Get compliance controls

Cortex XSIAM Platform APIs
post /public_api/v1/compliance/get_controls

Compliance controls are measures related to the standard that ensure compliance and mitigate risks. Controls are built from one or more rules, the specific checks that run on an asset. Controls can be grouped into categories, for example RBAC and Pod security.

Retrieve compliance control details with optional filtering, sorting and pagination.

  • The response is concatenated using AND condition (OR is not supported)
  • The maximum result set size is >100
  • Offset is the zero-based number of assessment profiles from the start of the result set

Required license: Cortex Cloud Runtime Security or Cortex Cloud Posture Management

Authentication: XDRAuthToken Api Key "Authorization"
Authentication: XDRAuth Api Key "x-xdr-auth-id"
CLIENT REQUEST
curl -X 'POST'
-H "Authorization: [[apiKey]]" \
-H "x-xdr-auth-id: [[apiKey]]" \
-H 'Accept: application/json'
-H 'Content-Type: application/json'
'https://api-yourfqdn/public_api/v1/compliance/get_controls'
-d ''
import http.client conn = http.client.HTTPSConnection("api-yourfqdn") payload = "{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":100}}" headers = { 'x-xdr-auth-id': "REPLACE_KEY_VALUE", 'content-type': "application/json" } conn.request("POST", "/public_api/v1/compliance/get_controls", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-yourfqdn/public_api/v1/compliance/get_controls") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["x-xdr-auth-id"] = 'REPLACE_KEY_VALUE' request["content-type"] = 'application/json' request.body = "{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":100}}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "request_data": { "filters": [ { "field": "name", "operator": "eq", "value": "string" } ], "sort": { "field": "name", "keyword": "asc" }, "search_from": 0, "search_to": 100 } }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-yourfqdn/public_api/v1/compliance/get_controls"); xhr.setRequestHeader("x-xdr-auth-id", "REPLACE_KEY_VALUE"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/compliance/get_controls") .header("x-xdr-auth-id", "REPLACE_KEY_VALUE") .header("content-type", "application/json") .body("{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":100}}") .asString();
import Foundation let headers = [ "x-xdr-auth-id": "REPLACE_KEY_VALUE", "content-type": "application/json" ] let parameters = ["request_data": [ "filters": [ [ "field": "name", "operator": "eq", "value": "string" ] ], "sort": [ "field": "name", "keyword": "asc" ], "search_from": 0, "search_to": 100 ]] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/compliance/get_controls")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-yourfqdn/public_api/v1/compliance/get_controls", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":100}}", CURLOPT_HTTPHEADER => [ "content-type: application/json", "x-xdr-auth-id: REPLACE_KEY_VALUE" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/compliance/get_controls"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "x-xdr-auth-id: REPLACE_KEY_VALUE"); headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":100}}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-yourfqdn/public_api/v1/compliance/get_controls"); var request = new RestRequest(Method.POST); request.AddHeader("x-xdr-auth-id", "REPLACE_KEY_VALUE"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":100}}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Body parameters
application/json
request_dataobject
filtersarray
[
fieldstring (Enum)required

Identifies the compliance control field the filter should match. Filters are based on the following keywords:

  • name: Compliance control name
  • category : Compliance control category
  • subcategory: Compliance control subcategory
  • description: Compliance control description
  • created_by: Creator of the compliance control
  • modified_by: Modifier of the compliance control
  • id: Compliance control ID
  • creation_time: Compliance control's creation time
  • modification_time: Compliance control's modification time
  • is_custom: Whether the compliance control is custom
Allowed values:"name""category""subcategory""is_custom""creation_time""created_by""modified_by""modification_time""id""description"
operatorobject (Enum)required

Identifies the comparison operator you want to use for this filter. Valid keywords are:

eq / neq / contains / not_contains:

  • name, category, subcategory, created_by, modified_by, id, description: String

gte, lte, range, relative_timestamp:

  • creation_time, modification_time: Integer in timestamp epoch milliseconds

in:

  • is_custom: valid values are yes or no
Allowed values:"eq""neq""contains""not_contains""gte""lte""range""relative_timestamp""in"
valueobjectrequired

Value that this filter must match. The contents of this field will differ depending on the assessment profile field that you specified for this filter.

string

When the field value is one of the following, the value is type string: name, category, subcategory, created_by, modified_by, id, description

integer

When the field value is one of the following, the value is type integer: creation_time, modification_time

]
sortobject
fieldstring (Enum)

Sort according to this field

Default:"creation_time"
Allowed values:"name""category""subcategory""creation_time""created_by""modified_by""modification_time""id"
keywordstring (Enum)

Sort in ascending (asc) or descending (desc) order

Default:"asc"
Allowed values:"asc""desc"
search_frominteger

Integer representing the starting offset within the query result set from which you want compliance controls returned. Compliance controls are returned as a zero-based list. Any compliance control indexed less than this value is not returned in the final result set and defaults to zero.

search_tointeger

Integer representing the end offset within the result set after which you do not want compliance controls returned. Compliance controls in the compliance control list that are indexed higher than this value are not returned in the final results set. Defaults to >100, which returns all compliance controls to the end of the list.

Default:100
REQUEST
{ "request_data": { "filters": [ { "field": "name", "operator": "contains", "value": "Access Enforcement" } ] } }
{ "request_data": { "filters": [ { "field": "is_custom", "operator": "in", "value": [ "yes" ] } ] } }
{ "request_data": { "filters": [ { "field": "creation_time", "operator": "gte", "value": 1640995200000 }, { "field": "creation_time", "operator": "lte", "value": 1672531200000 } ] } }
Responses

Successfully retrieved controls

Body
application/json
replyobject
total_countinteger

Total number of controls

result_countinteger

Number of controls matching filters + paging

controlsarray
[
idstring

Compliance control ID

namestring

Compliance control name

descriptionstring

Description of the ompliance control

categorystring

Compliance control category

subcategorystring

Compliance control subcategory

creation_timeintegerint64

Creation timestamp

modification_timeintegerint64

Last modification timestamp

created_bystring

User who created the control

modified_bystring

User who last modified the control

is_customboolean

Whether this is a custom control

]
RESPONSE
{ "reply": { "total_count": 0, "result_count": 0, "controls": [ { "id": "example", "name": "example", "description": "example", "category": "example", "subcategory": "example", "creation_time": 0, "modification_time": 0, "created_by": "example", "modified_by": "example", "is_custom": false } ] } }

Bad request - invalid input parameters

Body
application/json
replyobject
err_codeinteger

Error code

err_msgstring

Error message

err_extraobject

Additional error details

RESPONSE
{ "reply": { "err_code": 400, "err_msg": "Invalid filter field. Allowed fields: name, category, subcategory, is_custom, creation_time, created_by, modified_by, modification_time, id, description", "err_extra": {} } }
{ "reply": { "err_code": 400, "err_msg": "Invalid operator 'range' for field 'name'. Allowed operators: eq, neq, contains, not_contains", "err_extra": {} } }
{ "reply": { "err_code": 400, "err_msg": "Missing required parameter: control_name", "err_extra": {} } }
{ "reply": { "err_code": 400, "err_msg": "Invalid value for is_custom field. Allowed values: yes, no", "err_extra": {} } }

Internal server error

Body
application/json
replyobject
err_codeinteger

Error code

err_msgstring

Error message

err_extraobject

Additional error details

RESPONSE
{ "reply": { "err_code": 500, "err_msg": "Failed to retrieve controls", "err_extra": {} } }