Get All Attack Surface Rules

Cortex Xpanse REST API

post /public_api/v1/get_attack_surface_rules/

Required License: **Cortex Xpanse Expander**

Get all or a subset of attack surface rules.

CURL
curl -X POST \ -H "Accept: application/json" \ -H "Content-Type: application/json" -H "authorization: {{api_key}}" -H "x-xdr-auth-id: {{api_key_id}}" \ "https://api-}/public_api/v1/get_attack_surface_rules/" \ -d '{ "request_data" : { "search_from" : 0, "filters" : [ { "field" : "attack_surface_rule_id", "value" : "AttackSurfaceRulesFilter_value", "operator" : "in" }, { "field" : "attack_surface_rule_id", "value" : "AttackSurfaceRulesFilter_value", "operator" : "in" } ], "sort" : { "field" : "created", "keyword" : "desc" }, "search_to" : 0 } }'
Request headers
authorization
required
String
api-key
Example: {{api_key}}
x-xdr-auth-id
required
String
api-key-id
Example: {{api_key_id}}
Request
Body
required
request_data
required
Object
(Required) A dictionary containing the API request fields.
An empty dictionary returns all results.
filters
optional
Array of objects

Provides an array of filtered fields. Each JSON object can contain the following keywords:

  • field
  • operators
  • value
field
optional
String (Enum)

Identifies the alert field the filter is matching. Filters are based on the following keywords:

  • enabled_status
  • category
  • priority
  • attack_surface_rule_id
  • asm_alert_categories
Allowed values:
attack_surface_rule_id
category
priority
enabled_status
asm_alert_categories
operator
optional
String (Enum)

String that identifies the comparison operator you want to use for this filter.

  • in
Allowed values:
in
eq
value
optional
Value that this filter must match. The contents of this field will differ depending on the alert field that you specified for this filter
search_from
optional
Integer
An integer representing the starting offset within the query result set from which you want attack surface rules returned
search_to
optional
Integer
An integer representing the end offset within the result set after which you do not want attack surface rules returned.
Attack surface rules in the alerts list that are indexed higher than this value are not returned in the final results set.
sort
optional
Object
Identifies the sort order for the result set. By default, the sort is defined as created, DESC.
field
optional
String (Enum)
Allowed values:
enabled_status
priority
category
attack_surface_rule_id
attack_surface_rule_name
created
keyword
optional
String (Enum)
Can either be ASC (ascending order) or DESC (descending order).
Allowed values:
ASC
asc
DESC
desc
Responses

OK

Body
reply
required
Object
total_count
required
Integer
result_count
required
Integer
attack_surface_rules
required
Array of objects
attack_surface_rule_name
required
String
enabled_status
required
String
priority
required
String
description
required
String
attack_surface_rule_id
required
String
category
required
String
knowledge_base_link
optional
String
created
required
Integer
modified
required
Integer
modified_by
optional
String
remediation_guidance
required
String
asm_alert_categories
required
Array of strings

Bad Request. Got an invalid JSON.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Unauthorized access. User does not have the required license type to run this API.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Unprocessable Entity

Body
code
optional
Integer
Error code
status
optional
String
Error name
message
optional
String
Error message
errors
optional
Object
Errors

Internal server error. A unified status for API communication type errors.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.