Get All Services

Cortex Xpanse REST API

post /public_api/v1/assets/get_external_services

Get a complete or filtered list of all your external services.

The maximum result limit is 500.

Required License: Cortex Xpanse Expander

CURL
curl -X POST \ -H "Accept: application/json" \ -H "Content-Type: application/json" -H "authorization: authorization_example" -H "x-xdr-auth-id: xXdrAuthId_example" \ "https://api-yourfqdn/public_api/v1/assets/get_external_services" \ -d '{ "request_data" : { "search_from" : 0, "next_page_token" : "next_page_token", "filters" : { "field" : "field", "value" : [ "value", "value" ], "operator" : "operator" }, "sort" : { "field" : "field", "keyword" : "keyword" }, "search_to" : 6, "use_page_token" : true } }'
Request headers
authorization
required
String
api-key
Example: authorization_example
x-xdr-auth-id
required
String
api-key-id
Example: xXdrAuthId_example
Request
Body
optional
Example: {"request_data":{"filters":[{"field":"string","operator":"string","value":"string"}],"use_page_token":true}}
request_data
required
filters
optional
Provides an array of filtered fields.
field
optional
String

String that identifies the service field the filter is matching. Filters are based on the following case-sensitive keywords:

  • active_classifications
  • business_units_list
  • discovery_type
  • domain
  • externally_detected_providers
  • externally_inferred_cves
  • inactive_classifications
  • ip_address
  • ipv6_address
  • is_active
  • protocol
  • service_name
  • service_type
  • service_type_list
  • tags
operator
optional
String

String that identifies the comparison operator you want to use for this filter. Valid keywords and values are:

  • contains / not_contains— use with externally_detected_providers, domain, externally_inferred_cves, active_classifications, inactive_classifications, service_name, service_type, protocol
  • eq / neq— use with service_name, service_type, protocol, ip_address
  • in — use with is_active, discovery_type, business_units_list, tags
value
optional
Array of strings

Value that this filter must match. The contents of this field will differ depending on the services field that you specified for this filter:

  • active_classifications — String
  • business_units_list — String or list of strings in the format "BU name" or "BU:BU name", for example “Acme & Co, Inc.” or “BU:Acme & Co, Inc.”
  • discovery_type — String. Values are: colocated_on_ip, directly_discovered, unknown.
  • domain — String
  • externally_detected_providers — String
  • externally_inferred_cves — String
  • inactive_classifications — String
  • ip_address — String
  • ipv6_address— String
  • is_active — String. Values are:yes, no
  • protocol — string
  • service_name — String
  • service_type — String
  • service_type_list — String
  • tags — List of strings indicating the tags to filter on in the format "tag-family:tag-name", for example "AR:registered to you".
search_from
optional
Integer
An integer representing the start offset index of results.
search_to
optional
Integer
An integer representing the start offset index of results. Use this field to specify the number of results on a page when using page token pagination.
sort
optional
Identifies the sort order for the result set.
keyword
optional
String
Can be either ASC (ascending order) or DESC (descending order). Default is ASC. Values are case sensitive.
field
optional
String

Values are:

  • service_name
  • first_observed
  • last_observed By default, case-sensitive, sort is defined as service_name.
use_page_token
optional
Boolean
Use "use_page_token":true in the initial request to paginate the response data. Sort is not supported when using the use_page_token/next_page_token fields.
next_page_token
optional
String
If "use_page_token":true was included in the initial request, the response for that request will include a page token. Use "next_page_token":"string" to pass that page token into the next request to paginate the next set of data.
Responses

OK

Body
reply
optional
total_count
optional
Integer
result_count
optional
Integer
external_services
optional
Array
service_id
optional
String
service_name
optional
String
service_type
optional
String
ip_address
optional
Array of strings
domain
optional
Array of strings
externally_detected_providers
optional
Array of strings
is_active
optional
String
first_observed
optional
Integer
last_observed
optional
Integer
port
optional
Integer
protocol
optional
String
active_classifications
optional
Array of strings
inactive_classifications
optional
Array of strings
discovery_type
optional
String
business_units
optional
Array of strings
externally_inferred_vulnerability_score
optional
String
externally_inferred_cves
optional
Array of objects
tls_versions
optional
Array of objects
inferred_cves_observed
optional
Array of objects
cloud_management_status
optional
String

Bad Request. Got invalid JSON.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Unauthorized access. User does not have the required license type to run this API.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Internal server error. A unified status for API communication type errors.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.