Get assessment profiles

post /public_api/v1/compliance/get_assessment_profiles

An assessment profile uses a standard to run scans on an asset group to check whether the assets adhere to the standard.

Retrieve compliance assessment profiles with optional filtering, sorting and pagination.

The response is concatenated using AND condition (OR is not supported)
The maximum result set size is >100
Offset is the zero-based number of assessment profiles from the start of the result set

Required license: Cortex Cloud Runtime Security or Cortex Cloud Posture Management

Authentication: XDRAuthToken Api Key "Authorization"

Authentication: XDRAuth Api Key "x-xdr-auth-id"

CLIENT REQUEST

          curl -X 'POST'

         -H "Authorization: [[apiKey]]"
        
         \
      

         -H "x-xdr-auth-id: [[apiKey]]"
        
         \
      

        -H
        'Accept: application/json'
      

        -H
        'Content-Type: application/json'
      

      'https://api-yourfqdn/public_api/v1/compliance/get_assessment_profiles'
    

      -d
      '{
  "request_data" : {
    "pagination" : {
      "search_from" : 0,
      "search_to" : 1
    },
    "filters" : [ {
      "field" : "field",
      "value" : "AssessmentProfileFilter_value",
      "operator" : "operator"
    }, {
      "field" : "field",
      "value" : "AssessmentProfileFilter_value",
      "operator" : "operator"
    } ],
    "sort" : {
      "field" : "creation_time",
      "keyword" : "asc"
    }
  }
}'
    


      

import http.client

conn = http.client.HTTPSConnection("api-yourfqdn")

payload = "{\"request_data\":{\"filters\":[{\"field\":\"string\",\"operator\":\"string\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"pagination\":{\"search_from\":0,\"search_to\":100}}}"

headers = {
    'x-xdr-auth-id': "REPLACE_KEY_VALUE",
    'content-type': "application/json"
    }

conn.request("POST", "/public_api/v1/compliance/get_assessment_profiles", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://api-yourfqdn/public_api/v1/compliance/get_assessment_profiles")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["x-xdr-auth-id"] = 'REPLACE_KEY_VALUE'
request["content-type"] = 'application/json'
request.body = "{\"request_data\":{\"filters\":[{\"field\":\"string\",\"operator\":\"string\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"pagination\":{\"search_from\":0,\"search_to\":100}}}"

response = http.request(request)
puts response.read_body

const data = JSON.stringify({
  "request_data": {
    "filters": [
      {
        "field": "string",
        "operator": "string",
        "value": "string"
      }
    ],
    "sort": {
      "field": "name",
      "keyword": "asc"
    },
    "pagination": {
      "search_from": 0,
      "search_to": 100
    }
  }
});

const xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api-yourfqdn/public_api/v1/compliance/get_assessment_profiles");
xhr.setRequestHeader("x-xdr-auth-id", "REPLACE_KEY_VALUE");
xhr.setRequestHeader("content-type", "application/json");

xhr.send(data);

HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/compliance/get_assessment_profiles")
  .header("x-xdr-auth-id", "REPLACE_KEY_VALUE")
  .header("content-type", "application/json")
  .body("{\"request_data\":{\"filters\":[{\"field\":\"string\",\"operator\":\"string\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"pagination\":{\"search_from\":0,\"search_to\":100}}}")
  .asString();

import Foundation

let headers = [
  "x-xdr-auth-id": "REPLACE_KEY_VALUE",
  "content-type": "application/json"
]
let parameters = ["request_data": [
    "filters": [
      [
        "field": "string",
        "operator": "string",
        "value": "string"
      ]
    ],
    "sort": [
      "field": "name",
      "keyword": "asc"
    ],
    "pagination": [
      "search_from": 0,
      "search_to": 100
    ]
  ]] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/compliance/get_assessment_profiles")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()

<?php

$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://api-yourfqdn/public_api/v1/compliance/get_assessment_profiles",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "{\"request_data\":{\"filters\":[{\"field\":\"string\",\"operator\":\"string\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"pagination\":{\"search_from\":0,\"search_to\":100}}}",
  CURLOPT_HTTPHEADER => [
    "content-type: application/json",
    "x-xdr-auth-id: REPLACE_KEY_VALUE"
  ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

CURL *hnd = curl_easy_init();

curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/compliance/get_assessment_profiles");

struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "x-xdr-auth-id: REPLACE_KEY_VALUE");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);

curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"filters\":[{\"field\":\"string\",\"operator\":\"string\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"pagination\":{\"search_from\":0,\"search_to\":100}}}");

CURLcode ret = curl_easy_perform(hnd);

var client = new RestClient("https://api-yourfqdn/public_api/v1/compliance/get_assessment_profiles");
var request = new RestRequest(Method.POST);
request.AddHeader("x-xdr-auth-id", "REPLACE_KEY_VALUE");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"request_data\":{\"filters\":[{\"field\":\"string\",\"operator\":\"string\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"pagination\":{\"search_from\":0,\"search_to\":100}}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);

Body parameters

required

application/json

request_dataobject

filtersarray

[

fieldstring

Identifies the assessment profile field the filter should match. Filters are based on the following keywords:

name: Assessment profile name
standard_name : Standard name
description: Assessment profile description
asset_group_name: Asset Group name
created_by: Creator of the assessment profile
modified_by: Modifier of the assessment profile
id: Assessment profile ID
report_type: Report type
standard_id: Standard ID
creation_time: Assessment profile's creation time
modification_time: Assessment profile's modification time
enabled: Whether the assessment profile is enabled
asset_group_id: Asset Group ID

operatorstring

Identifies the comparison operator you want to use for this filter. Valid keywords are:

eq / neq / contains / not_contains

name, standard_name, description, asset_group_name, created_by, modified_by, id, report_type, standard_id: String

gte, lte, range, relative_timestamp

creation_time, modification_time: Integer in timestamp epoch milliseconds

in

enabled: valid values are yes or no

eq / neq

asset_group_id: String

valueobject

Value that this filter must match. The contents of this field will differ depending on the assessment profile field that you specified for this filter

One of

string

When the field value is one of the following, the value is type string: name, standard_name, description, asset_group_name, created_by, modified_by, id, report_type, standard_id, asset_group_id

integer

When the field value is one of the following, the value is type integer: creation_time, modification_time

]

sortobject

fieldstring (Enum)

Sort according to this field

Default:"creation_time"

Allowed values:"name""category""subcategory""creation_time""created_by""modified_by""modified_ts""id""description""standard_name""standard_id""enabled""asset_group_name""modification_time""report_type"

keywordstring (Enum)

Sort in ascending (asc) or descending (desc) order

Default:"asc"

Allowed values:"asc""desc"

paginationobject

search_frominteger

Integer representing the starting offset within the query result set from which you want assessment profiles returned. Assessment profiles are returned as a zero-based list. Any assessment profile indexed less than this value is not returned in the final result set and defaults to zero.

search_tointeger

Integer representing the end offset within the result set after which you do not want assessment profiles returned. Assessment profiles in the assessment profile list that are indexed higher than this value are not returned in the final results set. Defaults to >100, which returns all assessment profiles to the end of the list.

Default:100

REQUEST

{
  "request_data": {
    "search_from": 0,
    "search_to": 50,
    "sort": {
      "field": "report_type",
      "keyword": "desc"
    },
    "filters": [
      {
        "field": "creation_time",
        "operator": "gte",
        "value": 0
      },
      {
        "field": "name",
        "operator": "eq",
        "value": "John"
      }
    ]
  }
}

Responses

Successfully retrieved assessment profiles

Body

application/json

replyobject

total_countinteger

Total number of records

result_countinteger

Number of records matching the filter + paging

assessment_profilesarray

[

idstring

Assessment profile ID

namestring

Assessment profile name

descriptionstring

Description of the assessment profile

enabledboolean

Whether the assessment profile is enabled

standard_idstring

Standard ID

standard_namestring

Standard name

asset_group_idinteger

Asset Group ID

asset_group_namestring

Asset Group name

report_typestring

Report type

report_targetsarray[string]

evaluation_frequencystring

creation_timestringdate-time

Assessment profile creation time

modification_timestringdate-time

Assessment profile modification time

created_bystring

Assessment profile creator

modified_bystring

Assesment profile modified by

]

RESPONSE
{
  "reply": {
    "total_count": 925,
    "result_count": 1,
    "assessment_profiles": [
      {
        "ID": "472141782aff4a2f999c5e3c35745b3a",
        "NAME": "Assessment example",
        "STANDARD_ID": "2nnd684-4z14-5cs82-c1a0-7c322b671844",
        "STANDARD_NAME": "CIS Amazon Linux 2 Benchmark v1.0.0",
        "ASSET_GROUP_ID": 1,
        "ASSET_GROUP_NAME": "asset group name",
        "DESCRIPTION": "assessment description",
        "REPORT_FREQUENCY": null,
        "REPORT_TARGETS": [],
        "REPORT_TYPE": "NONE",
        "ENABLED": true,
        "INSERT_TS": 1748259453615,
        "MODIFY_TS": 1748259453615,
        "CREATED_BY": "Generic Name",
        "MODIFIED_BY": "Generic Name"
      }
    ]
  }
}

Bad request - invalid input parameters

Body

application/json

replyobject

err_codeinteger

Error code

err_msgstring

Error message

err_extraobject

Additional error details

RESPONSE

{
  "reply": {
    "err_code": 400,
    "err_msg": "Invalid filter field. Allowed fields: name, category, subcategory, is_custom, creation_time, created_by, modified_by, modification_time, id, description",
    "err_extra": {}
  }
}

{
  "reply": {
    "err_code": 400,
    "err_msg": "Invalid operator 'range' for field 'name'. Allowed operators: eq, neq, contains, not_contains",
    "err_extra": {}
  }
}

{
  "reply": {
    "err_code": 400,
    "err_msg": "Missing required parameter: control_name",
    "err_extra": {}
  }
}

{
  "reply": {
    "err_code": 400,
    "err_msg": "Invalid value for is_custom field. Allowed values: yes, no",
    "err_extra": {}
  }
}

Authentication required

Body

application/json

replyobjectrequired

err_codeinteger

Error code

err_msgstring

Error message describing what went wrong

err_extraobject

Additional error details

RESPONSE
{
  "reply": {
    "err_code": 0,
    "err_msg": "example",
    "err_extra": {}
  }
}

Access denied - insufficient permissions

Body

application/json

replyobjectrequired

err_codeinteger

Error code

err_msgstring

Error message describing what went wrong

err_extraobject

Additional error details

RESPONSE
{
  "reply": {
    "err_code": 0,
    "err_msg": "example",
    "err_extra": {}
  }
}

Internal server error

Body

application/json

replyobject

err_codeinteger

Error code

err_msgstring

Error message

err_extraobject

Additional error details

RESPONSE
{
  "reply": {
    "err_code": 0,
    "err_msg": "example",
    "err_extra": {}
  }
}