url)
request["Authorization"] = 'your_api_key_here'
request["x-xdr-auth-id"] = '1'
response = http.request(request)
puts response.read_bodyconst data = null;
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("GET", "https://api-yourfqdn/public_api/appsec/v1/data_source_instances?type=SOME_STRING_VALUE&type_category=SOME_STRING_VALUE");
xhr.setRequestHeader("Authorization", "your_api_key_here");
xhr.setRequestHeader("x-xdr-auth-id", "1");
xhr.send(data);HttpResponse<String> response = Unirest.get("https://api-yourfqdn/public_api/appsec/v1/data_source_instances?type=SOME_STRING_VALUE&type_category=SOME_STRING_VALUE")
.header("Authorization", "your_api_key_here")
.header("x-xdr-auth-id", "1")
.asString();import Foundation
let headers = [
"Authorization": "your_api_key_here",
"x-xdr-auth-id": "1"
]
let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/appsec/v1/data_source_instances?type=SOME_STRING_VALUE&type_category=SOME_STRING_VALUE")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "GET"
request.allHTTPHeaderFields = headers
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-yourfqdn/public_api/appsec/v1/data_source_instances?type=SOME_STRING_VALUE&type_category=SOME_STRING_VALUE",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: your_api_key_here",
"x-xdr-auth-id: 1"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "GET");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/appsec/v1/data_source_instances?type=SOME_STRING_VALUE&type_category=SOME_STRING_VALUE");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Authorization: your_api_key_here");
headers = curl_slist_append(headers, "x-xdr-auth-id: 1");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-yourfqdn/public_api/appsec/v1/data_source_instances?type=SOME_STRING_VALUE&type_category=SOME_STRING_VALUE");
var request = new RestRequest(Method.GET);
request.AddHeader("Authorization", "your_api_key_here");
request.AddHeader("x-xdr-auth-id", "1");
IRestResponse response = client.Execute(request);Ok
creationDatestringDate and time when the data source instance was created.
Date and time when the data source instance was created.
domainobjectDomain configuration specifying the hostname and protocol for the data source instance
Domain configuration specifying the hostname and protocol for the data source instance
hostnamestringrequiredHostname or domain name of the external data source.
Hostname or domain name of the external data source.
protocolstring (Enum)requiredCommunication protocol used to connect to the data source.
Communication protocol used to connect to the data source.
idstringUnique identifier (ID) of the data source instance.
Unique identifier (ID) of the data source instance.
instanceVersionstringVersion of the data source instance configuration.
Version of the data source instance configuration.
lastUpdateDatestringDate and time when the data source instance was last updated.
Date and time when the data source instance was last updated.
scanTypesobject
Additional propertiesobjectConfiguration for a specific scan type within a data source instance.
Configuration for a specific scan type within a data source instance.
isEnabledbooleanrequiredIndicates whether this scan type is enabled for the data source instance.
Indicates whether this scan type is enabled for the data source instance.
selectionTypestring (Enum)Defines how repositories are selected for scanning within a data source instance.
Defines how repositories are selected for scanning within a data source instance.
selfSignedCertificatestringPEM-encoded self-signed certificate used for secure communication with the data source.
PEM-encoded self-signed certificate used for secure communication with the data source.
statearray[string]Integration state
Integration state
statusDetailsobject
Additional propertiesobjectDetailed status information for a specific component of the data source instance.
Detailed status information for a specific component of the data source instance.
errorstringError code or identifier if the component is in an error state.
Error code or identifier if the component is in an error state.
messagestringHuman-readable message providing additional context about the status.
Human-readable message providing additional context about the status.
statusstring (Enum)required
timestampstringISO 8601 timestamp indicating when the status was last evaluated.
ISO 8601 timestamp indicating when the status was last evaluated.
tenantIdstringTenant ID that owns this data source instance.
Tenant ID that owns this data source instance.
transporterobjectTransporter configuration for establishing secure communication between an on-premises or private data source and Cortex.
Transporter configuration for establishing secure communication between an on-premises or private data source and Cortex.
brokerDeviceIdstringrequiredUnique identifier of the broker device used for the transporter connection.
Unique identifier of the broker device used for the transporter connection.
connectionNamestringrequiredName of the transporter connection.
Name of the transporter connection.
typestring (Enum)Type of the data source instance, indicating the external system it connects to.
Type of the data source instance, indicating the external system it connects to.
typeCategorystring (Enum)Category classification of the data source instance type.
DEFAULT — Standard data source instances such as VCS, CI/CD, and CLI integrations.EXTERNAL_VENDOR_INTEGRATIONS — Third-party external vendor integrations.
Category classification of the data source instance type.
DEFAULT— Standard data source instances such as VCS, CI/CD, and CLI integrations.EXTERNAL_VENDOR_INTEGRATIONS— Third-party external vendor integrations.
uniqueIdentifierstringUnique identifier of the integration
Unique identifier of the integration
repositoriesCountnumberrequireddoubleTotal number of repositories associated with this data source instance.
Total number of repositories associated with this data source instance.
[
{
"creationDate": "2025-06-15T09:30:00.000Z",
"domain": {
"hostname": "github.example.com",
"protocol": "https"
},
"id": "a1b2c3d4e5f6a7b8c9d0e1f2",
"instanceVersion": "1.0.0",
"lastUpdateDate": "2025-07-20T14:15:30.000Z",
"scanTypes": {
"SAST": {
"isEnabled": true
},
"SCA": {
"isEnabled": false
}
},
"selectionType": "MANUAL_SELECTION",
"selfSignedCertificate": "-----BEGIN CERTIFICATE-----\nMIIBxTCCAWugAwIBAgIJAL...\n-----END CERTIFICATE-----",
"state": [
"example-org/repo-alpha",
"example-org/repo-beta"
],
"status": "CONNECTED",
"statusDetails": {
"connection": {
"status": "VALID",
"message": "Connection established successfully",
"timestamp": "2025-07-20T14:15:30.000Z"
}
},
"tenantId": "tenant-001",
"transporter": {
"brokerDeviceId": "broker-device-abc123",
"connectionName": "on-prem-github-connection"
},
"type": "GITHUB_ENTERPRISE",
"typeCategory": "DEFAULT",
"uniqueIdentifier": "example-org",
"repositoriesCount": 12
},
{
"creationDate": "2025-08-01T11:00:00.000Z",
"domain": {
"hostname": "api.example-vendor.io",
"protocol": "https"
},
"id": "b2c3d4e5f6a7b8c9d0e1f2a3",
"lastUpdateDate": "2025-08-10T16:45:00.000Z",
"scanTypes": {
"SAST": {
"isEnabled": true
},
"SCA": {
"isEnabled": true
}
},
"selectionType": "CURRENT_STATE_AND_FUTURE",
"status": "CONNECTED",
"type": "SNYK",
"typeCategory": "EXTERNAL_VENDOR_INTEGRATIONS",
"uniqueIdentifier": "snyk-default-org",
"repositoriesCount": 5
},
{
"creationDate": "2025-09-12T08:20:00.000Z",
"id": "c3d4e5f6a7b8c9d0e1f2a3b4",
"lastUpdateDate": "2025-09-12T08:20:00.000Z",
"status": "CONNECTED",
"type": "COLLECTOR",
"uniqueIdentifier": "my-sast-collector",
"repositoriesCount": 0
}
]