post
/public_api/v1/cloud_onboarding/get_instances
Get the configuration details of all or filtered integration instances. This does not include instances in pending state.
Required license: In Cortex XSIAM Premium, Cortex XSIAM Enterprise, or Cortex XSIAM NG SIEM, requires the Cortex Cloud Posture Management add-on. In Cortex XSIAM Enterprise Plus, requires the Data Collection add-on.
Request headers
Authorization
String
required
{api_key}
{api_key}
Example:
UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP
x-xdr-auth-id
String
required
{api_key_id}
{api_key_id}
Example:
241
CLIENT REQUEST
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
-H
'Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP '
-H
'x-xdr-auth-id: 241'
'https://api-yourfqdn/public_api/v1/cloud_onboarding/get_instances'
-d
'{
"request_data" : {
"filter_data" : {
"sort" : [ {
"FIELD" : "STATUS",
"ORDER" : "DESC"
} ],
"paging" : {
"from" : 0,
"to" : 50
},
"filter" : {
"AND" : [ {
"SEARCH_FIELD" : "CLOUD_PROVIDER",
"SEARCH_TYPE" : "EQ",
"SEARCH_VALUE" : "AWS"
} ]
}
}
}
}'
import http.client
conn = http.client.HTTPSConnection("api-yourfqdn")
payload = "{\"request_data\":{\"filter_data\":{\"sort\":[{\"FIELD\":\"STATUS\",\"ORDER\":\"DESC\"}],\"paging\":{\"from\":0,\"to\":50},\"filter\":{\"AND\":[{\"SEARCH_FIELD\":\"CLOUD_PROVIDER\",\"SEARCH_TYPE\":\"EQ\",\"SEARCH_VALUE\":\"AWS\"}]}}}}"
headers = {
'Authorization': "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ",
'x-xdr-auth-id': "241",
'content-type': "application/json"
}
conn.request("POST", "/public_api/v1/cloud_onboarding/get_instances", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-yourfqdn/public_api/v1/cloud_onboarding/get_instances")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP '
request["x-xdr-auth-id"] = '241'
request["content-type"] = 'application/json'
request.body = "{\"request_data\":{\"filter_data\":{\"sort\":[{\"FIELD\":\"STATUS\",\"ORDER\":\"DESC\"}],\"paging\":{\"from\":0,\"to\":50},\"filter\":{\"AND\":[{\"SEARCH_FIELD\":\"CLOUD_PROVIDER\",\"SEARCH_TYPE\":\"EQ\",\"SEARCH_VALUE\":\"AWS\"}]}}}}"
response = http.request(request)
puts response.read_bodyconst data = JSON.stringify({
"request_data": {
"filter_data": {
"sort": [
{
"FIELD": "STATUS",
"ORDER": "DESC"
}
],
"paging": {
"from": 0,
"to": 50
},
"filter": {
"AND": [
{
"SEARCH_FIELD": "CLOUD_PROVIDER",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": "AWS"
}
]
}
}
}
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://api-yourfqdn/public_api/v1/cloud_onboarding/get_instances");
xhr.setRequestHeader("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ");
xhr.setRequestHeader("x-xdr-auth-id", "241");
xhr.setRequestHeader("content-type", "application/json");
xhr.send(data);HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/cloud_onboarding/get_instances")
.header("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ")
.header("x-xdr-auth-id", "241")
.header("content-type", "application/json")
.body("{\"request_data\":{\"filter_data\":{\"sort\":[{\"FIELD\":\"STATUS\",\"ORDER\":\"DESC\"}],\"paging\":{\"from\":0,\"to\":50},\"filter\":{\"AND\":[{\"SEARCH_FIELD\":\"CLOUD_PROVIDER\",\"SEARCH_TYPE\":\"EQ\",\"SEARCH_VALUE\":\"AWS\"}]}}}}")
.asString();import Foundation
let headers = [
"Authorization": "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ",
"x-xdr-auth-id": "241",
"content-type": "application/json"
]
let parameters = ["request_data": ["filter_data": [
"sort": [
[
"FIELD": "STATUS",
"ORDER": "DESC"
]
],
"paging": [
"from": 0,
"to": 50
],
"filter": ["AND": [
[
"SEARCH_FIELD": "CLOUD_PROVIDER",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": "AWS"
]
]]
]]] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/cloud_onboarding/get_instances")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-yourfqdn/public_api/v1/cloud_onboarding/get_instances",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\"request_data\":{\"filter_data\":{\"sort\":[{\"FIELD\":\"STATUS\",\"ORDER\":\"DESC\"}],\"paging\":{\"from\":0,\"to\":50},\"filter\":{\"AND\":[{\"SEARCH_FIELD\":\"CLOUD_PROVIDER\",\"SEARCH_TYPE\":\"EQ\",\"SEARCH_VALUE\":\"AWS\"}]}}}}",
CURLOPT_HTTPHEADER => [
"Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ",
"content-type: application/json",
"x-xdr-auth-id: 241"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/cloud_onboarding/get_instances");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ");
headers = curl_slist_append(headers, "x-xdr-auth-id: 241");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"filter_data\":{\"sort\":[{\"FIELD\":\"STATUS\",\"ORDER\":\"DESC\"}],\"paging\":{\"from\":0,\"to\":50},\"filter\":{\"AND\":[{\"SEARCH_FIELD\":\"CLOUD_PROVIDER\",\"SEARCH_TYPE\":\"EQ\",\"SEARCH_VALUE\":\"AWS\"}]}}}}");
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-yourfqdn/public_api/v1/cloud_onboarding/get_instances");
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ");
request.AddHeader("x-xdr-auth-id", "241");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"request_data\":{\"filter_data\":{\"sort\":[{\"FIELD\":\"STATUS\",\"ORDER\":\"DESC\"}],\"paging\":{\"from\":0,\"to\":50},\"filter\":{\"AND\":[{\"SEARCH_FIELD\":\"CLOUD_PROVIDER\",\"SEARCH_TYPE\":\"EQ\",\"SEARCH_VALUE\":\"AWS\"}]}}}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Body parameters
required
request_dataobject
filter_dataobject
sortarray
pagingobject
frominteger
tointeger
filterobject
ANDarray
ORarray
application/json
request_dataobjectValid values for the sort field FIELD the filter field SEARCH_FIELD include:
STATUSPROVIDERINSTANCE_NAMESCOPESCAN_MODECREATION_TIMEOUTPOST_IDAUTHENTICATION_METHODID
Valid values for the sort field FIELD the filter field SEARCH_FIELD include:
STATUSPROVIDERINSTANCE_NAMESCOPESCAN_MODECREATION_TIMEOUTPOST_IDAUTHENTICATION_METHODID
filter_dataobject
sortarraySorting criteria for the results
Sorting criteria for the results
[FIELDstring
ORDERstring (Enum)
]
FIELDstringThe field to sort by.
The field to sort by.
ORDERstring (Enum)Whether to sort in ascending (ASC) order or descending (DESC) order.
Whether to sort in ascending (ASC) order or descending (DESC) order.
Allowed values:"ASC""DESC"
pagingobject
fromintegerThe starting index for pagination.
The starting index for pagination.
tointegerThe ending index for pagination.
The ending index for pagination.
filterobjectFilter criteria for the results.
Filter criteria for the results.
ANDarrayA list of filter criteria to be combined with AND logic
A list of filter criteria to be combined with AND logic
[SEARCH_FIELDstring
SEARCH_TYPEstring
SEARCH_VALUEobject
string
]
SEARCH_FIELDstringSpecifies the field to filter by.
Specifies the field to filter by.
SEARCH_TYPEstringComparison operator to use with the filter.
Comparison operator to use with the filter.
SEARCH_VALUEobjectThe value to filter by.
The value to filter by.
stringThe value to filter by.
The value to filter by.
Array
ORarrayA list of filter criteria to be combined with OR logic
A list of filter criteria to be combined with OR logic
[SEARCH_FIELDstring
SEARCH_TYPEstring
SEARCH_VALUEobject
string
]
SEARCH_FIELDstringSpecifies the field to filter by.
Specifies the field to filter by.
SEARCH_TYPEstringComparison operator to use with the filter.
Comparison operator to use with the filter.
SEARCH_VALUEobjectThe value to filter by.
The value to filter by.
stringThe value to filter by.
The value to filter by.
Array
REQUEST
{
"request_data": {
"filter_data": {
"sort": [
{
"FIELD": "STATUS",
"ORDER": "DESC"
}
],
"paging": {
"from": 0,
"to": 50
},
"filter": {
"AND": [
{
"SEARCH_FIELD": "CLOUD_PROVIDER",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": "AWS"
}
]
}
}
}
}Responses
Successful Response
Body
application/json
replyobjectThe main payload of the response, containing integration instance details.
The main payload of the response, containing integration instance details.
RESPONSE
{
"reply": {
"DATA": [
{
"instance_name": "xyz-instance",
"cloud_provider": "AZURE",
"scope": "ORGANIZATION",
"scan_mode": "MANAGED",
"custom_resources_tags": [
{
"key": "managed_by",
"value": "paloaltonetworks"
}
],
"provisioning_method": "ARM",
"account_details": {
"account_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"csp_org_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"account_name": "account-1",
"account_group": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"organization_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
},
"scope_modifications": {
"regions": {
"enabled": false
},
"subscriptions": {
"enabled": false
}
},
"additional_capabilities": {
"xsiam_analytics": true,
"data_security_posture_management": true,
"registry_scanning": true,
"registry_scanning_options": {
"type": "ECR"
},
"serverless_scanning": true,
"agentless_disk_scanning": true
},
"collection_configuration": {
"audit_logs": {
"enabled": true
}
},
"instance_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"status": "DELETED",
"cloud_partition": "COMMERCIAL",
"created_at": 1741268418,
"modified_at": 1741626494,
"deleted_at": 1741626494,
"default_scanning_scope": {
"registry_scanning_scope": {
"enabled": false
},
"agentless_disk_scanning_scope": {
"enabled": false
},
"data_assets_classification_options": {}
},
"outpost_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
],
"FILTER_COUNT": 1,
"TOTAL_COUNT": 33
}
}Invalid Client Request Error
Body
application/json
replyobject
err_codestringError code
Error code
err_msgstringError message
Error message
err_extrastringExtra information about the error
Extra information about the error
RESPONSE
{
"reply": {
"err_code": "example",
"err_msg": "example",
"err_extra": "example"
}
}Internal Server Error
Body
application/json
replyobject
err_codestringError code
Error code
err_msgstringError message
Error message
err_extrastringExtra information about the error
Extra information about the error
RESPONSE
{
"reply": {
"err_code": "example",
"err_msg": "example",
"err_extra": "example"
}
}