Get Service Details

Cortex Xpanse REST API
post /public_api/v1/assets/get_external_service/

Get service details according to the service ID. You can send up to 20 IDs.
Required license: Cortex Xpanse Expander

Request headers
authorization String required

api-key
Example: {{api_key}}
x-xdr-auth-id String required

api-key-id
Example: {{api_key_id}}
CLIENT REQUEST
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'authorization: {{api_key}}' -H 'x-xdr-auth-id: {{api_key_id}}'
'https://api-}/public_api/v1/assets/get_external_service/'
-d '{ "request_data" : { "service_id_list" : [ "service_id_list", "service_id_list", "service_id_list", "service_id_list", "service_id_list" ] } }'
import http.client conn = http.client.HTTPSConnection("api-") payload = "{\"request_data\":{\"service_id_list\":[\"string\"]}}" headers = { 'authorization': "{{api_key}}", 'x-xdr-auth-id': "{{api_key_id}}", 'content-type': "application/json" } conn.request("POST", "%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_service/", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_service/") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["authorization"] = '{{api_key}}' request["x-xdr-auth-id"] = '{{api_key_id}}' request["content-type"] = 'application/json' request.body = "{\"request_data\":{\"service_id_list\":[\"string\"]}}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "request_data": { "service_id_list": [ "string" ] } }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_service/"); xhr.setRequestHeader("authorization", "{{api_key}}"); xhr.setRequestHeader("x-xdr-auth-id", "{{api_key_id}}"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_service/") .header("authorization", "{{api_key}}") .header("x-xdr-auth-id", "{{api_key_id}}") .header("content-type", "application/json") .body("{\"request_data\":{\"service_id_list\":[\"string\"]}}") .asString();
import Foundation let headers = [ "authorization": "{{api_key}}", "x-xdr-auth-id": "{{api_key_id}}", "content-type": "application/json" ] let parameters = ["request_data": ["service_id_list": ["string"]]] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_service/")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_service/", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"request_data\":{\"service_id_list\":[\"string\"]}}", CURLOPT_HTTPHEADER => [ "authorization: {{api_key}}", "content-type: application/json", "x-xdr-auth-id: {{api_key_id}}" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_service/"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "authorization: {{api_key}}"); headers = curl_slist_append(headers, "x-xdr-auth-id: {{api_key_id}}"); headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"service_id_list\":[\"string\"]}}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_service/"); var request = new RestRequest(Method.POST); request.AddHeader("authorization", "{{api_key}}"); request.AddHeader("x-xdr-auth-id", "{{api_key_id}}"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"request_data\":{\"service_id_list\":[\"string\"]}}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Body parameters
required
application/json
request_dataobject

(Required) A dictionary containing the API request fields.

service_id_listarray[string]
Free-Form object
Free-Form object
REQUEST
{ "request_data": { "service_id_list": [ "example" ] } }
Responses

OK

Body
application/json
replyobject

JSON object containing the query result.

detailsarray

Service details according to the service ID.

[
service_idstringuuid
service_namestring
service_typestring
ip_addressarray[string]
domainarray[string]
externally_detected_providersarray[string]
is_activestring
first_observedinteger
last_observedinteger
portinteger
protocolstring
active_classificationsarray[string]
inactive_classificationsarray[string]
discovery_typestring
externally_inferred_vulnerability_scorenumber
externally_inferred_cvesarray[string]
detailsobject
serviceKeystring
serviceKeyTypestring
providerDetailsarray
[
namestring
displayNamestring
firstObservedinteger
lastObservedinteger
Free-Form object
]
certificatesarray
[
certificateobject
issuerstring
issuerAlternativeNamesstring
issuerCountrystring
issuerEmailstring
issuerLocalitystring
issuerNamestring
issuerOrgstring
formattedIssuerOrgstring
issuerOrgUnitstring
issuerStatestring
publicKeystring
publicKeyAlgorithmstring
publicKeyRsaExponentinteger
signatureAlgorithmstring
subjectstring
subjectAlternativeNamesstring
subjectCountrystring
subjectEmailstring
subjectLocalitystring
subjectNamestring
subjectOrgstring
subjectOrgUnitstring
subjectStatestring
serialNumberstring
validNotBeforeinteger
validNotAfterinteger
versionstring
publicKeyBitsinteger
publicKeyModulusstring
publicKeySpkistring
sha1Fingerprintstring
sha256Fingerprintstring
md5Fingerprintstring
Free-Form object
activityStatusstring
lastObservedinteger
firstObservedinteger
Free-Form object
]
domainsarray
[
domainstring
activityStatusstring
lastObservedinteger
firstObservedinteger
Free-Form object
]
ipsarray
[
ipinteger
ipv6string
protocolstring
providerstring
geolocationobject
latitudenumber
longitudenumber
countryCodestring
citystring
regionCodestring
timeZonestring
Free-Form object
activityStatusstring
lastObservedinteger
firstObservedinteger
Free-Form object
]
classificationsarray
[
namestring
activityStatusstring
valuesarray
[
jsonValuestring
firstObservedinteger
lastObservedinteger
Free-Form object
]
firstObservedinteger
lastObservedinteger
Free-Form object
]
tlsVersionsarray
[
tlsVersionstring
cipherSuitestring
firstObservedinteger
lastObservedinteger
activityStatusstring
Free-Form object
]
inferred_cves_observedarray
[
inferredCvearray
[
cveIdstring
cvssScoreV2string
cveSeverityV2string
cvssScoreV3number
cveSeverityV3string
inferredCveMatchMetadataarray
[
inferredCveMatchTypestring
productstring
confidencestring
vendorstring
versionstring
Free-Form object
]
epssScorestring
cvssTemporalScoreV3string
cvssTemporalScoreV2string
publishedExploitsCountstring
reportedExploitedInTheWildstring
firstExploitPublishedstring
firstReportedThreatActorstring
firstReportedRansomwarestring
firstReportedBotnetstring
lastExploitPublishedstring
lastReportedThreatActorstring
lastReportedRansomwarestring
lastReportedBotnetstring
cisaKevDateAddedstring
Free-Form object
]
activityStatusstring
lastObservedinteger
firstObservedinteger
Free-Form object
]
enrichedObservationSourcestring
ip_rangesobject

Keys should be valid IPv4 address

Additional propertiesobjectrequired
_IS_DELETEDstring
_LAST_MODIFIED_TIMEinteger
ACTIVE_RESPONSIVE_IPS_COUNTinteger
ANNOTATIONstring
ASN_COUNTRIESarray[string]
ASN_HANDLESarray[string]
ASN_RECORD_NAMESarray[string]
ASN_REGISTRIESarray[string]
BUSINESS_UNITarray
[
tag_idstring
tag_namestring
Free-Form object
]
CITIESarray[string]
DATE_ADDEDinteger
DETAILSobject
networkRecordsobjectrequired
firstIpstring
firstIpv6string
handlestring
lastChangedinteger
lastIpstring
lastIpv6string
namestring
organizationRecordsarray
[
addressstring
dateAddedinteger
emailstring
firstRegisteredinteger
formattedNamestring
handlestring
kindstring
lastChangedinteger
orgstring
phonestring
remarksstring
rolesarray[string]
Free-Form object
]
remarksstring
whoIsServerstring
Free-Form object
Free-Form object
ENTITY_TYPESarray[string]
EXPLAINERSarray[string]
FIRST_IPstring
FIRST_IPV6string
HAS_BU_OVERRIDESboolean
IP_RANGE_IDstring
IP_VERSIONinteger
IS_SUBRANGEboolean
LAST_IPstring
LAST_IPV6string
ORGANIZATION_HANDLESstring
REGIONSarray[string]
SBAC_TAGSarray
[
tag_idstring
tag_namestring
Free-Form object
]
SECTORSarray[string]
SIZEinteger
STATESarray[string]
SUBRANGE_CREATED_EMAILstring
SUBRANGE_CREATED_TSinteger
SUBRANGE_CREATED_USERstring
SYSTEM_RANGE_FIRST_IPstring
SYSTEM_RANGE_IDstring
SYSTEM_RANGE_LAST_IPstring
TAGSarray
[
tag_idstring
tag_namestring
Free-Form object
]
Free-Form object
Free-Form object
cloud_management_statusstring
tagsarray[string]
ipv6_addressarray[string]
Free-Form object
]
pretty_namestring
groupsarray[string]
usersarray[string]
Free-Form object
Free-Form object
RESPONSE
{ "reply": { "details": [ { "service_id": "uuid string", "service_name": "example", "service_type": "example", "ip_address": [ "example" ], "domain": [ "example" ], "externally_detected_providers": [ "example" ], "is_active": "example", "first_observed": 0, "last_observed": 0, "port": 0, "protocol": "example", "active_classifications": [ "example" ], "inactive_classifications": [ "example" ], "discovery_type": "example", "externally_inferred_vulnerability_score": 0.1, "externally_inferred_cves": [ "example" ], "details": { "serviceKey": "example", "serviceKeyType": "example", "providerDetails": [ { "name": "example", "displayName": "example", "firstObserved": 0, "lastObserved": 0 } ], "certificates": [ { "certificate": { "issuer": "example", "issuerAlternativeNames": "example", "issuerCountry": "example", "issuerEmail": "example", "issuerLocality": "example", "issuerName": "example", "issuerOrg": "example", "formattedIssuerOrg": "example", "issuerOrgUnit": "example", "issuerState": "example", "publicKey": "example", "publicKeyAlgorithm": "example", "publicKeyRsaExponent": 0, "signatureAlgorithm": "example", "subject": "example", "subjectAlternativeNames": "example", "subjectCountry": "example", "subjectEmail": "example", "subjectLocality": "example", "subjectName": "example", "subjectOrg": "example", "subjectOrgUnit": "example", "subjectState": "example", "serialNumber": "example", "validNotBefore": 0, "validNotAfter": 0, "version": "example", "publicKeyBits": 0, "publicKeyModulus": "example", "publicKeySpki": "example", "sha1Fingerprint": "example", "sha256Fingerprint": "example", "md5Fingerprint": "example" }, "activityStatus": "example", "lastObserved": 0, "firstObserved": 0 } ], "domains": [ { "domain": "example", "activityStatus": "example", "lastObserved": 0, "firstObserved": 0 } ], "ips": [ { "ip": 0, "ipv6": "example", "protocol": "example", "provider": "example", "geolocation": { "latitude": 0.1, "longitude": 0.1, "countryCode": "example", "city": "example", "regionCode": "example", "timeZone": "example" }, "activityStatus": "example", "lastObserved": 0, "firstObserved": 0 } ], "classifications": [ { "name": "example", "activityStatus": "example", "values": [ { "jsonValue": "example", "firstObserved": 0, "lastObserved": 0 } ], "firstObserved": 0, "lastObserved": 0 } ], "tlsVersions": [ { "tlsVersion": "example", "cipherSuite": "example", "firstObserved": 0, "lastObserved": 0, "activityStatus": "example" } ], "inferred_cves_observed": [ { "inferredCve": [ { "cveId": "example", "cvssScoreV2": "example", "cveSeverityV2": "example", "cvssScoreV3": 0.1, "cveSeverityV3": "example", "inferredCveMatchMetadata": [ { "inferredCveMatchType": "example", "product": "example", "confidence": "example", "vendor": "example", "version": "example" } ], "epssScore": "example", "cvssTemporalScoreV3": "example", "cvssTemporalScoreV2": "example", "publishedExploitsCount": "example", "reportedExploitedInTheWild": "example", "firstExploitPublished": "example", "firstReportedThreatActor": "example", "firstReportedRansomware": "example", "firstReportedBotnet": "example", "lastExploitPublished": "example", "lastReportedThreatActor": "example", "lastReportedRansomware": "example", "lastReportedBotnet": "example", "cisaKevDateAdded": "example" } ], "activityStatus": "example", "lastObserved": 0, "firstObserved": 0 } ], "enrichedObservationSource": "example", "ip_ranges": { "additionalProperties": { "_IS_DELETED": "example", "_LAST_MODIFIED_TIME": 0, "ACTIVE_RESPONSIVE_IPS_COUNT": 0, "ANNOTATION": "example", "ASN_COUNTRIES": [ "example" ], "ASN_HANDLES": [ "example" ], "ASN_RECORD_NAMES": [ "example" ], "ASN_REGISTRIES": [ "example" ], "BUSINESS_UNIT": [ { "tag_id": "example", "tag_name": "example" } ], "CITIES": [ "example" ], "DATE_ADDED": 0, "DETAILS": { "networkRecords": { "firstIp": "example", "firstIpv6": "example", "handle": "example", "lastChanged": 0, "lastIp": "example", "lastIpv6": "example", "name": "example", "organizationRecords": [ { "address": "example", "dateAdded": 0, "email": "example", "firstRegistered": 0, "formattedName": "example", "handle": "example", "kind": "example", "lastChanged": 0, "org": "example", "phone": "example", "remarks": "example", "roles": [ "example" ] } ], "remarks": "example", "whoIsServer": "example" } }, "ENTITY_TYPES": [ "example" ], "EXPLAINERS": [ "example" ], "FIRST_IP": "example", "FIRST_IPV6": "example", "HAS_BU_OVERRIDES": false, "IP_RANGE_ID": "example", "IP_VERSION": 0, "IS_SUBRANGE": false, "LAST_IP": "example", "LAST_IPV6": "example", "ORGANIZATION_HANDLES": "example", "REGIONS": [ "example" ], "SBAC_TAGS": [ { "tag_id": "example", "tag_name": "example" } ], "SECTORS": [ "example" ], "SIZE": 0, "STATES": [ "example" ], "SUBRANGE_CREATED_EMAIL": "example", "SUBRANGE_CREATED_TS": 0, "SUBRANGE_CREATED_USER": "example", "SYSTEM_RANGE_FIRST_IP": "example", "SYSTEM_RANGE_ID": "example", "SYSTEM_RANGE_LAST_IP": "example", "TAGS": [ { "tag_id": "example", "tag_name": "example" } ] } } }, "cloud_management_status": "example", "tags": [ "example" ], "ipv6_address": [ "example" ] } ], "pretty_name": "example", "groups": [ "example" ], "users": [ "example" ] } }

Bad Request. Got an invalid JSON.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Unauthorized access. User does not have the required license type to run this API.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Unprocessable Entity

Body
application/json
codeinteger

Error code

statusstring

Error name

messagestring

Error message

errorsobject

Errors

RESPONSE
{ "code": 0, "status": "example", "message": "example", "errors": {} }

Internal server error. A unified status for API communication type errors.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }