Get All Attack Surface Rules

Cortex Xpanse REST API

post /public_api/v1/get_attack_surface_rules/

Get all or a subset of attack surface rules.
Required License: Cortex Xpanse Expander

Request headers
authorization
String
required
api-key
Example: {{api_key}}
x-xdr-auth-id
String
required
api-key-id
Example: {{api_key_id}}
Body parameters
required
request_dataObject

(Required) A dictionary containing the API request fields.
An empty dictionary returns all results.

filtersArray

Provides an array of filtered fields. Each JSON object can contain the following keywords: - field - operators - value

[
fieldString (Enum)

Identifies the alert field the filter is matching. Filters are based on the following keywords: - enabled_status - category - priority - attack_surface_rule_id - asm_alert_categories

Allowed values:"attack_surface_rule_id""category""priority""enabled_status""asm_alert_categories"
operatorString (Enum)

String that identifies the comparison operator you want to use for this filter. - in

Allowed values:"in"
valueObject

Value that this filter must match. The contents of this field will differ depending on the alert field that you specified for this filter

]
search_fromInteger

An integer representing the starting offset within the query result set from which you want attack surface rules returned

search_toInteger

An integer representing the end offset within the result set after which you do not want attack surface rules returned.
Attack surface rules in the alerts list that are indexed higher than this value are not returned in the final results set.

sortObject

Identifies the sort order for the result set. By default, the sort is defined as created, DESC.

fieldString (Enum)
Allowed values:"enabled_status""priority""category""attack_surface_rule_id""attack_surface_rule_name""created"
keywordString (Enum)

Can either be ASC (ascending order) or DESC (descending order).

Allowed values:"ASC""asc""DESC""desc"
Free-Form object
Free-Form object
Free-Form object
REQUEST BODY
{ "request_data": { "search_from": 0, "filters": [ { "field": "attack_surface_rule_id", "value": "AttackSurfaceRulesFilter_value", "operator": "in" }, { "field": "attack_surface_rule_id", "value": "AttackSurfaceRulesFilter_value", "operator": "in" } ], "sort": { "field": "created", "keyword": "desc" }, "search_to": 0 } }
CLIENT REQUEST
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'authorization: {{api_key}}' -H 'x-xdr-auth-id: {{api_key_id}}'
'https://api-}/public_api/v1/get_attack_surface_rules/'
-d '{ "request_data" : { "search_from" : 0, "filters" : [ { "field" : "attack_surface_rule_id", "value" : "AttackSurfaceRulesFilter_value", "operator" : "in" }, { "field" : "attack_surface_rule_id", "value" : "AttackSurfaceRulesFilter_value", "operator" : "in" } ], "sort" : { "field" : "created", "keyword" : "desc" }, "search_to" : 0 } }'
import http.client conn = http.client.HTTPSConnection("api-") payload = "{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}" headers = { 'authorization': "{{api_key}}", 'x-xdr-auth-id': "{{api_key_id}}", 'content-type': "application/json" } conn.request("POST", "%7B%7Bfqdn%7D%7D/public_api/v1/get_attack_surface_rules/", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/get_attack_surface_rules/") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["authorization"] = '{{api_key}}' request["x-xdr-auth-id"] = '{{api_key_id}}' request["content-type"] = 'application/json' request.body = "{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "request_data": { "filters": [ { "field": "attack_surface_rule_id", "operator": "in", "value": "string" } ], "search_from": 0, "search_to": 500, "sort": { "field": "enabled_status", "keyword": "ASC" } } }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/get_attack_surface_rules/"); xhr.setRequestHeader("authorization", "{{api_key}}"); xhr.setRequestHeader("x-xdr-auth-id", "{{api_key_id}}"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/get_attack_surface_rules/") .header("authorization", "{{api_key}}") .header("x-xdr-auth-id", "{{api_key_id}}") .header("content-type", "application/json") .body("{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}") .asString();
import Foundation let headers = [ "authorization": "{{api_key}}", "x-xdr-auth-id": "{{api_key_id}}", "content-type": "application/json" ] let parameters = ["request_data": [ "filters": [ [ "field": "attack_surface_rule_id", "operator": "in", "value": "string" ] ], "search_from": 0, "search_to": 500, "sort": [ "field": "enabled_status", "keyword": "ASC" ] ]] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/get_attack_surface_rules/")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/get_attack_surface_rules/", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}", CURLOPT_HTTPHEADER => [ "authorization: {{api_key}}", "content-type: application/json", "x-xdr-auth-id: {{api_key_id}}" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/get_attack_surface_rules/"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "authorization: {{api_key}}"); headers = curl_slist_append(headers, "x-xdr-auth-id: {{api_key_id}}"); headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/get_attack_surface_rules/"); var request = new RestRequest(Method.POST); request.AddHeader("authorization", "{{api_key}}"); request.AddHeader("x-xdr-auth-id", "{{api_key_id}}"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"request_data\":{\"filters\":[{\"field\":\"attack_surface_rule_id\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"enabled_status\",\"keyword\":\"ASC\"}}}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Responses

OK

Body
replyObjectrequired
total_countInteger
result_countInteger
attack_surface_rulesArray
[
attack_surface_rule_nameString
enabled_statusString
priorityString
descriptionString
attack_surface_rule_idString
categoryString
knowledge_base_linkString
createdInteger
modifiedInteger
modified_byString
remediation_guidanceString
asm_alert_categoriesArray[string]
Free-Form object
]
Free-Form object
Free-Form object
RESPONSE
{ "reply": { "total_count": 0, "result_count": 0, "attack_surface_rules": [ { "attack_surface_rule_name": "attack_surface_rule_name_example", "enabled_status": "enabled_status_example", "priority": "priority_example", "description": "description_example", "attack_surface_rule_id": "attack_surface_rule_id_example", "category": "category_example", "knowledge_base_link": "knowledge_base_link_example", "created": 0, "modified": 0, "modified_by": "modified_by_example", "remediation_guidance": "remediation_guidance_example", "asm_alert_categories": [ "asm_alert_categories_example" ] } ] } }

Bad Request. Got an invalid JSON.

Body
replyObject

The query results upon error.

Free-Form object
RESPONSE
{ "reply": {} }

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
replyObject

The query results upon error.

Free-Form object
RESPONSE
{ "reply": {} }

Unauthorized access. User does not have the required license type to run this API.

Body
replyObject

The query results upon error.

Free-Form object
RESPONSE
{ "reply": {} }

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
replyObject

The query results upon error.

Free-Form object
RESPONSE
{ "reply": {} }

Unprocessable Entity

Body
codeInteger

Error code

statusString

Error name

messageString

Error message

errorsObject

Errors

RESPONSE
{ "code": 0, "status": "status_example", "message": "message_example", "errors": {} }

Internal server error. A unified status for API communication type errors.

Body
replyObject

The query results upon error.

Free-Form object
RESPONSE
{ "reply": {} }