Get All Attack Surface Rules

post /public_api/v1/get_attack_surface_rules/

Get all or a subset of attack surface rules.
Required License: Cortex Xpanse Expander

Request headers

authorization

String

required

api-key

Example: {{api_key}}

x-xdr-auth-id

String

required

api-key-id

Example: {{api_key_id}}

Body parameters

required

request_dataObject

(Required) A dictionary containing the API request fields.
An empty dictionary returns all results.

filtersArray

Provides an array of filtered fields. Each JSON object can contain the following keywords: - field - operators - value

[

fieldString (Enum)

Identifies the alert field the filter is matching. Filters are based on the following keywords: - enabled_status - category - priority - attack_surface_rule_id - asm_alert_categories

Allowed values:"attack_surface_rule_id""category""priority""enabled_status""asm_alert_categories"

operatorString (Enum)

String that identifies the comparison operator you want to use for this filter. - in

Allowed values:"in"

valueObject

Value that this filter must match. The contents of this field will differ depending on the alert field that you specified for this filter

]

search_fromInteger

An integer representing the starting offset within the query result set from which you want attack surface rules returned

search_toInteger

An integer representing the end offset within the result set after which you do not want attack surface rules returned.
Attack surface rules in the alerts list that are indexed higher than this value are not returned in the final results set.

sortObject

Identifies the sort order for the result set. By default, the sort is defined as created, DESC.

fieldString (Enum)

Allowed values:"enabled_status""priority""category""attack_surface_rule_id""attack_surface_rule_name""created"

keywordString (Enum)

Can either be ASC (ascending order) or DESC (descending order).

Allowed values:"ASC""asc""DESC""desc"

Free-Form object

REQUEST BODY

{
  "request_data": {
    "search_from": 0,
    "filters": [
      {
        "field": "attack_surface_rule_id",
        "value": "AttackSurfaceRulesFilter_value",
        "operator": "in"
      },
      {
        "field": "attack_surface_rule_id",
        "value": "AttackSurfaceRulesFilter_value",
        "operator": "in"
      }
    ],
    "sort": {
      "field": "created",
      "keyword": "desc"
    },
    "search_to": 0
  }
}

CLIENT REQUEST

          curl -X 'POST'

        -H
        'Accept: application/json'
      

        -H
        'Content-Type: application/json'
      

          -H
          'authorization: {{api_key}}'
          -H
          'x-xdr-auth-id: {{api_key_id}}'
      

      'https://api-}/public_api/v1/get_attack_surface_rules/'
    

      -d
      '{
  "request_data" : {
    "search_from" : 0,
    "filters" : [ {
      "field" : "attack_surface_rule_id",
      "value" : "AttackSurfaceRulesFilter_value",
      "operator" : "in"
    }, {
      "field" : "attack_surface_rule_id",
      "value" : "AttackSurfaceRulesFilter_value",
      "operator" : "in"
    } ],
    "sort" : {
      "field" : "created",
      "keyword" : "desc"
    },
    "search_to" : 0
  }
}'
    


      

import http.client

conn = http.client.HTTPSConnection("api-")

payload = "{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}"

headers = {
    'authorization': "{{api_key}}",
    'x-xdr-auth-id': "{{api_key_id}}",
    'content-type': "application/json"
    }

conn.request("POST", "%7B%7Bfqdn%7D%7D/public_api/v1/get_attack_surface_rules/", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/get_attack_surface_rules/")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["authorization"] = '{{api_key}}'
request["x-xdr-auth-id"] = '{{api_key_id}}'
request["content-type"] = 'application/json'
request.body = "{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}"

response = http.request(request)
puts response.read_body

const data = JSON.stringify({
  "request_data": {
    "filters": [
      {
        "field": "attack_surface_rule_id",
        "operator": "in",
        "value": "string"
      }
    ],
    "search_from": 0,
    "search_to": 500,
    "sort": {
      "field": "enabled_status",
      "keyword": "ASC"
    }
  }
});

const xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/get_attack_surface_rules/");
xhr.setRequestHeader("authorization", "{{api_key}}");
xhr.setRequestHeader("x-xdr-auth-id", "{{api_key_id}}");
xhr.setRequestHeader("content-type", "application/json");

xhr.send(data);

HttpResponse<String> response = Unirest.post("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/get_attack_surface_rules/")
  .header("authorization", "{{api_key}}")
  .header("x-xdr-auth-id", "{{api_key_id}}")
  .header("content-type", "application/json")
  .body("{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}")
  .asString();

import Foundation

let headers = [
  "authorization": "{{api_key}}",
  "x-xdr-auth-id": "{{api_key_id}}",
  "content-type": "application/json"
]
let parameters = ["request_data": [
    "filters": [
      [
        "field": "attack_surface_rule_id",
        "operator": "in",
        "value": "string"
      ]
    ],
    "search_from": 0,
    "search_to": 500,
    "sort": [
      "field": "enabled_status",
      "keyword": "ASC"
    ]
  ]] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/get_attack_surface_rules/")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()

<?php

$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/get_attack_surface_rules/",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}",
  CURLOPT_HTTPHEADER => [
    "authorization: {{api_key}}",
    "content-type: application/json",
    "x-xdr-auth-id: {{api_key_id}}"
  ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

CURL *hnd = curl_easy_init();

curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/get_attack_surface_rules/");

struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "authorization: {{api_key}}");
headers = curl_slist_append(headers, "x-xdr-auth-id: {{api_key_id}}");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);

curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}");

CURLcode ret = curl_easy_perform(hnd);

var client = new RestClient("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/get_attack_surface_rules/");
var request = new RestRequest(Method.POST);
request.AddHeader("authorization", "{{api_key}}");
request.AddHeader("x-xdr-auth-id", "{{api_key_id}}");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);

Responses

Body

replyObjectrequired

total_countInteger

result_countInteger

attack_surface_rulesArray

[

attack_surface_rule_nameString

enabled_statusString

priorityString

descriptionString

attack_surface_rule_idString

categoryString

knowledge_base_linkString

createdInteger

modifiedInteger

modified_byString

remediation_guidanceString

asm_alert_categoriesArray[string]

Free-Form object

]

Free-Form object

RESPONSE

{
  "reply": {
    "total_count": 0,
    "result_count": 0,
    "attack_surface_rules": [
      {
        "attack_surface_rule_name": "attack_surface_rule_name_example",
        "enabled_status": "enabled_status_example",
        "priority": "priority_example",
        "description": "description_example",
        "attack_surface_rule_id": "attack_surface_rule_id_example",
        "category": "category_example",
        "knowledge_base_link": "knowledge_base_link_example",
        "created": 0,
        "modified": 0,
        "modified_by": "modified_by_example",
        "remediation_guidance": "remediation_guidance_example",
        "asm_alert_categories": [
          "asm_alert_categories_example"
        ]
      }
    ]
  }
}

Bad Request. Got an invalid JSON.

Body

replyObject

The query results upon error.

Free-Form object

RESPONSE

{
  "reply": {}
}

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body

replyObject

The query results upon error.

Free-Form object

RESPONSE

{
  "reply": {}
}

Unauthorized access. User does not have the required license type to run this API.

Body

replyObject

The query results upon error.

Free-Form object

RESPONSE

{
  "reply": {}
}

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body

replyObject

The query results upon error.

Free-Form object

RESPONSE

{
  "reply": {}
}

Unprocessable Entity

Body

codeInteger

Error code

statusString

Error name

messageString

Error message

errorsObject

Errors

RESPONSE

{
  "code": 0,
  "status": "status_example",
  "message": "message_example",
  "errors": {}
}

Internal server error. A unified status for API communication type errors.

Body

replyObject

The query results upon error.

Free-Form object

RESPONSE

{
  "reply": {}
}