post
/public_api/v1/compliance/get_reports
Retrieve archived compliance assessment reports with optional filtering, sorting and pagination.
- The response is concatenated using AND condition (OR is not supported)
- The maximum result set size is >100
- Offset is the zero-based number of assessment profiles from the start of the result set
Required license: Cortex Cloud Runtime Security or Cortex Cloud Posture Management
CLIENT REQUEST
curl -X 'POST'
-H "Authorization: [[apiKey]]"
\
-H "x-xdr-auth-id: [[apiKey]]"
\
-H
'Accept: application/json'
-H
'Content-Type: application/json'
'https://api-yourfqdn/public_api/v1/compliance/get_reports'
-d
''
import http.client
conn = http.client.HTTPSConnection("api-yourfqdn")
payload = "{\"request_data\":{\"filters\":[{\"field\":\"standard_name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"standard_name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":1}}"
headers = {
'x-xdr-auth-id': "REPLACE_KEY_VALUE",
'content-type': "application/json"
}
conn.request("POST", "/public_api/v1/compliance/get_reports", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-yourfqdn/public_api/v1/compliance/get_reports")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["x-xdr-auth-id"] = 'REPLACE_KEY_VALUE'
request["content-type"] = 'application/json'
request.body = "{\"request_data\":{\"filters\":[{\"field\":\"standard_name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"standard_name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":1}}"
response = http.request(request)
puts response.read_bodyconst data = JSON.stringify({
"request_data": {
"filters": [
{
"field": "standard_name",
"operator": "eq",
"value": "string"
}
],
"sort": {
"field": "standard_name",
"keyword": "asc"
},
"search_from": 0,
"search_to": 1
}
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://api-yourfqdn/public_api/v1/compliance/get_reports");
xhr.setRequestHeader("x-xdr-auth-id", "REPLACE_KEY_VALUE");
xhr.setRequestHeader("content-type", "application/json");
xhr.send(data);HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/compliance/get_reports")
.header("x-xdr-auth-id", "REPLACE_KEY_VALUE")
.header("content-type", "application/json")
.body("{\"request_data\":{\"filters\":[{\"field\":\"standard_name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"standard_name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":1}}")
.asString();import Foundation
let headers = [
"x-xdr-auth-id": "REPLACE_KEY_VALUE",
"content-type": "application/json"
]
let parameters = ["request_data": [
"filters": [
[
"field": "standard_name",
"operator": "eq",
"value": "string"
]
],
"sort": [
"field": "standard_name",
"keyword": "asc"
],
"search_from": 0,
"search_to": 1
]] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/compliance/get_reports")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-yourfqdn/public_api/v1/compliance/get_reports",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\"request_data\":{\"filters\":[{\"field\":\"standard_name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"standard_name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":1}}",
CURLOPT_HTTPHEADER => [
"content-type: application/json",
"x-xdr-auth-id: REPLACE_KEY_VALUE"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/compliance/get_reports");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "x-xdr-auth-id: REPLACE_KEY_VALUE");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"filters\":[{\"field\":\"standard_name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"standard_name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":1}}");
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-yourfqdn/public_api/v1/compliance/get_reports");
var request = new RestRequest(Method.POST);
request.AddHeader("x-xdr-auth-id", "REPLACE_KEY_VALUE");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"request_data\":{\"filters\":[{\"field\":\"standard_name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"standard_name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":1}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Body parameters
required
request_dataobjectrequired
filtersarray
sortobject
fieldstring (Enum)
keywordstring (Enum)
search_frominteger
search_tointeger
application/json
request_dataobjectrequired
filtersarrayOptional filters to apply to the reports
Optional filters to apply to the reports
[fieldobject (Enum)required
operatorobject (Enum)required
valueobjectrequired
string
integer
]
fieldobject (Enum)requiredIdentifies the compliance report field the filter should match. Filters are based on the following keywords:
standard_name: Standard nameassessment_profile_name: Assessment profile nameasset_group_name: Asset Group namescore: Compliance scoreevaluation_time: Evaluation time
Identifies the compliance report field the filter should match. Filters are based on the following keywords:
standard_name: Standard nameassessment_profile_name: Assessment profile nameasset_group_name: Asset Group namescore: Compliance scoreevaluation_time: Evaluation time
Allowed values:"standard_name""assessment_profile_name""asset_group_name""score""evaluation_time"
operatorobject (Enum)requiredIdentifies the comparison operator you want to use for this filter. Valid keywords are:
eq / neq / contains / not_contains:
standard_name, assessment_profile_name, asset_group_name: String
gte / lte / range / relative_timestamp:
- `evaluation_time``: Integer in timestamp epoch milliseconds
gte / lte / eq / neq:
score: Integer
Identifies the comparison operator you want to use for this filter. Valid keywords are:
eq / neq / contains / not_contains:
standard_name,assessment_profile_name,asset_group_name: String
gte / lte / range / relative_timestamp:
- `evaluation_time``: Integer in timestamp epoch milliseconds
gte / lte / eq / neq:
score: Integer
Allowed values:"eq""neq""contains""not_contains""gte""lte""range""relative_timestamp"
valueobjectrequiredValue that this filter must match. The contents of this field will differ depending on the assessment profile field that you specified for this filter.
Value that this filter must match. The contents of this field will differ depending on the assessment profile field that you specified for this filter.
stringWhen the field value is one of the following, the value is type string: standard_name, assessment_profile_name, asset_group_name
When the field value is one of the following, the value is type string: standard_name, assessment_profile_name, asset_group_name
integerWhen the field value is one of the following, the value is type integer: evaluation_time, score
When the field value is one of the following, the value is type integer: evaluation_time, score
sortobjectSorting configuration
Sorting configuration
fieldstring (Enum)Field to sort by
Field to sort by
Default:
"evaluation_time"Allowed values:"standard_name""assessment_profile_name""asset_group_name""score""evaluation_time"
keywordstring (Enum)Sort direction
Sort direction
Default:
"asc"Allowed values:"asc""desc"
search_fromintegerStarting index for pagination
Starting index for pagination
search_tointegerEnding index for pagination
Ending index for pagination
REQUEST
{
"request_data": {
"search_from": 0,
"search_to": 1,
"filters": [
{
"field": "standard_name",
"operator": "neq",
"value": "PCI DSS v4.0.1"
}
]
}
}{
"request_data": {
"search_from": 0,
"search_to": 25,
"filters": [
{
"field": "score",
"operator": "gte",
"value": 80
}
],
"sort": {
"field": "score",
"keyword": "desc"
}
}
}{
"request_data": {
"search_from": 0,
"search_to": 50,
"filters": [
{
"field": "standard_name",
"operator": "eq",
"value": "SOC2"
},
{
"field": "evaluation_time",
"operator": "gte",
"value": 1640995200000
}
],
"sort": {
"field": "evaluation_time",
"keyword": "desc"
}
}
}Responses
Successfully retrieved compliance reports
Body
application/json
replyobject
total_countintegerTotal number of reports in the archive
Total number of reports in the archive
result_countintegerNumber of reports returned in this response (filter + paging)
Number of reports returned in this response (filter + paging)
filter_countintegerNumber of reports matching the filter criteria
Number of reports matching the filter criteria
reportsarrayList of compliance reports
List of compliance reports
[]
RESPONSE
{
"reply": {
"total_count": 0,
"result_count": 0,
"filter_count": 0,
"reports": [
{
"report_id": 2,
"standard_name": "Secure Controls Framework (SCF) v2022.2.1",
"assessment_profile": "test-p1",
"asset_group": "Asset group for AWS, Azure & GCP",
"score": 63.0,
"controls_status": [
{
"count": 11,
"value": "PASSED",
"pretty_name": "Passed"
},
{
"count": 1027,
"value": "NOT_ASSESSED",
"pretty_name": "Not assessed"
},
{
"count": 19,
"value": "FAILED",
"pretty_name": "Failed"
}
],
"failed_controls_severity": [
{
"count": 1,
"value": "CRITICAL",
"pretty_name": "Critical"
},
{
"count": 11,
"value": "HIGH",
"pretty_name": "High"
},
{
"count": 5,
"value": "MEDIUM",
"pretty_name": "Medium"
},
{
"count": 2,
"value": "LOW",
"pretty_name": "Low"
},
{
"count": 0,
"value": "INFORMATIONAL",
"pretty_name": "Informational"
}
],
"evaluation_time": 1759305778000,
"assessment_profile_id": "ddc31d5742ba4480b6d1c940c51651c2",
"cvs_file_deleted": false
}
]
}
}Bad request - invalid input parameters for reports
Body
application/json
replyobject
err_codeintegerError code
Error code
err_msgstringError message
Error message
err_extraobjectAdditional error details
Additional error details
RESPONSE
{
"reply": {
"err_code": 400,
"err_msg": "Invalid score value. Score must be between 0 and 100",
"err_extra": {}
}
}{
"reply": {
"err_code": 400,
"err_msg": "Invalid operator 'contains' for field 'score'. Allowed operators: gte, lte, eq, neq",
"err_extra": {}
}
}{
"reply": {
"err_code": 400,
"err_msg": "Invalid sort field. Allowed fields: standard_name, assessment_profile_name, asset_group_name, score, evaluation_time",
"err_extra": {}
}
}{
"reply": {
"err_code": 400,
"err_msg": "Invalid filter field 'invalid_field'. Allowed fields: standard_name, assessment_profile_name, asset_group_name, score, evaluation_time",
"err_extra": {}
}
}Internal server error
Body
application/json
replyobject
err_codeintegerError code
Error code
err_msgstringError message
Error message
err_extraobjectAdditional error details
Additional error details
RESPONSE
{
"reply": {
"err_code": 500,
"err_msg": "Failed to retrieve controls",
"err_extra": {}
}
}