Get All Assets

Cortex Xpanse REST API

post /public_api/v1/assets/get_assets_internet_exposure/

The maximum result limit is 5000 assets.
Required license: **Cortex Xpanse Expander**

Get a list of all your assets or a filtered list of your assets.

CURL
curl -X POST \ -H "Accept: application/json" \ -H "Content-Type: application/json" -H "authorization: {{api_key}}" -H "x-xdr-auth-id: {{api_key_id}}" \ "https://api-}/public_api/v1/assets/get_assets_internet_exposure/" \ -d '{ "request_data" : { "search_from" : 0, "next_page_token" : "next_page_token", "filters" : [ { "field" : "name", "value" : "AsmAssetsFilter_value", "operator" : "in" }, { "field" : "name", "value" : "AsmAssetsFilter_value", "operator" : "in" } ], "sort" : { "field" : "name", "keyword" : "asc" }, "search_to" : 0, "use_page_token" : true } }'
Request headers
authorization
required
String
api-key
Example: {{api_key}}
x-xdr-auth-id
required
String
api-key-id
Example: {{api_key_id}}
Request
Body
required
Example: {"request_data":{"filters":[{"field":"name","operator":"in","value":"string"}],"search_from":0,"search_to":500,"sort":{"field":"name","keyword":"asc"},"use_page_token":true,"next_page_token":"string"}}
request_data
required
A dictionary containing the API request fields. An empty dictionary returns all results.
filters
optional
Array
An array of filter fields.
field
optional
String (Enum)
Identifies the assets field the filter is matching. Case-sensitive.
Allowed values:
name
has_xdr_agent
ip_address
externally_detected_providers
type
has_active_external_services
mac_addresses
externally_inferred_cves
aws_cloud_tags
gcp_cloud_tags
azure_cloud_tags
tags
business_units_list
ipv6_address
has_bu_overrides
asm_id_list
first_observed
last_observed
operator
optional
String (Enum)

Identifies the comparison operator you want to use for this filter. Valid keywords and values are:

  • contains / not_contains: use with externally_detected_providers, externally_inferred_cves, name
  • eq / neq: use with name, ip_address, has_bu_overrides.
  • gte: Filters data from a specific timestamp onwards. Use with first_observed, last_observed.
  • in: use with has_active_external_services, type, business_units_list.
  • lte: Filters data up to a specific timestamp. Use with first_observed, last_observed.
  • range: Filters data between two specific timestamps.Use with first_observed, last_observed.
  • relative_timestamp: Filters data relative to the current time (e.g., last 30 days). Use with first_observed or last_observed.
Allowed values:
in
contains
neq
eq
not_contains
gte
lte
range
relative_timestamp
value
optional

Value depends on the filter field used.

  • business_un****its_list: string or list of strings in the format "BU name" or "BU:BU name", for example “Acme & Co, Inc.” or “BU:Acme & Co, Inc.”
  • externally_detected_providers: string
  • externally_inferred_cves: string
  • first_observed — values in milliseconds format
    • with gte or lte operator, specify a specific date or time as a timestamp in milliseconds format
    • with range operator, specify "to" and "from" values as timestamps in milliseconds format "value": { "from": "{{previous30Days}}","to": "{{previous7Days}}"
    • with relative_timestamp operator, specify time interval to look back on (24H, 7D, 30D, etc.) as a value in milliseconds format
  • has_active_external_services: list of strings (enum values: "yes", "no", "unknown")
  • has_bu_overrides: boolean ("true" or "false")
  • ip_address: string
  • ipv6_address: string
  • last_observed — values in milliseconds format
    • with gte or lte operator, specify a specific date or time as a timestamp in milliseconds format
    • with range operator, specify "to" and "from" values as timestamps in milliseconds format, as follows "value": { "from": "{{previous30Days}}","to": "{{previous7Days}}"
    • with relative_timestamp operator, specify time interval to look back on (24H, 7D, 30D, etc.) as a value in milliseconds format
  • name: string
  • type: List of strings (enum values: "certificate", "cloud_integration", "cloud_compute_instance", "domain", "unassociated_responsive_ip")
  • tags: List of strings indicating the tags to filter on in the format "tag-family:tag-name", for example "AR:registered to you".
  • type: string
search_from
optional
Integer
Represents the start offset index of results.
search_to
optional
Integer
An integer representing the start offset index of results. Use this field to specify the number of results on a page when using page token pagination.
Max value - 5000
sort
optional
Object
Identifies the sort order for the result set.
field
optional
String (Enum)
Case sensitive.
Allowed values:
first_observed
name
last_observed
keyword
optional
String (Enum)
Case sensitive.
Allowed values:
ASC
asc
DESC
desc
use_page_token
optional
Boolean
Use "use_page_token":true in the initial request to paginate the response data.
next_page_token
optional
String
If "use_page_token":true was included in the initial request, the response for that request will include a page token.
Use "next_page_token":"string" to pass that page token into the next request to paginate the next set of data.'
Responses

OK

Body
reply
optional
Object
total_count
optional
Integer
result_count
optional
Integer
assets_internet_exposure
optional
Array of objects
agent_id
optional
String
annotation
optional
String
asm_ids
required
Array of strings
asm_va_score
optional
Number
asset_explainers
optional
Array of strings
asset_type
required
String
aws_cloud_tags
optional
Array of strings
azure_cloud_tags
optional
Array of strings
business_units
optional
Array
certificate_algorithm
optional
String
certificate_classifications
optional
Array of strings
certificate_details
optional
Object
issuer
optional
String
issuerAlternativeNames
optional
String
issuerCountry
optional
String
issuerEmail
optional
String
issuerLocality
optional
String
issuerName
optional
String
issuerOrg
optional
String
formattedIssuerOrg
optional
String
issuerOrgUnit
optional
String
issuerState
optional
String
publicKey
optional
String
publicKeyAlgorithm
optional
String
publicKeyRsaExponent
optional
Integer
signatureAlgorithm
optional
String
subject
optional
String
subjectAlternativeNames
optional
String
subjectCountry
optional
String
subjectEmail
optional
String
subjectLocality
optional
String
subjectName
optional
String
subjectOrg
optional
String
subjectOrgUnit
optional
String
subjectState
optional
String
serialNumber
optional
String
validNotBefore
optional
Integer
validNotAfter
optional
Integer
version
optional
String
publicKeyBits
optional
Integer
publicKeyModulus
optional
String
publicKeySpki
optional
String
sha1Fingerprint
optional
String
sha256Fingerprint
optional
String
md5Fingerprint
optional
String
certificate_expiry_date
optional
Integer
certificate_issuer
optional
String
cloud_id
optional
String
cloud_provider
optional
String
cloud_resource_type
optional
String
creation_time
optional
Integer
date_added
required
Integer
domain
optional
String
domain_details
optional
Object
admin
optional
Object
city
optional
String
country
optional
String
emailAddress
optional
String
faxExtension
optional
String
faxNumber
optional
String
name
optional
String
organization
optional
String
phoneExtension
optional
String
phoneNumber
optional
String
postalCode
optional
String
province
optional
String
registryId
optional
String
street
optional
String
alignedRegistrar
optional
String
collectionTime
required
Integer
creationDate
optional
Integer
dnssec
optional
String
domainName
required
String
domainStatuses
optional
Array of strings
dropped
required
Boolean
nameServers
optional
Array of strings
registrant
optional
Object
city
optional
String
country
optional
String
emailAddress
optional
String
faxExtension
optional
String
faxNumber
optional
String
name
optional
String
organization
optional
String
phoneExtension
optional
String
phoneNumber
optional
String
postalCode
optional
String
province
optional
String
registryId
optional
String
street
optional
String
registrar
required
Object
abuseContactEmail
optional
String
abuseContactPhone
optional
String
alignedName
optional
String
ianaId
optional
Number
name
optional
String
registrationExpirationDate
optional
Number
url
optional
String
whoisServer
optional
String
registryDomainId
optional
String
registryExpiryDate
optional
Integer
reseller
optional
String
retrievedDate
required
Integer
tech
optional
Object
city
optional
String
country
optional
String
emailAddress
optional
String
faxExtension
optional
String
faxNumber
optional
String
name
optional
String
organization
optional
String
phoneExtension
optional
String
phoneNumber
optional
String
postalCode
optional
String
province
optional
String
registryId
optional
String
street
optional
String
updatedDate
optional
Integer
domain_resolves
required
Boolean
extended_properties
optional
Object
last_start_time
optional
Integer
machine_type
optional
String
network_interfaces
optional
Array of objects
id
optional
String
ip
optional
String
subnet_id
optional
String
vpc_id
optional
String
private_ips
optional
Array of strings
public_ips
optional
Array of strings
volume
optional
Array of objects
boot
optional
Boolean
id
optional
String
name
optional
String
type
optional
String
external_ips
optional
Array of strings
externally_detected_providers
optional
Array of strings
externally_inferred_cves
optional
Array of strings
first_observed
required
Integer
gcp_cloud_tags
optional
Array of strings
geo_region
optional
String
has_active_externally_services
optional
Boolean
has_alerts
optional
Boolean
has_bu_overrides
optional
Boolean
has_incidents
optional
Boolean
has_xdr_agent
required
String
hierarchy
optional
String
internal_ips
optional
Array of strings
iot_category
optional
String
iot_model
optional
String
iot_profile
optional
String
ip_ranges
optional
Array of strings
ips
optional
Array of strings
ipv6s
optional
Array of strings
last_observed
required
Integer
last_sampled_ip
optional
Integer
mac_addresses
optional
Array of strings
management_status
optional
Array of strings
name
required
String
open_ports
optional
Array of integers
operation_system
optional
String
project_name
optional
String
provider_account
optional
String
recent_ips
optional
Array of objects
id
optional
String
ip
optional
Integer
ipv6
optional
String
source
optional
Object
name
required
String
provider
optional
Object
name
required
String
additionalProviderInfo
optional
String
isCdn
required
Boolean
legacyName
required
String
displayName
required
String
cdn
required
Boolean
lastObserved
required
Integer
firstObserved
required
Integer
region
optional
String
sensor
optional
Array of strings
service_type
optional
Array of strings
sub_region
optional
Array of strings
tags
optional
Array of strings
vpc_name_id
optional
String
next_page_token
optional
String
This attribute is only returned if use_page_token is provided in the request with value true

Bad Request. Got an invalid JSON.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Unauthorized access. User does not have the required license type to run this API.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Unprocessable Entity

Body
code
optional
Integer
Error code
status
optional
String
Error name
message
optional
String
Error message
errors
optional
Object
Errors

Internal server error. A unified status for API communication type errors.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.