Upload Assets

Cortex Xpanse REST API
post /public_api/v1/asm_management/upload_asm_data/

Upload domains (paid-level domains (PLD) and subdomains) and IPv4 address ranges to your inventory. Upload up to 500 domains or IP ranges per request.

Check the status of your asset upload request on the Asset Uploads/Removals page in the Cortex Xpanse UI. Go to Settings → Configurations → Asset Management → Asset Uploads/Removals. Uploaded assets initially appear the Asset Uploads/Removals table with the status Pending. Within five days of submitting your request, each asset will be Accepted and added to the inventory or Rejected. Assets that are rejected include an explanation in the Decision Reason field.

You cannot upload an asset that was added or rejected in a previous upload request.

Required role: Instance Admin or Account Admin

Required license: Cortex Xpanse Expander

Request headers
authorization String required

api-key
Example: api-key
x-xdr-auth-id String required

api-key-id
Example: api-key-id
CLIENT REQUEST
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'authorization: api-key' -H 'x-xdr-auth-id: api-key-id'
'https://api-}/public_api/v1/asm_management/upload_asm_data/'
-d ''
import http.client conn = http.client.HTTPSConnection("api-") payload = "{\"request_data\":{\"request_type\":\"addition\",\"asset_type\":\"ip_range\",\"asset_identifiers\":[\"string\"],\"business_units\":[\"string\"]}}" headers = { 'authorization': "api-key", 'x-xdr-auth-id': "api-key-id", 'content-type': "application/json" } conn.request("POST", "%7B%7Bfqdn%7D%7D/public_api/v1/asm_management/upload_asm_data/", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/asm_management/upload_asm_data/") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["authorization"] = 'api-key' request["x-xdr-auth-id"] = 'api-key-id' request["content-type"] = 'application/json' request.body = "{\"request_data\":{\"request_type\":\"addition\",\"asset_type\":\"ip_range\",\"asset_identifiers\":[\"string\"],\"business_units\":[\"string\"]}}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "request_data": { "request_type": "addition", "asset_type": "ip_range", "asset_identifiers": [ "string" ], "business_units": [ "string" ] } }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/asm_management/upload_asm_data/"); xhr.setRequestHeader("authorization", "api-key"); xhr.setRequestHeader("x-xdr-auth-id", "api-key-id"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/asm_management/upload_asm_data/") .header("authorization", "api-key") .header("x-xdr-auth-id", "api-key-id") .header("content-type", "application/json") .body("{\"request_data\":{\"request_type\":\"addition\",\"asset_type\":\"ip_range\",\"asset_identifiers\":[\"string\"],\"business_units\":[\"string\"]}}") .asString();
import Foundation let headers = [ "authorization": "api-key", "x-xdr-auth-id": "api-key-id", "content-type": "application/json" ] let parameters = ["request_data": [ "request_type": "addition", "asset_type": "ip_range", "asset_identifiers": ["string"], "business_units": ["string"] ]] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/asm_management/upload_asm_data/")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/asm_management/upload_asm_data/", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"request_data\":{\"request_type\":\"addition\",\"asset_type\":\"ip_range\",\"asset_identifiers\":[\"string\"],\"business_units\":[\"string\"]}}", CURLOPT_HTTPHEADER => [ "authorization: api-key", "content-type: application/json", "x-xdr-auth-id: api-key-id" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/asm_management/upload_asm_data/"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "authorization: api-key"); headers = curl_slist_append(headers, "x-xdr-auth-id: api-key-id"); headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"request_type\":\"addition\",\"asset_type\":\"ip_range\",\"asset_identifiers\":[\"string\"],\"business_units\":[\"string\"]}}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/asm_management/upload_asm_data/"); var request = new RestRequest(Method.POST); request.AddHeader("authorization", "api-key"); request.AddHeader("x-xdr-auth-id", "api-key-id"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"request_data\":{\"request_type\":\"addition\",\"asset_type\":\"ip_range\",\"asset_identifiers\":[\"string\"],\"business_units\":[\"string\"]}}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Body parameters
application/json
request_dataobjectrequired

(Required) A dictionary containing the API request fields.

request_typeobject (Enum)

Indicates that you want to add new assets to your inventory. "Addition" is the only supported value.

Allowed values:"addition"
asset_typeobject (Enum)

Type of asset. Supported values are ip_range and domain.

Allowed values:"ip_range""domain"
asset_identifiersarray[string]

List of assets to be uploaded.

  • All assets in a request must be the same asset type, either domain or ip_range.
  • Value can be one or more domains or one or more ipv4 ranges.
  • Accepted formats for IPv4 address ranges are <first ip>-<last ip> and CIDR format.
  • Individual IPs are supported using either CIDR Notation (e.g. 8.8.8.8/32) or <first ip>-<last ip> format (e.g. 8.8.8.8-8.8.8.8).
business_unitsarray[string]

One or more business unit IDs or business unit names to which the uploaded assets will be assigned.

REQUEST
{ "request_data": { "request_type": "addition", "asset_type": "ip_range", "asset_identifiers": [ "string" ], "business_units": [ "BU:1", "BU:2" ] } }
Responses

OK

Body
application/json
replyobject
asset_namesarray[string]
errorsarray
[
]
RESPONSE
{ "reply": { "asset_names": [ "example" ], "errors": [ {} ] } }

Bad Request. Got an invalid JSON.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Unauthorized access. User does not have the required license type to run this API.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }

Unprocessable Entity

Body
application/json
codeinteger

Error code

statusstring

Error name

messagestring

Error message

errorsobject

Errors

RESPONSE
{ "code": 0, "status": "example", "message": "example", "errors": {} }

Internal server error. A unified status for API communication type errors.

Body
application/json
replyobject

The query results upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

err_extrastring

Additional information describing the error.

Free-Form object
Free-Form object
RESPONSE
{ "reply": { "err_code": "example", "err_msg": "example", "err_extra": "example" } }