Get User Groups

Cortex Xpanse REST API
post /public_api/v1/rbac/get_user_group

Retrieve a list of the current user emails associated with one or more user groups in your environment.

Required license: Cortex Xpanse Expander

CURL
curl -X POST \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ "https://api-yourfqdn/public_api/v1/rbac/get_user_group" \ -d '{ "request_data" : { "group_names" : [ "group_names", "group_names" ] } }'
Request
Body
optional
Example: {"request_data":{"group_names":["Group1","Group2"]}}
request_data
required
A dictionary containing the API request fields.
group_names
optional
Array of strings
List of one or more user group names for which you want the associated users.
Responses

OK

Body
reply
optional
Array
JSON object containing the query result.
group_name
optional
String
Name of the User Group.
description
optional
Object
Description of the User Group, if available.
pretty_name
optional
String
Name of the User Group as it appears in the Management Console.
insert_time
optional
Integer
Timestamp of when the User Group was created.
update_time
optional
Integer
Timestamp of when the User Group was last updated.
user_email
optional
Array of strings
List of email addresses belonging to the users associated with the User Group.
source
optional
String
Type of User Group.

Bad Request. Got an invalid JSON.

Body
Defines a filter used to filter objects in a GET request
field
required
String

String that identifies the incident field the filter is matching. Filters are based on the following keywords:

  • modification_time: Time the incident has been modified.
  • creation_time: Incident's creation time.
  • incident_id_list: List of incident IDs.
  • description: Incident description.
  • alert_sources: Source which detected the alert.
  • status: Represents the status of the incident.
  • starred: Represents if the incident has been starred or not.
operator
required
String (Enum)

String that identifies the comparison operator you want to use for this filter. Valid keywords and values are: in

  • incident_id_list, alert_sources, description — Array of strings contains
  • description — String gte / lte
  • modification_time, creation_time — Integer in timestamp epoch milliseconds eq / neq
  • status
Allowed values:
in
contains
gte
lte
eq
neq
value
required
String (Enum)

Value that this filter must match. The contents of this field will differ depending on the incident field that you specified for this filter:

  • modification_time, creation_time - Integer representing the number of milliseconds after the Unix epoch, UTC timezone.
  • incident_id_list - Array of strings. Each item in the list must be an incident ID.
  • description - Array of strings.
  • alert_sources - Array of strings.
  • status - Single value, can be one of the following: new, under_investigation, resolved_true_positive, resolved_known_issue,resolved_duplicate_incident, resolved_false_positive, resolved_auto_resolve
  • starred - Boolean value: true or false.
Allowed values:
new
under_investigation
resolved_true_positive
resolved_known_issue
resolved_duplicate_incident
resolved_false_positive
resolved_auto_resolve

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Unauthorized access. User does not have the required license type to run this API.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Internal server error. A unified status for API communication type errors.