post
/public_api/v1/assets/get_external_services/
The maximum result limit is 500.
Required License: **Cortex Xpanse Expander**
Get a complete or filtered list of all your external services.
CURL
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" -H "authorization: {{api_key}}" -H "x-xdr-auth-id: {{api_key_id}}" \
"https://api-}/public_api/v1/assets/get_external_services/" \
-d '{
"request_data" : {
"search_from" : 0,
"next_page_token" : "next_page_token",
"vulnerability_test_results" : true,
"filters" : [ {
"field" : "service_name",
"value" : "ExternalServicesFilter_value",
"operator" : "in"
}, {
"field" : "service_name",
"value" : "ExternalServicesFilter_value",
"operator" : "in"
} ],
"sort" : {
"field" : "service_name",
"keyword" : "asc"
},
"search_to" : 0,
"use_page_token" : true
}
}'
Request headers
authorization
required
String
api-key
Example:
{{api_key}}
x-xdr-auth-id
required
String
api-key-id
Example:
{{api_key_id}}
Request
Body
required
Example:
{"request_data":{"filters":[{"field":"service_name","operator":"in","value":"string"}],"search_from":0,"search_to":500,"sort":{"field":"service_name","keyword":"asc"},"use_page_token":true,"next_page_token":"string"}}
request_data
required
filters
optional
Array
Provides an array of filtered fields.
field
optional
String
(Enum)
String that identifies the service field the filter is matching. Filters are based on the following case-sensitive keywords:
- active_classifications
- business_units_list
- discovery_type
- domain
- externally_detected_providers
- externally_inferred_cves
- first_observed
- inactive_classifications
- ip_address
- ipv6_address
- is_active
- last_observed
- protocol
- service_name
- service_type
- service_type_list
- tags
Allowed values:
service_name
protocol
service_type
ip_address
domain
externally_detected_providers
externally_inferred_cves
discovery_type
active_classifications
inactive_classifications
is_active
confirmed_vulnerable_cve_ids
confirmed_not_vulnerable_cve_ids
vulnerability_test_status
tags
service_type_list
business_units_list
ipv6_address
last_observed
first_observed
operator
optional
String
(Enum)
String that identifies the comparison operator you want to use for this filter. Valid keywords and values are:
- contains / not_contains— use with
externally_detected_providers
,domain
,externally_inferred_cves
,active_classifications
,inactive_classifications
, service_name,service_type
,protocol
- eq / neq— use with
service_name
,service_type
,protocol
,ip_address
- gte— Filters data from a specific timestamp onwards. Use with
first_observed
,last_observed
- in— use with
is_active
,discovery_type
,business_units_list
,tags
- lte— Filters data up to a specific timestamp. Use with
first_observed
,last_observed
- range— Filters data between two specific timestamps. Use with
first_observed
,last_observed
- relative_timestamp— Filters data relative to the current time (e.g., last 30 days). Use with
first_observed
,last_observed
Allowed values:
in
contains
neq
eq
not_contains
gte
lte
range
relative_timestamp
value
optional
Value that this filter must match. The contents of this field will differ depending on the services field that you specified for this filter:
- active_classifications — String
- business_units_list — String or list of strings in the format "BU name" or "BU:BU name", for example “Acme & Co, Inc.” or “BU:Acme & Co, Inc.”
- discovery_type — String. Values are:
colocated_on_ip
,directly_discovered
,unknown
. - domain — String
- externally_detected_providers — String
- externally_inferred_cves — String
- first_observed — values in milliseconds format
- with gte or lte operator, specify a specific date or time as a timestamp in milliseconds format
- with range operator, specify "to" and "from" values as timestamps in milliseconds format "value": { "from": "{{previous30Days}}","to": "{{previous7Days}}"
- with relative_timestamp operator, specify time interval to look back on (24H, 7D, 30D, etc.) as a value in milliseconds format
- inactive_classifications — String
- ip_address — String
- ipv6_address — String
- is_active — String. Values are:
yes
,no
- last_observed — values in milliseconds format
- with gte or lte operator, specify a specific date or time as a timestamp in milliseconds format
- with range operator, specify "to" and "from" values as timestamps in milliseconds format, as follows "value": { "from": "{{previous30Days}}","to": "{{previous7Days}}"
- with relative_timestamp operator, specify time interval to look back on (24H, 7D, 30D, etc.) as a value in milliseconds format
- protocol — String
- service_name — String
- service_type — String
- service_type_list — String
- tags — List of strings indicating the tags to filter on in the format
"tag-family:tag-name"
, for example"AR:registered to you"
.
search_from
optional
Integer
An integer representing the start offset index of results.
search_to
optional
Integer
An integer representing the start offset index of results. Use this field to specify the number of results on a page when using page token pagination.
sort
optional
Object
Identifies the sort order for the result set.
field
optional
String
(Enum)
Values are:
- service_name
- first_observed
- last_observed By default, case-sensitive, sort is defined as service_name.
Allowed values:
first_observed
service_name
last_observed
keyword
optional
String
(Enum)
Can be either ASC (ascending order) or DESC (descending order). Default is ASC. Values are case sensitive.
Allowed values:
ASC
asc
DESC
desc
use_page_token
optional
Boolean
Use
"use_page_token":true
in the initial request to paginate the response data.
next_page_token
optional
String
If
Use
"use_page_token":true
was included in the initial request, the response for that request will include a page token.Use
"next_page_token":"string"
to pass that page token into the next request to paginate the next set of data.
vulnerability_test_results
optional
Boolean
(Enum)
Includes vulnerability test results from the last 14 days for each service in the response.
Allowed values:
true
Responses