post
/public_api/v1/assets/get_external_services
Get a complete or filtered list of all your external services.
The maximum result limit is 500.
Required License: Cortex Xpanse Expander
CURL
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" -H "authorization: authorization_example" -H "x-xdr-auth-id: xXdrAuthId_example" \
"https://api-yourfqdn/public_api/v1/assets/get_external_services" \
-d '{
"request_data" : {
"search_from" : 0,
"next_page_token" : "next_page_token",
"filters" : {
"field" : "field",
"value" : [ "value", "value" ],
"operator" : "operator"
},
"sort" : {
"field" : "field",
"keyword" : "keyword"
},
"search_to" : 6,
"use_page_token" : true
}
}'
Request headers
authorization
required
String
api-key
Example:
authorization_example
x-xdr-auth-id
required
String
api-key-id
Example:
xXdrAuthId_example
Request
Body
optional
Example:
{"request_data":{"filters":[{"field":"string","operator":"string","value":"string"}],"use_page_token":true}}
request_data
required
filters
optional
Provides an array of filtered fields.
field
optional
String
String that identifies the service field the filter is matching. Filters are based on the following case-sensitive keywords:
- active_classifications
- business_units_list
- discovery_type
- domain
- externally_detected_providers
- externally_inferred_cves
- inactive_classifications
- ip_address
- ipv6_address
- is_active
- protocol
- service_name
- service_type
- service_type_list
- tags
operator
optional
String
String that identifies the comparison operator you want to use for this filter. Valid keywords and values are:
- contains / not_contains— use with
externally_detected_providers
,domain
,externally_inferred_cves
,active_classifications
,inactive_classifications
, service_name,service_type
,protocol
- eq / neq— use with
service_name
,service_type
,protocol
,ip_address
- in — use with
is_active
,discovery_type
,business_units_list
,tags
value
optional
Array
of strings
Value that this filter must match. The contents of this field will differ depending on the services field that you specified for this filter:
- active_classifications — String
- business_units_list — String or list of strings in the format "BU name" or "BU:BU name", for example “Acme & Co, Inc.” or “BU:Acme & Co, Inc.”
- discovery_type — String. Values are:
colocated_on_ip
,directly_discovered
,unknown
. - domain — String
- externally_detected_providers — String
- externally_inferred_cves — String
- inactive_classifications — String
- ip_address — String
- ipv6_address— String
- is_active — String. Values are:
yes
,no
- protocol — string
- service_name — String
- service_type — String
- service_type_list — String
- tags — List of strings indicating the tags to filter on in the format
"tag-family:tag-name"
, for example"AR:registered to you"
.
search_from
optional
Integer
An integer representing the start offset index of results.
search_to
optional
Integer
An integer representing the start offset index of results. Use this field to specify the number of results on a page when using page token pagination.
sort
optional
Identifies the sort order for the result set.
keyword
optional
String
Can be either ASC (ascending order) or DESC (descending order). Default is ASC. Values are case sensitive.
field
optional
String
Values are:
- service_name
- first_observed
- last_observed By default, case-sensitive, sort is defined as service_name.
use_page_token
optional
Boolean
Use
"use_page_token":true
in the initial request to paginate the response data.
Sort is not supported when using the use_page_token
/next_page_token
fields.
next_page_token
optional
String
If
"use_page_token":true
was included in the initial request, the response for that request will include a page token.
Use "next_page_token":"string"
to pass that page token into the next request to paginate the next set of data.
Responses