Get All Services

Cortex Xpanse REST API

post /public_api/v1/assets/get_external_services/

The maximum result limit is 500.
Required License: **Cortex Xpanse Expander**

Get a complete or filtered list of all your external services.

CURL
curl -X POST \ -H "Accept: application/json" \ -H "Content-Type: application/json" -H "authorization: {{api_key}}" -H "x-xdr-auth-id: {{api_key_id}}" \ "https://api-}/public_api/v1/assets/get_external_services/" \ -d '{ "request_data" : { "search_from" : 0, "next_page_token" : "next_page_token", "filters" : [ { "field" : "service_name", "value" : "ExternalServicesFilter_value", "operator" : "in" }, { "field" : "service_name", "value" : "ExternalServicesFilter_value", "operator" : "in" } ], "sort" : { "field" : "service_name", "keyword" : "asc" }, "search_to" : 0, "use_page_token" : true } }'
Request headers
authorization
required
String
api-key
Example: {{api_key}}
x-xdr-auth-id
required
String
api-key-id
Example: {{api_key_id}}
Request
Body
required
request_data
required
Object
filters
optional
Array of objects
Provides an array of filtered fields.
field
optional
String (Enum)

String that identifies the service field the filter is matching. Filters are based on the following case-sensitive keywords:

  • active_classifications
  • business_units_list
  • discovery_type
  • domain
  • externally_detected_providers
  • externally_inferred_cves
  • inactive_classifications
  • ip_address
  • ipv6_address
  • is_active
  • protocol
  • service_name
  • service_type
  • service_type_list
  • tags
Allowed values:
service_name
protocol
service_type
ip_address
domain
externally_detected_providers
externally_inferred_cves
discovery_type
active_classifications
inactive_classifications
is_active
confirmed_vulnerable_cve_ids
confirmed_not_vulnerable_cve_ids
vulnerability_test_status
tags
service_type_list
business_units_list
ipv6_address
operator
optional
String (Enum)

String that identifies the comparison operator you want to use for this filter. Valid keywords and values are:

  • contains / not_contains— use with externally_detected_providers, domain, externally_inferred_cves, active_classifications, inactive_classifications, service_name, service_type, protocol
  • eq / neq— use with service_name, service_type, protocol, ip_address
  • in — use with is_active, discovery_type, business_units_list, tags
Allowed values:
in
contains
neq
eq
not_contains
value
optional

Value that this filter must match. The contents of this field will differ depending on the services field that you specified for this filter:

  • active_classifications — String
  • business_units_list — String or list of strings in the format "BU name" or "BU:BU name", for example “Acme & Co, Inc.” or “BU:Acme & Co, Inc.”
  • discovery_type — String. Values are: colocated_on_ip, directly_discovered, unknown.
  • domain — String
  • externally_detected_providers — String
  • externally_inferred_cves — String
  • inactive_classifications — String
  • ip_address — String
  • ipv6_address— String
  • is_active — String. Values are:yes, no
  • protocol — string
  • service_name — String
  • service_type — String
  • service_type_list — String
  • tags — List of strings indicating the tags to filter on in the format "tag-family:tag-name", for example "AR:registered to you".
search_from
optional
Integer
An integer representing the start offset index of results.
search_to
optional
Integer
An integer representing the start offset index of results. Use this field to specify the number of results on a page when using page token pagination.
sort
optional
Object
Identifies the sort order for the result set.
field
optional
String (Enum)

Values are:

  • service_name
  • first_observed
  • last_observed By default, case-sensitive, sort is defined as service_name.
Allowed values:
first_observed
service_name
last_observed
keyword
optional
String (Enum)
Can be either ASC (ascending order) or DESC (descending order). Default is ASC. Values are case sensitive.
Allowed values:
ASC
asc
DESC
desc
use_page_token
optional
Boolean
Use "use_page_token":true in the initial request to paginate the response data. Sort is not supported when using the use_page_token/next_page_token fields.
next_page_token
optional
String
If "use_page_token":true was included in the initial request, the response for that request will include a page token.
Use "next_page_token":"string" to pass that page token into the next request to paginate the next set of data.
Responses

OK

Body
reply
optional
Object
total_count
optional
Integer
result_count
optional
Integer
external_services
optional
Array of objects
service_id
optional
String
service_name
optional
String
service_type
optional
String
ip_address
optional
Array of strings
domain
optional
Array of strings
externally_detected_providers
optional
Array of strings
is_active
optional
String
first_observed
optional
Integer
last_observed
optional
Integer
port
optional
Integer
protocol
optional
String
active_classifications
optional
Array of strings
inactive_classifications
optional
Array of strings
discovery_type
optional
String
externally_inferred_vulnerability_score
optional
String
externally_inferred_cves
optional
Array of strings
tls_versions
optional
Array of objects
tlsVersion
optional
String
cipherSuite
optional
String
firstObserved
optional
Integer
lastObserved
optional
Integer
activityStatus
optional
String
inferred_cves_observed
optional
Array of objects
inferredCve
optional
Array of objects
cveId
required
String
cvssScoreV2
optional
String
cveSeverityV2
optional
String
cvssScoreV3
optional
Number
cveSeverityV3
required
String
inferredCveMatchMetadata
optional
Array of objects
inferredCveMatchType
required
String
product
required
String
confidence
required
String
vendor
required
String
version
required
String
epssScore
optional
String
cvssTemporalScoreV3
optional
String
cvssTemporalScoreV2
optional
String
publishedExploitsCount
optional
String
reportedExploitedInTheWild
optional
String
firstExploitPublished
optional
String
firstReportedThreatActor
optional
String
firstReportedRansomware
optional
String
firstReportedBotnet
optional
String
lastExploitPublished
optional
String
lastReportedThreatActor
optional
String
lastReportedRansomware
optional
String
lastReportedBotnet
optional
String
cisaKevDateAdded
optional
String
activityStatus
optional
String
lastObserved
optional
Integer
firstObserved
optional
Integer
cloud_management_status
optional
String
tags
optional
Array of strings
vulnerability_test_status
optional
String
confirmed_vulnerable_cve_ids
optional
Array of strings
confirmed_not_vulnerable_cve_ids
optional
Array of strings
ipv6_address
optional
Array of strings
asm_asset_ids
optional
Array of strings
geolocations
optional
Array of objects
latitude
optional
Number
longitude
optional
Number
countryCode
optional
String
city
optional
String
regionCode
optional
String
timeZone
optional
String
business_units
optional
Array
next_page_token
optional
String
This attribute is only returned if use_page_token is provided in the request with value true

Bad Request. Got an invalid JSON.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Unauthorized access. User does not have the required license type to run this API.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Unprocessable Entity

Body
code
optional
Integer
Error code
status
optional
String
Error name
message
optional
String
Error message
errors
optional
Object
Errors

Internal server error. A unified status for API communication type errors.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.