Get All Websites

Cortex Xpanse REST API

post /public_api/v1/assets/get_external_websites/

Get a complete or filtered list of your public-facing websites.
Required License: Cortex Xpanse Expander

Request headers
authorization
String
required
api-key
Example: {{api_key}}
x-xdr-auth-id
String
required
api-key-id
Example: {{api_key_id}}
Body parameters
required
request_dataObject

A dictionary containing the API request fields. An empty dictionary returns all results.

filtersArray

Array of filter fields. Each JSON object must contain a field, operator, and value.

[
fieldString (Enum)

String that identifies the external service field the filter is matching. Filters are based on the following case-sensitive keywords:

Allowed values:"ips""technology_ids""http_type""is_active""provider_names""tags""active_service_ids""third_party_script_domains""host""authentication""site_categories""business_units_list"
operatorString (Enum)

String that identifies the comparison operator you want to use for this filter. Valid operator keywords and corresponding filter fields are: - contains/not_contains- used with active_service_ids, authentication, host, provider_names, site_categories, technology_ids, third_party_script_domains - eq/ne - used with ips, host - in - used with is_active, http_type, tags, ips

Allowed values:"in""contains""eq""neq""not_contains"
valueObject

Value that the filter must match. The contents of this field will differ depending on the website field that you specified for this filter: - host - string - is_active - values are yes or no - technology_ids - list of strings - provider_names - string - site_categories - string - active_service_ids - list of strings - ips - list of strings - tags - list of strings - http_type - values are http_only, http_redirects_to_https, https_only - third_party_script_domains - list of strings - authentication - string - business_units_list - list of business unit names

]
search_fromInteger

An integer representing the start offset index of results
Default value - 0

search_toInteger

An integer representing the start offset index of results. Use this field to specify the number of results on a page when using page token pagination.
Default value - 500

sortObject

Identifies the sort order for the result set. Values are case sensitive. The default sort is defined as is_active and ASC.

fieldString (Enum)

Valid values are: - host - first_observed - last_observed

Allowed values:"first_observed""host""last_observed"
keywordString (Enum)

Valid values are: - ASC - ascending order - DESC - descending order ASC is the default.

Allowed values:"ASC""asc""DESC""desc"
Free-Form object
use_page_tokenBoolean

Use "use_page_token":true in the initial request to paginate the response data.

next_page_tokenString

If "use_page_token":true was included in the initial request, the response for that request will include a page token.
Use "next_page_token":"string" to pass that page token into the next request to paginate the next set of data.

Free-Form object
REQUEST BODY
{ "request_data": { "search_from": 0, "next_page_token": "next_page_token", "filters": [ { "field": "ips", "value": "ExternalWebsitesFilter_value", "operator": "in" }, { "field": "ips", "value": "ExternalWebsitesFilter_value", "operator": "in" } ], "sort": { "field": "host", "keyword": "asc" }, "search_to": 0, "use_page_token": true } }
{ "request_data": { "filters": [ { "field": "ips", "operator": "in", "value": "string" } ], "search_from": 0, "search_to": 500, "sort": { "field": "host", "keyword": "asc" }, "use_page_token": true, "next_page_token": "string" } }
CLIENT REQUEST
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'authorization: {{api_key}}' -H 'x-xdr-auth-id: {{api_key_id}}'
'https://api-}/public_api/v1/assets/get_external_websites/'
-d '{ "request_data" : { "search_from" : 0, "next_page_token" : "next_page_token", "filters" : [ { "field" : "ips", "value" : "ExternalWebsitesFilter_value", "operator" : "in" }, { "field" : "ips", "value" : "ExternalWebsitesFilter_value", "operator" : "in" } ], "sort" : { "field" : "host", "keyword" : "asc" }, "search_to" : 0, "use_page_token" : true } }'
import http.client conn = http.client.HTTPSConnection("api-") payload = "{\"request_data\":{\"filters\":[{\"field\":\"ips\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\"}}" headers = { 'authorization': "{{api_key}}", 'x-xdr-auth-id': "{{api_key_id}}", 'content-type': "application/json" } conn.request("POST", "%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_websites/", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_websites/") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["authorization"] = '{{api_key}}' request["x-xdr-auth-id"] = '{{api_key_id}}' request["content-type"] = 'application/json' request.body = "{\"request_data\":{\"filters\":[{\"field\":\"ips\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\"}}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "request_data": { "filters": [ { "field": "ips", "operator": "in", "value": "string" } ], "search_from": 0, "search_to": 500, "sort": { "field": "first_observed", "keyword": "ASC" }, "use_page_token": true, "next_page_token": "string" } }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_websites/"); xhr.setRequestHeader("authorization", "{{api_key}}"); xhr.setRequestHeader("x-xdr-auth-id", "{{api_key_id}}"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_websites/") .header("authorization", "{{api_key}}") .header("x-xdr-auth-id", "{{api_key_id}}") .header("content-type", "application/json") .body("{\"request_data\":{\"filters\":[{\"field\":\"ips\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\"}}") .asString();
import Foundation let headers = [ "authorization": "{{api_key}}", "x-xdr-auth-id": "{{api_key_id}}", "content-type": "application/json" ] let parameters = ["request_data": [ "filters": [ [ "field": "ips", "operator": "in", "value": "string" ] ], "search_from": 0, "search_to": 500, "sort": [ "field": "first_observed", "keyword": "ASC" ], "use_page_token": true, "next_page_token": "string" ]] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_websites/")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_websites/", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"request_data\":{\"filters\":[{\"field\":\"ips\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\"}}", CURLOPT_HTTPHEADER => [ "authorization: {{api_key}}", "content-type: application/json", "x-xdr-auth-id: {{api_key_id}}" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_websites/"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "authorization: {{api_key}}"); headers = curl_slist_append(headers, "x-xdr-auth-id: {{api_key_id}}"); headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"filters\":[{\"field\":\"ips\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\"}}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_websites/"); var request = new RestRequest(Method.POST); request.AddHeader("authorization", "{{api_key}}"); request.AddHeader("x-xdr-auth-id", "{{api_key_id}}"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"request_data\":{\"filters\":[{\"field\":\"ips\",\"operator\":\"in\",\"value\":\"string\"}],\"search_from\":0,\"search_to\":500,\"sort\":{\"field\":\"first_observed\",\"keyword\":\"ASC\"},\"use_page_token\":true,\"next_page_token\":\"string\"}}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Responses

OK

Body
replyObject
total_countInteger
result_countInteger
websitesArray
[
website_idString
hostString
protocolString
is_activeString
site_categoriesArray[string]
technology_idsArray[string]
first_observedInteger
last_observedInteger
provider_namesArray[string]
ipsArray[string]
portInteger
active_service_idsArray[string]
http_typeString
third_party_script_domainsArray[string]
security_assessmentsArray
[
nameString
priorityInteger
scoreInteger
securityAssessmentDetailsObject
pagesArray
[
urlString
messageString
elementsArray
[
nameString
valueString
Free-Form object
]
Free-Form object
]
descriptionString
Free-Form object
Free-Form object
]
authenticationArray[string]
rootPageHttpStatusCodeString
isNonConfiguredHostBoolean
externally_inferred_vulnerability_scoreNumber
externally_inferred_cvesArray[string]
tagsArray[string]
Free-Form object
]
next_page_tokenString

This attribute is only returned if use_page_token is provided in the request with value true

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "total_count": 0, "result_count": 0, "websites": [ { "website_id": "website_id_example", "host": "host_example", "protocol": "protocol_example", "is_active": "is_active_example", "site_categories": [ "site_categories_example" ], "technology_ids": [ "technology_ids_example" ], "first_observed": 0, "last_observed": 0, "provider_names": [ "provider_names_example" ], "ips": [ "ips_example" ], "port": 0, "active_service_ids": [ "active_service_ids_example" ], "http_type": "http_type_example", "third_party_script_domains": [ "third_party_script_domains_example" ], "security_assessments": [ { "name": "name_example", "priority": 0, "score": 0, "securityAssessmentDetails": { "pages": [ { "url": "url_example", "message": "message_example", "elements": [ { "name": "name_example", "value": "value_example" } ] } ], "description": "description_example" } } ], "authentication": [ "authentication_example" ], "rootPageHttpStatusCode": "rootPageHttpStatusCode_example", "isNonConfiguredHost": false, "externally_inferred_vulnerability_score": 0.0, "externally_inferred_cves": [ "externally_inferred_cves_example" ], "tags": [ "tags_example" ] } ], "next_page_token": "next_page_token_example" } }

Bad Request. Got an invalid JSON.

Body
replyObject

The query results upon error.

Free-Form object
RESPONSE
{ "reply": {} }

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
replyObject

The query results upon error.

Free-Form object
RESPONSE
{ "reply": {} }

Unauthorized access. User does not have the required license type to run this API.

Body
replyObject

The query results upon error.

Free-Form object
RESPONSE
{ "reply": {} }

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
replyObject

The query results upon error.

Free-Form object
RESPONSE
{ "reply": {} }

Unprocessable Entity

Body
codeInteger

Error code

statusString

Error name

messageString

Error message

errorsObject

Errors

RESPONSE
{ "code": 0, "status": "status_example", "message": "message_example", "errors": {} }

Internal server error. A unified status for API communication type errors.

Body
replyObject

The query results upon error.

Free-Form object
RESPONSE
{ "reply": {} }