post
/public_api/v1/get_attack_surface_rules
Required License: **Cortex Xpanse Expander**
Get all or a subset of attack surface rules.
CURL
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" -H "x-xdr-auth-id: xXdrAuthId_example" -H "authorization: authorization_example" \
"https://api-yourfqdn/public_api/v1/get_attack_surface_rules" \
-d '{
"request_data" : {
"search_from" : 0,
"filters" : [ {
"field" : "field",
"value" : [ "value", "value" ],
"operator" : "in"
}, {
"field" : "field",
"value" : [ "value", "value" ],
"operator" : "in"
} ],
"sort" : {
"field" : "field",
"keyword" : "keyword"
},
"search_to" : 6
}
}'
Request headers
x-xdr-auth-id
required
String
api_key_id
Example:
xXdrAuthId_example
authorization
required
String
api_key
Example:
authorization_example
Request
Body
optional
Example:
{"request_data":{"filters":[{"field":"string","operator":"string","value":["string"]}],"sort":{"field":"string","keyword":"string"},"search_from":0,"search_to":0}}
request_data
optional
(Required) A dictionary containing the API request fields.
An empty dictionary returns all results.
filters
optional
Array
Provides an array of filtered fields. Each JSON object can contain the following keywords:
- field
- operators
- value
field
optional
String
Identifies the alert field the filter is matching. Filters are based on the following keywords:
- enabled_status
- category
- priority
- attack_surface_rule_id
- asm_alert_categories
operator
optional
String
(Enum)
String that identifies the comparison operator you want to use for this filter.
- in
Allowed values:
in
value
optional
Array
of strings
Value that this filter must match. The contents of this field will differ depending on the alert field that you specified for this filter
sort
optional
Identifies the sort order for the result set. By default, the sort is defined as created, DESC.
field
optional
String
One of the following values:
- attack_surface_rule_name
- category
- attack_surface_rule_id
- created
- modified
- modified_by
- priority
- enabled_status
keyword
optional
String
Can either be ASC (ascending order) or DESC (descending order).
search_from
optional
Integer
An integer representing the starting offset within the query result set from which you want attack surface rules returned
search_to
optional
Integer
An integer representing the end offset within the result set after which you do not want attack surface rules returned.
Attack surface rules in the alerts list that are indexed higher than this value are not returned in the final results set. Defaults to 100, which returns all alerts to the end of the list.
Responses