Get all Websites

post /public_api/v1/assets/get_external_websites

Get a complete or filtered list of your public-facing websites.

Required license: Cortex XSIAM Premium or Cortex XSIAM Enterprise Plus. In Cortex XSIAM Enterprise and Cortex NG SIEM, requires the ASM add-on.

Request headers

Authorization String required

{api_key}

Example: authorization_example

x-xdr-auth-id String required

{api_key_id}

Example: xXdrAuthId_example

CLIENT REQUEST

          curl -X 'POST'

        -H
        'Accept: application/json'
      
        -H
        'Content-Type: application/json'
      
          -H
          'Authorization: authorization_example'
          -H
          'x-xdr-auth-id: xXdrAuthId_example'
      
      'https://api-yourfqdn/public_api/v1/assets/get_external_websites'
    
      -d
      ''

import http.client

conn = http.client.HTTPSConnection("api-yourfqdn")

payload = "{\"request_data\":{\"filters\":[{\"field\":\"ips\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"}}}"

headers = {
    'Authorization': "SOME_STRING_VALUE",
    'x-xdr-auth-id': "SOME_STRING_VALUE",
    'content-type': "application/json"
    }

conn.request("POST", "/public_api/v1/assets/get_external_websites", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://api-yourfqdn/public_api/v1/assets/get_external_websites")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["Authorization"] = 'SOME_STRING_VALUE'
request["x-xdr-auth-id"] = 'SOME_STRING_VALUE'
request["content-type"] = 'application/json'
request.body = "{\"request_data\":{\"filters\":[{\"field\":\"ips\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"}}}"

response = http.request(request)
puts response.read_body

const data = JSON.stringify({
  "request_data": {
    "filters": [
      {
        "field": "ips",
        "operator": "in",
        "value": "string"
      }
    ],
    "search_from": 0,
    "search_to": 500,
    "sort": {
      "field": "first_observed",
      "keyword": "ASC"
    }
  }
});

const xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api-yourfqdn/public_api/v1/assets/get_external_websites");
xhr.setRequestHeader("Authorization", "SOME_STRING_VALUE");
xhr.setRequestHeader("x-xdr-auth-id", "SOME_STRING_VALUE");
xhr.setRequestHeader("content-type", "application/json");

xhr.send(data);

HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/assets/get_external_websites")
  .header("Authorization", "SOME_STRING_VALUE")
  .header("x-xdr-auth-id", "SOME_STRING_VALUE")
  .header("content-type", "application/json")
  .body("{\"request_data\":{\"filters\":[{\"field\":\"ips\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"}}}")
  .asString();

import Foundation

let headers = [
  "Authorization": "SOME_STRING_VALUE",
  "x-xdr-auth-id": "SOME_STRING_VALUE",
  "content-type": "application/json"
]
let parameters = ["request_data": [
    "filters": [
      [
        "field": "ips",
        "operator": "in",
        "value": "string"
      ]
    ],
    "search_from": 0,
    "search_to": 500,
    "sort": [
      "field": "first_observed",
      "keyword": "ASC"
    ]
  ]] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/assets/get_external_websites")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()

<?php

$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://api-yourfqdn/public_api/v1/assets/get_external_websites",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "{\"request_data\":{\"filters\":[{\"field\":\"ips\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"}}}",
  CURLOPT_HTTPHEADER => [
    "Authorization: SOME_STRING_VALUE",
    "content-type: application/json",
    "x-xdr-auth-id: SOME_STRING_VALUE"
  ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

CURL *hnd = curl_easy_init();

curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/assets/get_external_websites");

struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Authorization: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "x-xdr-auth-id: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);

curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"filters\":[{\"field\":\"ips\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"}}}");

CURLcode ret = curl_easy_perform(hnd);

var client = new RestClient("https://api-yourfqdn/public_api/v1/assets/get_external_websites");
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "SOME_STRING_VALUE");
request.AddHeader("x-xdr-auth-id", "SOME_STRING_VALUE");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"request_data\":{\"filters\":[{\"field\":\"ips\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"}}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);

Body parameters

required

application/json

request_dataobjectrequired

A dictionary containing the API request fields. An empty dictionary returns all results.

filtersarray

Array of filter fields. Each JSON object must contain a field, operator, and value.

[

fieldstring (Enum)

String that identifies the external service field the filter is matching. Filters are based on the following case-sensitive keywords:

Allowed values:"ips""technology_ids""http_type""is_active""provider_names""tags""active_service_ids""third_party_script_domains""host""authentication""site_categories""business_units_list"

operatorstring (Enum)

String that identifies the comparison operator you want to use for this filter. Valid operator keywords and corresponding filter fields are:

contains/not_contains - used with active_service_ids, authentication, host, provider_names, site_categories, technology_ids, third_party_script_domains
eq/ne - used with ips, host
in - used with is_active, http_type, tags

Allowed values:"in""contains""eq""neq""not_contains"

valueobject

Value that the filter must match. The contents of this field will differ depending on the website field that you specified for this filter:

host - string
is_active - values are yes or no
technology_ids - list of strings
provider_names - string
site_categories - string
active_service_ids - list of strings
ips - list of strings
tags - list of strings
http_type - values are http_only, http_redirects_to_https, https_only
third_party_script_domains - list of strings
authentication - string
business_units_list - list of business unit names

One of

string

Value that the filter must match. The contents of this field will differ depending on the website field that you specified for this filter:

host - string
is_active - values are yes or no
technology_ids - list of strings
provider_names - string
site_categories - string
active_service_ids - list of strings
ips - list of strings
tags - list of strings
http_type - values are http_only, http_redirects_to_https, https_only
third_party_script_domains - list of strings
authentication - string
business_units_list - list of business unit names

boolean

Value that the filter must match. The contents of this field will differ depending on the website field that you specified for this filter:

host - string
is_active - values are yes or no
technology_ids - list of strings
provider_names - string
site_categories - string
active_service_ids - list of strings
ips - list of strings
tags - list of strings
http_type - values are http_only, http_redirects_to_https, https_only
third_party_script_domains - list of strings
authentication - string
business_units_list - list of business unit names

]

search_frominteger

An integer representing the start offset index of results Default value: 0

search_tointeger

An integer representing the start offset index of results. Use this field to specify the number of results on a page when using page token pagination. Default value: 500

Default:500

sortobject

Identifies the sort order for the result set. Values are case sensitive. The default sort is defined as host and ASC.

fieldstring (Enum)

Valid values are:

host
first_observed
last_observed

Allowed values:"first_observed""host""last_observed"

keywordstring (Enum)

Valid values are:

ASC - ascending order
DESC - descending order ASC is the default.

Allowed values:"ASC""asc""DESC""desc"

REQUESTExample 1
{
  "request_data": {
    "filters": [
      {
        "field": "ips",
        "operator": "in",
        "value": "string"
      }
    ],
    "search_from": 0,
    "search_to": 500,
    "sort": {
      "field": "host",
      "keyword": "asc"
    }
  }
}

Responses

Body

application/json

replyobject

total_countinteger

result_countinteger

websitesarray

[

website_idstring

hoststring

protocolstring

is_activestring

site_categoriesarray[string]

technology_idsarray[string]

first_observedinteger

last_observedinteger

provider_namesarray[string]

ipsarray[string]

portinteger

active_service_idsarray[string]

http_typestring

third_party_script_domainsarray[string]

security_assessmentsarray

[

namestring

priorityinteger

scoreinteger

securityAssessmentDetailsobject

pagesarray

[

urlstring

messagestring

elementsarray

[

namestring

valuestring

]

descriptionstring

]

authenticationarray[string]

rootPageHttpStatusCodestring

isNonConfiguredHostboolean

externally_inferred_vulnerability_scoreinteger

externally_inferred_cvesarray[string]

tagsarray[string]

]

RESPONSE
{
  "reply": {
    "total_count": 0,
    "result_count": 0,
    "websites": [
      {
        "website_id": "example",
        "host": "example",
        "protocol": "example",
        "is_active": "example",
        "site_categories": [
          "example"
        ],
        "technology_ids": [
          "example"
        ],
        "first_observed": 0,
        "last_observed": 0,
        "provider_names": [
          "example"
        ],
        "ips": [
          "example"
        ],
        "port": 0,
        "active_service_ids": [
          "example"
        ],
        "http_type": "example",
        "third_party_script_domains": [
          "example"
        ],
        "security_assessments": [
          {
            "name": "example",
            "priority": 0,
            "score": 0,
            "securityAssessmentDetails": {
              "pages": [
                {
                  "url": "example",
                  "message": "example",
                  "elements": [
                    {
                      "name": "example",
                      "value": "example"
                    }
                  ]
                }
              ],
              "description": "example"
            }
          }
        ],
        "authentication": [
          "example"
        ],
        "rootPageHttpStatusCode": "example",
        "isNonConfiguredHost": false,
        "externally_inferred_vulnerability_score": 0,
        "externally_inferred_cves": [
          "example"
        ],
        "tags": [
          "example"
        ]
      }
    ]
  }
}

Bad Request. Got an invalid JSON.

Body

application/json

The query result upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"

err_extrastring

Additional information describing the error.

RESPONSE
{
  "err_code": "example",
  "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
  "err_extra": "example"
}

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body

application/json

The query result upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"

err_extrastring

Additional information describing the error.

RESPONSE
{
  "err_code": "example",
  "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
  "err_extra": "example"
}

Unauthorized access. User does not have the required license type to run this API.

Body

application/json

The query result upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"

err_extrastring

Additional information describing the error.

RESPONSE
{
  "err_code": "example",
  "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
  "err_extra": "example"
}

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body

application/json

The query result upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"

err_extrastring

Additional information describing the error.

RESPONSE
{
  "err_code": "example",
  "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
  "err_extra": "example"
}

Unprocessable Entity

Body

application/json

codeinteger

Error code

statusstring

Error name

messagestring

Error message

errorsobject

Errors

RESPONSE
{
  "code": 0,
  "status": "example",
  "message": "example",
  "errors": {}
}

Internal server error. A unified status for API communication type errors.

Body

application/json

The query result upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"

err_extrastring

Additional information describing the error.

RESPONSE
{
  "err_code": "example",
  "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
  "err_extra": "example"
}