Get compliance standards

Cortex XSIAM Platform APIs
post /public_api/v1/compliance/get_standards

Retrieve compliance standards with optional filtering, sorting and pagination.

  • The response is concatenated using AND condition (OR is not supported)
  • The maximum result set size is >100
  • Offset is the zero-based number of standards from the start of the result set

Required license: Cortex Cloud Runtime Security or Cortex Cloud Posture Management

Authentication: XDRAuthToken Api Key "Authorization"
Authentication: XDRAuth Api Key "x-xdr-auth-id"
CLIENT REQUEST
curl -X 'POST'
-H "Authorization: [[apiKey]]" \
-H "x-xdr-auth-id: [[apiKey]]" \
-H 'Accept: application/json'
-H 'Content-Type: application/json'
'https://api-yourfqdn/public_api/v1/compliance/get_standards'
-d ''
import http.client conn = http.client.HTTPSConnection("api-yourfqdn") payload = "{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":100}}" headers = { 'x-xdr-auth-id': "REPLACE_KEY_VALUE", 'content-type': "application/json" } conn.request("POST", "/public_api/v1/compliance/get_standards", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-yourfqdn/public_api/v1/compliance/get_standards") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["x-xdr-auth-id"] = 'REPLACE_KEY_VALUE' request["content-type"] = 'application/json' request.body = "{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":100}}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "request_data": { "filters": [ { "field": "name", "operator": "eq", "value": "string" } ], "sort": { "field": "name", "keyword": "asc" }, "search_from": 0, "search_to": 100 } }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-yourfqdn/public_api/v1/compliance/get_standards"); xhr.setRequestHeader("x-xdr-auth-id", "REPLACE_KEY_VALUE"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/compliance/get_standards") .header("x-xdr-auth-id", "REPLACE_KEY_VALUE") .header("content-type", "application/json") .body("{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":100}}") .asString();
import Foundation let headers = [ "x-xdr-auth-id": "REPLACE_KEY_VALUE", "content-type": "application/json" ] let parameters = ["request_data": [ "filters": [ [ "field": "name", "operator": "eq", "value": "string" ] ], "sort": [ "field": "name", "keyword": "asc" ], "search_from": 0, "search_to": 100 ]] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/compliance/get_standards")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-yourfqdn/public_api/v1/compliance/get_standards", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":100}}", CURLOPT_HTTPHEADER => [ "content-type: application/json", "x-xdr-auth-id: REPLACE_KEY_VALUE" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/compliance/get_standards"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "x-xdr-auth-id: REPLACE_KEY_VALUE"); headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":100}}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-yourfqdn/public_api/v1/compliance/get_standards"); var request = new RestRequest(Method.POST); request.AddHeader("x-xdr-auth-id", "REPLACE_KEY_VALUE"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"eq\",\"value\":\"string\"}],\"sort\":{\"field\":\"name\",\"keyword\":\"asc\"},\"search_from\":0,\"search_to\":100}}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Body parameters
application/json
request_dataobject
filtersarray

Array of filter conditions

[
fieldstring (Enum)required

Identifies the compliance standard field the filter should match. Filters are based on the following keywords:

  • name: Compliance standard name
  • id: Compliance standard ID
  • publisher: Compliance standard publisher
  • created_by: User who created the compliance standard
  • insertion_time: When the compliance standard was created
  • is_custom: Whether the compliance standard is custom
  • labels: Compliance standard labels
Allowed values:"name""id""publisher""is_custom""insertion_time""created_by""labels"
operatorobject (Enum)required

Identifies the comparison operator you want to use for this filter. Valid keywords are:

eq / neq / contains / not_contains:

  • name, id, publisher, created_by: String

gte / lte / range / relative_timestamp:

  • `insertion_time``: Integer in timestamp epoch milliseconds

in:

  • is_custom: Enum with possible values of yes or no

contains / not_contains:

  • labels: Array of strings
Allowed values:"eq""neq""contains""not_contains""gte""lte""range""relative_timestamp""in"
valueobjectrequired

Value that this filter must match. The contents of this field will differ depending on the assessment profile field that you specified for this filter.

string

When the field value is one of the following, the value is type string: name, id, publisher, created_by

integer

When the field value is one of the following, the value is type integer: insertion_time

Array
]
sortobject
fieldstring (Enum)

Field to sort by

Default:"creation_time"
Allowed values:"name""creation_time""created_by""id""insertion_time"
keywordstring (Enum)

Sort order

Default:"asc"
Allowed values:"asc""desc"
search_frominteger

Zero-based index of the first standard to return. Use with search_to to page through results. For example, search_from: 0 starts at the first standard; search_from: 50 skips the first 50.

search_tointeger

Zero-based index marking the end of the page (exclusive). The response includes standards from search_from up to, but not including, search_to. For example, search_from: 0 and search_to: 50 returns the first 50 standards.

Default:100
REQUEST
{ "request_data": { "search_from": 0, "search_to": 49 } }
{ "request_data": { "filters": [ { "field": "is_custom", "operator": "in", "value": [ "yes" ] }, { "field": "labels", "operator": "contains", "value": "aws" } ], "sort": { "field": "insertion_time", "keyword": "desc" }, "search_from": 0, "search_to": 24 } }
{ "request_data": { "filters": [ { "field": "labels", "operator": "contains", "value": "security" }, { "field": "is_custom", "operator": "in", "value": [ "yes" ] } ] } }
{ "request_data": { "filters": [ { "field": "insertion_time", "operator": "gte", "value": 1640995200000 }, { "field": "insertion_time", "operator": "lte", "value": 1672531200000 } ], "sort": { "field": "insertion_time", "keyword": "desc" } } }
Responses

Successfully retrieved standards

Body
application/json
total_countinteger

Total number of standards in the system

result_countinteger

Number of standards matching the filter criteria + paging

standardsarray
[
idstring

Standard ID

namestring

Standard name

descriptionstring

Description of the standard

publisherstring

Standard publisher/organization

labelsarray[string]

List of labels for categorization

insertion_timeintegerint64

Creation timestamp (epoch)

created_bystring

User who created the standard

is_customboolean

Whether this is a custom standard

controls_countinteger

Number of associated controls

controls_idsarray[string]

List of associated control IDs

]
RESPONSE
{ "reply": { "total_count": 17, "result_count": 2, "standards": [ { "id": "394fc8fc210645f6af8bb4267321482a", "name": "standard name", "description": "convert ...", "version": "", "assessments_profiles_count": 0, "controls_ids": [ "0b0b5304d06d44ffb3d7465855378185", "98497e7bf21f413b9df0d84ccb8857d0" ], "labels": [ "aws", "azure", "gcp" ], "revision": -6043636965775741000, "publisher": null, "release_date": "2025-06-18", "created_date": "2025-06-18", "created_by": "Palo Alto Networks", "insert_ts": 1750247438000, "modify_ts": 1750247439000, "is_custom": false }, { "id": "36ed307155e446938f157e3ed214fd72", "name": "standard name ...", "description": "", "version": "", "assessments_profiles_count": 0, "controls_ids": [ "0b0b5304d06d44ffb3d7465855378185", "98497e7bf21f413b9df0d84ccb8857d0" ], "labels": [ "aws" ], "revision": 8279863739578999000, "publisher": null, "release_date": "2025-05-18", "created_date": "2025-05-18", "created_by": "Palo Alto Networks", "insert_ts": 1750247311000, "modify_ts": 1750247313000, "is_custom": false } ] } }

Bad request - invalid input parameters

Body
application/json
replyobject
err_codeinteger

Error code

err_msgstring

Error message

err_extraobject

Additional error details

RESPONSE
{ "reply": { "err_code": 400, "err_msg": "Invalid filter field. Allowed fields: name, category, subcategory, is_custom, creation_time, created_by, modified_by, modification_time, id, description", "err_extra": {} } }
{ "reply": { "err_code": 400, "err_msg": "Invalid operator 'range' for field 'name'. Allowed operators: eq, neq, contains, not_contains", "err_extra": {} } }
{ "reply": { "err_code": 400, "err_msg": "Missing required parameter: control_name", "err_extra": {} } }
{ "reply": { "err_code": 400, "err_msg": "Invalid value for is_custom field. Allowed values: yes, no", "err_extra": {} } }

Internal server error

Body
application/json
replyobject
err_codeinteger

Error code

err_msgstring

Error message

err_extraobject

Additional error details

RESPONSE
{ "reply": { "err_code": 500, "err_msg": "Failed to retrieve controls", "err_extra": {} } }