Get Service Details

Cortex Xpanse REST API
post /public_api/v1/assets/get_external_service/

Get service details according to the service ID. You can send up to 20 IDs.
Required license: Cortex Xpanse Expander

Request headers
authorization String required

api-key
Example: {{api_key}}
x-xdr-auth-id String required

api-key-id
Example: {{api_key_id}}
CLIENT REQUEST
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'authorization: {{api_key}}' -H 'x-xdr-auth-id: {{api_key_id}}'
'https://api-}/public_api/v1/assets/get_external_service/'
-d '{ "request_data" : { "service_id_list" : [ "service_id_list", "service_id_list", "service_id_list", "service_id_list", "service_id_list" ] } }'
import http.client conn = http.client.HTTPSConnection("api-") payload = "{\"request_data\":{\"service_id_list\":[\"string\"]}}" headers = { 'authorization': "{{api_key}}", 'x-xdr-auth-id': "{{api_key_id}}", 'content-type': "application/json" } conn.request("POST", "%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_service/", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_service/") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["authorization"] = '{{api_key}}' request["x-xdr-auth-id"] = '{{api_key_id}}' request["content-type"] = 'application/json' request.body = "{\"request_data\":{\"service_id_list\":[\"string\"]}}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "request_data": { "service_id_list": [ "string" ] } }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_service/"); xhr.setRequestHeader("authorization", "{{api_key}}"); xhr.setRequestHeader("x-xdr-auth-id", "{{api_key_id}}"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_service/") .header("authorization", "{{api_key}}") .header("x-xdr-auth-id", "{{api_key_id}}") .header("content-type", "application/json") .body("{\"request_data\":{\"service_id_list\":[\"string\"]}}") .asString();
import Foundation let headers = [ "authorization": "{{api_key}}", "x-xdr-auth-id": "{{api_key_id}}", "content-type": "application/json" ] let parameters = ["request_data": ["service_id_list": ["string"]]] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_service/")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_service/", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"request_data\":{\"service_id_list\":[\"string\"]}}", CURLOPT_HTTPHEADER => [ "authorization: {{api_key}}", "content-type: application/json", "x-xdr-auth-id: {{api_key_id}}" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_service/"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "authorization: {{api_key}}"); headers = curl_slist_append(headers, "x-xdr-auth-id: {{api_key_id}}"); headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"service_id_list\":[\"string\"]}}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/assets/get_external_service/"); var request = new RestRequest(Method.POST); request.AddHeader("authorization", "{{api_key}}"); request.AddHeader("x-xdr-auth-id", "{{api_key_id}}"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"request_data\":{\"service_id_list\":[\"string\"]}}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Body parameters
required
application/json
request_dataobject

(Required) A dictionary containing the API request fields.

service_id_listarray[string]
Free-Form object
Free-Form object
REQUEST
{ "request_data": { "service_id_list": [ "example" ] } }
Responses

OK

Body
application/json
replyobject

JSON object containing the query result.

detailsarray

Service details according to the service ID.

[
service_idstringuuid
service_namestring
service_typestring
ip_addressarray[string]
domainarray[string]
externally_detected_providersarray[string]
is_activestring
first_observedinteger
last_observedinteger
portinteger
protocolstring
active_classificationsarray[string]
inactive_classificationsarray[string]
discovery_typestring
externally_inferred_vulnerability_scorenumber
externally_inferred_cvesarray[string]
detailsobject
serviceKeystring
serviceKeyTypestring
providerDetailsarray
[
namestring
displayNamestring
firstObservedinteger
lastObservedinteger
Free-Form object
]
certificatesarray
[
certificateobject
issuerstring
issuerAlternativeNamesstring
issuerCountrystring
issuerEmailstring
issuerLocalitystring
issuerNamestring
issuerOrgstring
formattedIssuerOrgstring
issuerOrgUnitstring
issuerStatestring
publicKeystring
publicKeyAlgorithmstring
publicKeyRsaExponentinteger
signatureAlgorithmstring
subjectstring
subjectAlternativeNamesstring
subjectCountrystring
subjectEmailstring
subjectLocalitystring
subjectNamestring
subjectOrgstring
subjectOrgUnitstring
subjectStatestring
serialNumberstring
validNotBeforeinteger
validNotAfterinteger
versionstring
publicKeyBitsinteger
publicKeyModulusstring
publicKeySpkistring
sha1Fingerprintstring
sha256Fingerprintstring
md5Fingerprintstring
Free-Form object
activityStatusstring
lastObservedinteger
firstObservedinteger
Free-Form object
]
domainsarray
[
domainstring
activityStatusstring
lastObservedinteger
firstObservedinteger
Free-Form object
]
ipsarray
[
ipinteger
ipv6string
protocolstring
providerstring
geolocationobject
latitudenumber
longitudenumber
countryCodestring
citystring
regionCodestring
timeZonestring
Free-Form object
activityStatusstring
lastObservedinteger
firstObservedinteger
Free-Form object
]
classificationsarray
[
namestring
activityStatusstring
valuesarray
[
jsonValuestring
firstObservedinteger
lastObservedinteger
Free-Form object
]
firstObservedinteger
lastObservedinteger
Free-Form object
]
tlsVersionsarray
[
tlsVersionstring
cipherSuitestring
firstObservedinteger
lastObservedinteger
activityStatusstring
Free-Form object
]
inferred_cves_observedarray
[
inferredCvearray
[
cveIdstring
cvssScoreV2null
cveSeverityV2null
cvssScoreV3number
cveSeverityV3string
inferredCveMatchMetadataobject
inferredCveMatchTypestring
productstring
confidencestring
vendorstring
versionstring
matchingCpeInformationarray
[
partstring
vendorstring
productstring
versionstring
updatenull
editionnull
languagenull
softwareEditionnull
targetSoftwarenull
targetHardwarenull
othernull
sourceServiceClassificationIdstring
]
epssScorenull
cvssTemporalScoreV3null
cvssTemporalScoreV2null
publishedExploitsCountnull
reportedExploitedInTheWildnull
firstExploitPublishednull
firstReportedThreatActornull
firstReportedRansomwarenull
firstReportedBotnetnull
lastExploitPublishednull
lastReportedThreatActornull
lastReportedRansomwarenull
lastReportedBotnetnull
cisaKevDateAddednull
]
activityStatusstring
lastObservedinteger
firstObservedinteger
Free-Form object
]
enrichedObservationSourcestring
ip_rangesobject

Keys should be valid IPv4 address

Additional propertiesobjectrequired
_IS_DELETEDstring
_LAST_MODIFIED_TIMEinteger
ACTIVE_RESPONSIVE_IPS_COUNTinteger
ANNOTATIONstring
ASN_COUNTRIESarray[string]
ASN_HANDLESarray[string]
ASN_RECORD_NAMESarray[string]
ASN_REGISTRIESarray[string]
BUSINESS_UNITarray
[
tag_idstring
tag_namestring
Free-Form object
]
CITIESarray[string]
DATE_ADDEDinteger
DETAILSobject
networkRecordsobjectrequired
firstIpstring
firstIpv6string
handlestring
lastChangedinteger
lastIpstring
lastIpv6string
namestring
organizationRecordsarray
[
addressstring
dateAddedinteger
emailstring
firstRegisteredinteger
formattedNamestring
handlestring
kindstring
lastChangedinteger
orgstring
phonestring
remarksstring
rolesarray[string]
Free-Form object
]
remarksstring
whoIsServerstring
Free-Form object
Free-Form object
ENTITY_TYPESarray[string]
EXPLAINERSarray[string]
FIRST_IPstring
FIRST_IPV6string
HAS_BU_OVERRIDESboolean
IP_RANGE_IDstring
IP_VERSIONinteger
IS_SUBRANGEboolean
LAST_IPstring
LAST_IPV6string
ORGANIZATION_HANDLESstring
REGIONSarray[string]
SBAC_TAGSarray
[
tag_idstring
tag_namestring
Free-Form object
]
SECTORSarray[string]
SIZEinteger
STATESarray[string]
SUBRANGE_CREATED_EMAILstring
SUBRANGE_CREATED_TSinteger
SUBRANGE_CREATED_USERstring
SYSTEM_RANGE_FIRST_IPstring
SYSTEM_RANGE_IDstring
SYSTEM_RANGE_LAST_IPstring
TAGSarray
[
tag_idstring
tag_namestring
Free-Form object
]
Free-Form object
Free-Form object
cloud_management_statusstring
tagsarray[string]
ipv6_addressarray[string]
Free-Form object
]
pretty_namestring
groupsarray[string]
usersarray[string]
Free-Form object
Free-Form object
RESPONSE
{ "reply": { "details": [ { "service_id": "uuid string", "service_name": "example", "service_type": "example", "ip_address": [ "example" ], "domain": [ "example" ], "externally_detected_providers": [ "example" ], "is_active": "example", "first_observed": 0, "last_observed": 0, "port": 0, "protocol": "example", "active_classifications": [ "example" ], "inactive_classifications": [ "example" ], "discovery_type": "example", "externally_inferred_vulnerability_score": 0.1, "externally_inferred_cves": [ "example" ], "details": { "serviceKey": "example", "serviceKeyType": "example", "providerDetails": [ { "name": "example", "displayName": "example", "firstObserved": 0, "lastObserved": 0 } ], "certificates": [ { "certificate": { "issuer": "example", "issuerAlternativeNames": "example", "issuerCountry": "example", "issuerEmail": "example", "issuerLocality": "example", "issuerName": "example", "issuerOrg": "example", "formattedIssuerOrg": "example", "issuerOrgUnit": "example", "issuerState": "example", "publicKey": "example", "publicKeyAlgorithm": "example", "publicKeyRsaExponent": 0, "signatureAlgorithm": "example", "subject": "example", "subjectAlternativeNames": "example", "subjectCountry": "example", "subjectEmail": "example", "subjectLocality": "example", "subjectName": "example", "subjectOrg": "example", "subjectOrgUnit": "example", "subjectState": "example", "serialNumber": "example", "validNotBefore": 0, "validNotAfter": 0, "version": "example", "publicKeyBits": 0, "publicKeyModulus": "example", "publicKeySpki": "example", "sha1Fingerprint": "example", "sha256Fingerprint": "example", "md5Fingerprint": "example" }, "activityStatus": "example", "lastObserved": 0, "firstObserved": 0 } ], "domains": [ { "domain": "example", "activityStatus": "example", "lastObserved": 0, "firstObserved": 0 } ], "ips": [ { "ip": 0, "ipv6": "example", "protocol": "example", "provider": "example", "geolocation": { "latitude": 0.1, "longitude": 0.1, "countryCode": "example", "city": "example", "regionCode": "example", "timeZone": "example" }, "activityStatus": "example", "lastObserved": 0, "firstObserved": 0 } ], "classifications": [ { "name": "example", "activityStatus": "example", "values": [ { "jsonValue": "example", "firstObserved": 0, "lastObserved": 0 } ], "firstObserved": 0, "lastObserved": 0 } ], "tlsVersions": [ { "tlsVersion": "example", "cipherSuite": "example", "firstObserved": 0, "lastObserved": 0, "activityStatus": "example" } ], "inferred_cves_observed": [ { "inferredCve": [ { "cveId": "example", "cvssScoreV2": null, "cveSeverityV2": null, "cvssScoreV3": 0.1, "cveSeverityV3": "example", "inferredCveMatchMetadata": { "inferredCveMatchType": "example", "product": "example", "confidence": "example", "vendor": "example", "version": "example", "matchingCpeInformation": [ { "part": "example", "vendor": "example", "product": "example", "version": "example", "update": null, "edition": null, "language": null, "softwareEdition": null, "targetSoftware": null, "targetHardware": null, "other": null, "sourceServiceClassificationId": "example" } ] }, "epssScore": null, "cvssTemporalScoreV3": null, "cvssTemporalScoreV2": null, "publishedExploitsCount": null, "reportedExploitedInTheWild": null, "firstExploitPublished": null, "firstReportedThreatActor": null, "firstReportedRansomware": null, "firstReportedBotnet": null, "lastExploitPublished": null, "lastReportedThreatActor": null, "lastReportedRansomware": null, "lastReportedBotnet": null, "cisaKevDateAdded": null } ], "activityStatus": "example", "lastObserved": 0, "firstObserved": 0 } ], "enrichedObservationSource": "example", "ip_ranges": { "additionalProperties": { "_IS_DELETED": "example", "_LAST_MODIFIED_TIME": 0, "ACTIVE_RESPONSIVE_IPS_COUNT": 0, "ANNOTATION": "example", "ASN_COUNTRIES": [ "example" ], "ASN_HANDLES": [ "example" ], "ASN_RECORD_NAMES": [ "example" ], "ASN_REGISTRIES": [ "example" ], "BUSINESS_UNIT": [ { "tag_id": "example", "tag_name": "example" } ], "CITIES": [ "example" ], "DATE_ADDED": 0, "DETAILS": { "networkRecords": { "firstIp": "example", "firstIpv6": "example", "handle": "example", "lastChanged": 0, "lastIp": "example", "lastIpv6": "example", "name": "example", "organizationRecords": [ { "address": "example", "dateAdded": 0, "email": "example", "firstRegistered": 0, "formattedName": "example", "handle": "example", "kind": "example", "lastChanged": 0, "org": "example", "phone": "example", "remarks": "example", "roles": [ "example" ] } ], "remarks": "example", "whoIsServer": "example" } }, "ENTITY_TYPES": [ "example" ], "EXPLAINERS": [ "example" ], "FIRST_IP": "example", "FIRST_IPV6": "example", "HAS_BU_OVERRIDES": false, "IP_RANGE_ID": "example", "IP_VERSION": 0, "IS_SUBRANGE": false, "LAST_IP": "example", "LAST_IPV6": "example", "ORGANIZATION_HANDLES": "example", "REGIONS": [ "example" ], "SBAC_TAGS": [ { "tag_id": "example", "tag_name": "example" } ], "SECTORS": [ "example" ], "SIZE": 0, "STATES": [ "example" ], "SUBRANGE_CREATED_EMAIL": "example", "SUBRANGE_CREATED_TS": 0, "SUBRANGE_CREATED_USER": "example", "SYSTEM_RANGE_FIRST_IP": "example", "SYSTEM_RANGE_ID": "example", "SYSTEM_RANGE_LAST_IP": "example", "TAGS": [ { "tag_id": "example", "tag_name": "example" } ] } } }, "cloud_management_status": "example", "tags": [ "example" ], "ipv6_address": [ "example" ] } ], "pretty_name": "example", "groups": [ "example" ], "users": [ "example" ] } }

Bad Request. Got an invalid JSON.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Unauthorized access. User does not have the required license type to run this API.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Unprocessable Entity

Body
application/json
codeinteger

Error code

statusstring

Error name

messagestring

Error message

errorsobject

Errors

RESPONSE
{ "code": 0, "status": "example", "message": "example", "errors": {} }

Internal server error. A unified status for API communication type errors.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }