Get a complete or filtered list of all your external services.
The maximum result limit is 500.
Required License: Cortex Xpanse Expander
authorization
String
required
{{api_key}}
x-xdr-auth-id
String
required
{{api_key_id}}
request_dataObject
filtersArray
fieldString (Enum)
String that identifies the service field the filter is matching. Filters are based on the following case-sensitive keywords: - active_classifications - business_units_list - discovery_type - domain - externally_detected_providers - externally_inferred_cves - first_observed - inactive_classifications - ip_address - ipv6_address - is_active - last_observed - protocol - service_name - service_type - service_type_list - tags
operatorString (Enum)
String that identifies the comparison operator you want to use for this filter. Valid keywords and values are:
- contains / not_contains— use with externally_detected_providers, domain, externally_inferred_cves, active_classifications, inactive_classifications, service_name, service_type, protocol
- eq / neq— use with service_name, service_type, protocol, ip_address
- gte— Filters data from a specific timestamp onwards. Use with first_observed, last_observed
- in— use with is_active, discovery_type, business_units_list, tags, ip_address
- lte— Filters data up to a specific timestamp. Use with first_observed, last_observed
- range— Filters data between two specific timestamps. Use with first_observed, last_observed
- relative_timestamp— Filters data relative to the current time (e.g., last 30 days). Use with first_observed, last_observed
valueObject
Value that this filter must match. The contents of this field will differ depending on the services field that you specified for this filter:
- active_classifications — String
- business_units_list — String or list of strings in the format "BU name" or "BU:BU name", for example “Acme & Co, Inc.” or “BU:Acme & Co, Inc.”
- discovery_type — String. Values are: colocated_on_ip, directly_discovered, unknown.
- domain — String
- externally_detected_providers — String
- externally_inferred_cves — String
- first_observed — values in milliseconds format
- with gte or lte operator, specify a specific date or time as a timestamp in milliseconds format
- with range operator, specify "to" and "from" values as timestamps in milliseconds format
"value": { "from": "{{previous30Days}}","to": "{{previous7Days}}"
- with relative_timestamp operator, specify time interval to look back on (24H, 7D, 30D, etc.) as a value in milliseconds format
- inactive_classifications — String
- ip_address — List of strings
- ipv6_address — String
- is_active — String. Values are:yes, no
- last_observed — values in milliseconds format
- with gte or lte operator, specify a specific date or time as a timestamp in milliseconds format
- with range operator, specify "to" and "from" values as timestamps in milliseconds format, as follows
"value": { "from": "{{previous30Days}}","to": "{{previous7Days}}"
- with relative_timestamp operator, specify time interval to look back on (24H, 7D, 30D, etc.) as a value in milliseconds format
- protocol — String
- service_name — String
- service_type — String
- service_type_list — String
- tags — List of strings indicating the tags to filter on in the format "tag-family:tag-name", for example "AR:registered to you".
search_fromInteger
An integer representing the start offset index of results.
search_toInteger
An integer representing the start offset index of results. Use this field to specify the number of results on a page when using page token pagination.
sortObject
Identifies the sort order for the result set.
fieldString (Enum)
Values are: - service_name - first_observed - last_observed By default, case-sensitive, sort is defined as service_name.
keywordString (Enum)
Can be either ASC (ascending order) or DESC (descending order). Default is ASC. Values are case sensitive.
use_page_tokenBoolean
Use "use_page_token":true in the initial request to paginate the response data.
next_page_tokenString
If "use_page_token":true was included in the initial request, the response for that request will include a page token.
Use "next_page_token":"string" to pass that page token into the next request to paginate the next set of data.
vulnerability_test_resultsObject (Enum)
Includes vulnerability test results from the last 14 days for each service in the response.
{
"request_data": {
"search_from": 0,
"next_page_token": "next_page_token",
"vulnerability_test_results": true,
"filters": [
{
"field": "service_name",
"value": "ExternalServicesFilter_value",
"operator": "in"
},
{
"field": "service_name",
"value": "ExternalServicesFilter_value",
"operator": "in"
}
],
"sort": {
"field": "service_name",
"keyword": "asc"
},
"search_to": 0,
"use_page_token": true
}
}
{
"request_data": {
"filters": [
{
"field": "service_name",
"operator": "in",
"value": "string"
}
],
"search_from": 0,
"search_to": 500,
"sort": {
"field": "service_name",
"keyword": "asc"
},
"use_page_token": true,
"next_page_token": "string"
}
}
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
-H
'authorization: {{api_key}}'
-H
'x-xdr-auth-id: {{api_key_id}}'
'https://api-}/public_api/v1/assets/get_external_services/'
-d
'{
"request_data" : {
"search_from" : 0,
"next_page_token" : "next_page_token",
"vulnerability_test_results" : true,
"filters" : [ {
"field" : "service_name",
"value" : "ExternalServicesFilter_value",
"operator" : "in"
}, {
"field" : "service_name",
"value" : "ExternalServicesFilter_value",
"operator" : "in"
} ],
"sort" : {
"field" : "service_name",
"keyword" : "asc"
},
"search_to" : 0,
"use_page_token" : true
}
}'
import http.client
conn = http.client.HTTPSConnection("api-")
payload = "{\"request_data\":{\"filters\":[{\"field\":\"service_name\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\",\"vulnerability_test_results\":true}}"
headers = {
'authorization': "{{api_key}}",
'x-xdr-auth-id': "{{api_key_id}}",
'content-type': "application/json"
}
conn.request("POST", "%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_services/", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_services/")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["authorization"] = '{{api_key}}'
request["x-xdr-auth-id"] = '{{api_key_id}}'
request["content-type"] = 'application/json'
request.body = "{\"request_data\":{\"filters\":[{\"field\":\"service_name\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\",\"vulnerability_test_results\":true}}"
response = http.request(request)
puts response.read_bodyconst data = JSON.stringify({
"request_data": {
"filters": [
{
"field": "service_name",
"operator": "in",
"value": "string"
}
],
"search_from": 0,
"search_to": 500,
"sort": {
"field": "first_observed",
"keyword": "ASC"
},
"use_page_token": true,
"next_page_token": "string",
"vulnerability_test_results": true
}
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_services/");
xhr.setRequestHeader("authorization", "{{api_key}}");
xhr.setRequestHeader("x-xdr-auth-id", "{{api_key_id}}");
xhr.setRequestHeader("content-type", "application/json");
xhr.send(data);HttpResponse<String> response = Unirest.post("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_services/")
.header("authorization", "{{api_key}}")
.header("x-xdr-auth-id", "{{api_key_id}}")
.header("content-type", "application/json")
.body("{\"request_data\":{\"filters\":[{\"field\":\"service_name\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\",\"vulnerability_test_results\":true}}")
.asString();import Foundation
let headers = [
"authorization": "{{api_key}}",
"x-xdr-auth-id": "{{api_key_id}}",
"content-type": "application/json"
]
let parameters = ["request_data": [
"filters": [
[
"field": "service_name",
"operator": "in",
"value": "string"
]
],
"search_from": 0,
"search_to": 500,
"sort": [
"field": "first_observed",
"keyword": "ASC"
],
"use_page_token": true,
"next_page_token": "string",
"vulnerability_test_results": true
]] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_services/")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_services/",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\"request_data\":{\"filters\":[{\"field\":\"service_name\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\",\"vulnerability_test_results\":true}}",
CURLOPT_HTTPHEADER => [
"authorization: {{api_key}}",
"content-type: application/json",
"x-xdr-auth-id: {{api_key_id}}"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_services/");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "authorization: {{api_key}}");
headers = curl_slist_append(headers, "x-xdr-auth-id: {{api_key_id}}");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"filters\":[{\"field\":\"service_name\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\",\"vulnerability_test_results\":true}}");
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_services/");
var request = new RestRequest(Method.POST);
request.AddHeader("authorization", "{{api_key}}");
request.AddHeader("x-xdr-auth-id", "{{api_key_id}}");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"request_data\":{\"filters\":[{\"field\":\"service_name\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\",\"vulnerability_test_results\":true}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);OK
replyObject
total_countInteger
result_countInteger
external_servicesArray
service_idString
service_nameString
service_typeString
ip_addressArray[string]
domainArray[string]
externally_detected_providersArray[string]
is_activeString
first_observedInteger
last_observedInteger
portInteger
protocolString
active_classificationsArray[string]
inactive_classificationsArray[string]
discovery_typeString
externally_inferred_vulnerability_scoreString
externally_inferred_cvesArray[string]
tls_versionsArray
tlsVersionString
cipherSuiteString
firstObservedInteger
lastObservedInteger
activityStatusString
inferred_cves_observedArray
inferredCveArray
cveIdString
cvssScoreV2String
cveSeverityV2String
cvssScoreV3Number
cveSeverityV3String
inferredCveMatchMetadataArray
inferredCveMatchTypeString
productString
confidenceString
vendorString
versionString
epssScoreString
cvssTemporalScoreV3String
cvssTemporalScoreV2String
publishedExploitsCountString
reportedExploitedInTheWildString
firstExploitPublishedString
firstReportedThreatActorString
firstReportedRansomwareString
firstReportedBotnetString
lastExploitPublishedString
lastReportedThreatActorString
lastReportedRansomwareString
lastReportedBotnetString
cisaKevDateAddedString
activityStatusString
lastObservedInteger
firstObservedInteger
cloud_management_statusString
tagsArray[string]
vulnerability_test_statusString
confirmed_vulnerable_cve_idsArray[string]
confirmed_not_vulnerable_cve_idsArray[string]
ipv6_addressArray[string]
asm_asset_idsArray[string]
geolocationsArray
latitudeNumber
longitudeNumber
countryCodeString
cityString
regionCodeString
timeZoneString
business_unitsArray
creation_timeInteger
familyString
family_aliasString
idString
is_activeInteger
nameString
parent_idString
update_timeInteger
next_page_tokenString
This attribute is only returned if use_page_token is provided in the request with value true
{
"reply": {
"total_count": 1,
"result_count": 1,
"external_services": [
{
"service_id": "2b6da586-46ca-3804-bbba-e5b02d8e53bb",
"service_name": "Kerberos at x.x.x.x:88",
"service_type": "Kerberos",
"ip_address": [
"x.x.x.x"
],
"domain": [],
"externally_detected_providers": [
"On Prem"
],
"is_active": "Active",
"first_observed": 1710233760000,
"last_observed": 1711956600000,
"port": 88,
"protocol": "TCP",
"active_classifications": [
"Kerberos"
],
"inactive_classifications": [],
"discovery_type": "DirectlyDiscovered",
"externally_inferred_vulnerability_score": null,
"externally_inferred_cves": [],
"tls_versions": [],
"inferred_cves_observed": [],
"cloud_management_status": "Not Applicable",
"tags": [
"AR:Registered to You",
"BU:Mustang UAT 8507355851529627158"
],
"vulnerability_test_status": true,
"confirmed_vulnerable_cve_ids": [
"CVE-2019-3396",
"CVE-2022-26134",
"CVE-2021-26084"
],
"confirmed_not_vulnerable_cve_ids": [
"CVE-2021-26085"
],
"vulnerability_test_results": [],
"ipv6_address": [],
"asm_asset_ids": [
"0b3ea202-f3fc-3176-8b5d-791afe2c0bd0"
],
"geolocations": [
{
"latitude": 55.75,
"longitude": 37.58,
"countryCode": "RU",
"city": "MOSCOW",
"regionCode": null,
"timeZone": null
}
],
"business_units": [
[
{
"creation_time": 1712001753495,
"family": "business_units",
"family_alias": "BU",
"id": "BU:e9b79919-f6df-4723-af55-f080d5bf9e41",
"is_active": 1,
"name": "Mustang UAT 8507355851529627158",
"parent_id": null,
"update_time": 1712001753495
}
]
]
}
]
}
}Bad Request. Got an invalid JSON.
replyObject
The query results upon error.
{
"reply": {}
}Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
replyObject
The query results upon error.
{
"reply": {}
}Unauthorized access. User does not have the required license type to run this API.
replyObject
The query results upon error.
{
"reply": {}
}Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.
replyObject
The query results upon error.
{
"reply": {}
}Unprocessable Entity
codeInteger
Error code
statusString
Error name
messageString
Error message
errorsObject
Errors
{
"code": 0,
"status": "status_example",
"message": "message_example",
"errors": {}
}Internal server error. A unified status for API communication type errors.
replyObject
The query results upon error.
{
"reply": {}
}