post
/public_api/v1/assets/get_assets_internet_exposure
Get a list of all your Internet exposure filtered by business units, externally detected providers, externally inferred CVEs, mac addresses, names, IP addresses, whether it has an XDR agent, whether it has active external services, and type.
The maximum result limit is 500 assets.
Note: You can send a request to retrieve either all or filtered results.
Required license: Cortex XSIAM Premium. In Cortex XSIAM Enterprise and Cortex NG SIEM, requires the ASM add-on.
Request headers
Authorization
String
required
{api_key}
{api_key}
Example:
authorization_example
x-xdr-auth-id
String
required
{api_key_id}
{api_key_id}
Example:
xXdrAuthId_example
CLIENT REQUEST
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
-H
'Authorization: authorization_example'
-H
'x-xdr-auth-id: xXdrAuthId_example'
'https://api-yourfqdn/public_api/v1/assets/get_assets_internet_exposure'
-d
''
import http.client
conn = http.client.HTTPSConnection("api-yourfqdn")
payload = "{\"request_data\":{\"filters\":[{\"field\":\"business_units\",\"operator\":\"contains\",\"value\":[\"string\"]}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"name\",\"keyword\":\"ASC\"}}}"
headers = {
'Authorization': "SOME_STRING_VALUE",
'x-xdr-auth-id': "SOME_STRING_VALUE",
'content-type': "application/json"
}
conn.request("POST", "/public_api/v1/assets/get_assets_internet_exposure", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-yourfqdn/public_api/v1/assets/get_assets_internet_exposure")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'SOME_STRING_VALUE'
request["x-xdr-auth-id"] = 'SOME_STRING_VALUE'
request["content-type"] = 'application/json'
request.body = "{\"request_data\":{\"filters\":[{\"field\":\"business_units\",\"operator\":\"contains\",\"value\":[\"string\"]}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"name\",\"keyword\":\"ASC\"}}}"
response = http.request(request)
puts response.read_bodyconst data = JSON.stringify({
"request_data": {
"filters": [
{
"field": "business_units",
"operator": "contains",
"value": [
"string"
]
}
],
"search_from": 0,
"search_to": 500,
"sort": {
"field": "name",
"keyword": "ASC"
}
}
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://api-yourfqdn/public_api/v1/assets/get_assets_internet_exposure");
xhr.setRequestHeader("Authorization", "SOME_STRING_VALUE");
xhr.setRequestHeader("x-xdr-auth-id", "SOME_STRING_VALUE");
xhr.setRequestHeader("content-type", "application/json");
xhr.send(data);HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/assets/get_assets_internet_exposure")
.header("Authorization", "SOME_STRING_VALUE")
.header("x-xdr-auth-id", "SOME_STRING_VALUE")
.header("content-type", "application/json")
.body("{\"request_data\":{\"filters\":[{\"field\":\"business_units\",\"operator\":\"contains\",\"value\":[\"string\"]}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"name\",\"keyword\":\"ASC\"}}}")
.asString();import Foundation
let headers = [
"Authorization": "SOME_STRING_VALUE",
"x-xdr-auth-id": "SOME_STRING_VALUE",
"content-type": "application/json"
]
let parameters = ["request_data": [
"filters": [
[
"field": "business_units",
"operator": "contains",
"value": ["string"]
]
],
"search_from": 0,
"search_to": 500,
"sort": [
"field": "name",
"keyword": "ASC"
]
]] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/assets/get_assets_internet_exposure")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-yourfqdn/public_api/v1/assets/get_assets_internet_exposure",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\"request_data\":{\"filters\":[{\"field\":\"business_units\",\"operator\":\"contains\",\"value\":[\"string\"]}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"name\",\"keyword\":\"ASC\"}}}",
CURLOPT_HTTPHEADER => [
"Authorization: SOME_STRING_VALUE",
"content-type: application/json",
"x-xdr-auth-id: SOME_STRING_VALUE"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/assets/get_assets_internet_exposure");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Authorization: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "x-xdr-auth-id: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"filters\":[{\"field\":\"business_units\",\"operator\":\"contains\",\"value\":[\"string\"]}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"name\",\"keyword\":\"ASC\"}}}");
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-yourfqdn/public_api/v1/assets/get_assets_internet_exposure");
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "SOME_STRING_VALUE");
request.AddHeader("x-xdr-auth-id", "SOME_STRING_VALUE");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"request_data\":{\"filters\":[{\"field\":\"business_units\",\"operator\":\"contains\",\"value\":[\"string\"]}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"name\",\"keyword\":\"ASC\"}}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Body parameters
application/json
request_dataobjectA dictionary containing the API request fields.
An empty dictionary returns all results.
A dictionary containing the API request fields.
An empty dictionary returns all results.
filtersarrayAn array of filter fields.
An array of filter fields.
[fieldstring (Enum)required
operatorstring (Enum)required
valueobjectrequired
string
]
fieldstring (Enum)requiredIdentifies the assets field the filter is matching.
Identifies the assets field the filter is matching.
Allowed values:"business_units""externally_detected_providers""externally_inferred_cves""mac_addresses""name""ip_address""has_xdr_agent""has_active_external_services""type"
operatorstring (Enum)requiredIdentifies the comparison operator you want to use for this filter. Valid keywords and values are:
contains / not_contains
business_units, externally_detected_providers, externally_inferred_cves, mac_address, name: String
eq / neqname, ip_address: String
inhas_xdr_agent: List of strings. Permitted values are: yes, no, unknown, n/a.has_active_external_services: List of strings. Permitted values are: yes, no, unknown.type: List of strings. Permitted values are: certificate, cloud_compute_instance, on_prem, domain, unassociated_responsive_ip.
Identifies the comparison operator you want to use for this filter. Valid keywords and values are:
contains / not_contains
business_units,externally_detected_providers,externally_inferred_cves,mac_address,name: Stringeq/neqname,ip_address: Stringinhas_xdr_agent: List of strings. Permitted values are:yes,no,unknown,n/a.has_active_external_services: List of strings. Permitted values are:yes,no,unknown.type: List of strings. Permitted values are:certificate,cloud_compute_instance,on_prem,domain,unassociated_responsive_ip.
Allowed values:"contains""not_contains""eq""neq""in"
valueobjectrequiredValue that this filter must match. Valid keywords:
business_units, externally_detected_providers, externally_inferred_cves, mac_address, name, ip_address: Stringhas_xdr_agent: List of strings. Permitted values are: yes, no, unknown, n/a.has_active_external_services: List of strings. Permitted values are: yes, no, unknown.type: List of strings. Permitted values are: certificate, cloud_compute_instance, on_prem, domain, unassociated_responsive_ip.
Value that this filter must match. Valid keywords:
business_units,externally_detected_providers,externally_inferred_cves,mac_address,name,ip_address: Stringhas_xdr_agent: List of strings. Permitted values are:yes,no,unknown,n/a.has_active_external_services: List of strings. Permitted values are:yes,no,unknown.type: List of strings. Permitted values are:certificate,cloud_compute_instance,on_prem,domain,unassociated_responsive_ip.
Array
stringValue that this filter must match. Valid keywords:
business_units, externally_detected_providers, externally_inferred_cves, mac_address, name, ip_address: Stringhas_xdr_agent: List of strings. Permitted values are: yes, no, unknown, n/a.has_active_external_services: List of strings. Permitted values are: yes, no, unknown.type: List of strings. Permitted values are: certificate, cloud_compute_instance, on_prem, domain, unassociated_responsive_ip.
Value that this filter must match. Valid keywords:
business_units,externally_detected_providers,externally_inferred_cves,mac_address,name,ip_address: Stringhas_xdr_agent: List of strings. Permitted values are:yes,no,unknown,n/a.has_active_external_services: List of strings. Permitted values are:yes,no,unknown.type: List of strings. Permitted values are:certificate,cloud_compute_instance,on_prem,domain,unassociated_responsive_ip.
search_fromintegerRepresents the start offset index of results.
Represents the start offset index of results.
search_tointegerRepresents the end offset index of results.
Represents the end offset index of results.
Default:
500sortobjectIdentifies the sort order for the result set.
Identifies the sort order for the result set.
fieldstring (Enum)requiredThe field you want to sort by. Case-sensitive.
The field you want to sort by. Case-sensitive.
Default:
"name"Allowed values:"name""first_observed""last_observed"
keywordstring (Enum)requiredWhether you want to sort in ascending or descending order.
Whether you want to sort in ascending or descending order.
Default:
"ASC"Allowed values:"ASC""DESC"
REQUEST
{
"request_data": {
"filters": [
{
"field": "has_xdr_agent",
"operator": "in",
"value": [
"n/a",
"false",
"true"
]
},
{
"field": "has_active_external_services",
"operator": "in",
"value": [
"false"
]
}
],
"search_from": 0,
"search_to": 500,
"sort": {
"field": "last_observed",
"keyword": "DESC"
}
}
}Responses
OK
Body
application/json
replyobject
total_countintegerTotal number of possible results.
Note: The total_count value is limited to 9,999. If the filter returns 10,000 results or more, the value will be 9,999, but you can still use paging until the data finishes.
Total number of possible results.
Note: The total_count value is limited to 9,999. If the filter returns 10,000 results or more, the value will be 9,999, but you can still use paging until the data finishes.
result_countintegerThe number of Internet exposure assets actually returned as results.
The number of Internet exposure assets actually returned as results.
assets_internet_exposurearrayA list of Internet exposure assets.
A list of Internet exposure assets.
[asm_idsarray[string]
namestring
asset_typestring
cloud_providerobject
externally_detected_providersarray[string]
regionobject
ipsarray
business_unitsarray[string]
management_statusarray
iot_modelobject
iot_categoryobject
iot_profileobject
sensorarray[string]
service_typearray
last_observedinteger
first_observedinteger
has_active_externally_servicesboolean
has_xdr_agentstring
certificate_classificationsarray
certificate_issuerobject
certificate_algorithmobject
mac_addressesarray
cloud_idobject
ip_rangesarray
domain_resolvesboolean
operation_systemobject
asm_va_scoreobject
externally_inferred_cvesarray
agent_idobject
]
asm_idsarray[string]
namestring
asset_typestring
cloud_providerobject
externally_detected_providersarray[string]
regionobject
ipsarray
[]
business_unitsarray[string]
management_statusarray
[]
iot_modelobject
iot_categoryobject
iot_profileobject
sensorarray[string]
service_typearray
[]
last_observedinteger
first_observedinteger
has_active_externally_servicesboolean
has_xdr_agentstring
certificate_classificationsarray
[]
certificate_issuerobject
certificate_algorithmobject
mac_addressesarray
[]
cloud_idobject
ip_rangesarray
[]
domain_resolvesboolean
operation_systemobject
asm_va_scoreobject
externally_inferred_cvesarray
[]
agent_idobject
RESPONSE
{
"reply": {
"total_count": 0,
"result_count": 0,
"assets_internet_exposure": [
{
"asm_ids": [
"example"
],
"name": "example",
"asset_type": "example",
"cloud_provider": {},
"externally_detected_providers": [
"example"
],
"region": {},
"ips": [
{}
],
"business_units": [
"example"
],
"management_status": [
{}
],
"iot_model": {},
"iot_category": {},
"iot_profile": {},
"sensor": [
"example"
],
"service_type": [
{}
],
"last_observed": 0,
"first_observed": 0,
"has_active_externally_services": false,
"has_xdr_agent": "example",
"certificate_classifications": [
{}
],
"certificate_issuer": {},
"certificate_algorithm": {},
"mac_addresses": [
{}
],
"cloud_id": {},
"ip_ranges": [
{}
],
"domain_resolves": false,
"operation_system": {},
"asm_va_score": {},
"externally_inferred_cves": [
{}
],
"agent_id": {}
}
]
}
}Bad Request. Got an invalid JSON.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Unauthorized access. User does not have the required license type to run this API.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Internal server error. A unified status for API communication type errors.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}