Updated on July 7, 2023

Docy

View Security Assessment Violations

View Security Assessment Violations

Use this endpoint to get the security assessment violations from the latest scan or as a snapshot of time. This endpoint also replicates the input and output shown at Cloud Infrastructure > Compliance > Raw Findings.

Request Endpoint
https://<tenant-name>.goskope.com/api/v1/security_assessment

Valid parameters are:

KeyValueDescription
account_idURL-encoded stringThe Iaas platform provider account ID.
account_nameURL-encoded stringThe Iaas platform provider account name.
cloud_providerazure | aws | googlecloudThe IaaS platform provider.
policy_nameURL-encoded stringThe Security Assessment policy name.
profile_nameURL-encoded stringThe Security Assessment profile name. 
rule_nameURL-encoded stringThe Security Assessment rule name.
resource_categoryURL-encoded stringThe asset category set by Netskope per account resource.
resource_idURL-encoded stringThe asset identifier created by the IaaS platform provider.
resource_nameURL-encoded stringThe IaaS instance name.
resource_typeURL-encoded stringThe resource type set by Netskope per account resource.
tag_nameURL-encoded stringThe tag name set in the Iaas platform provider account resource. Must also supply tag value.
tag_valueURL-encoded stringThe tag value set in the Iaas platform provider account resource. Must also supply tag name.
remediated_byAutoRemediation | OnDemandRemediationHow the policy violation was remediated.
last_remediation_statusNone | Started | Completed | ErroredLast remediation status. None means not any the other three options.
as_ofIntegerEpoch time of results at that time. Default is the time of the request when not supplied, and is GMT time.
severityCritical | High | Medium | LowThe Security Assessment rule severity.
limitPositive integer less than 10000Required.

REST API responses can return up to 10000 events in a single response. You can use pagination to retrieve more results.

skipPositive integerSkip over some of the events (useful for pagination in combination with limit).
statusPassed | FailedThe Security Assessment status.
mutedYes | NoReturns either muted or unmuted findings.
compliance_standardURL-encoded string The name of the compliance standard, like CIS-AWSFND-1.2.0, NIST-CSF, etc.
regionFor Azure, some possible values are:
  • all
  • global
  • eastus
  • northcentralus
  • westus
  • centralindia
  • centralus
  • australiacentral

For AWS, possible values are: 

  • global
  • ap-south-1
  • ap-northeast-2
  • ap-southeast-1
  • ap-southeast-2
  • ap-northeast-1
  • ca-central-1
  • eu-central-1
  • eu-west-1
  • eu-west-2
  • eu-west-3
  • eu-north-1
  • me-south-1
  • us-east-1
  • us-east-2
  • us-west-1
  • us-west-2

For Google Cloud, some possible values are:

  • asia-east1
  • asia-east2
  • asia-northeast1
  • asia-southeast1
  • asia-south1
  • europe-north1
  • europe-west1
  • europe-west2
  • europe-west3
  • europe-west4
  • northamerica-northeast1
  • southamerica-east1
  • us-central1
  • us-east1
  • us-east4
  • us-west1
  • us-west2
The location reference
Example Request with Response
curl -X GET 'https://<tenant-name>.goskope.com/api/v1/security_assessment?token=5f8a08f99d40d9b0130dd43798n5n5n&platform=aws&limit=1&skip=0’

{
    "status": "success",
    "msg": "",
    "data": [
        {
            "status": "Passed",
            "account_name": "Rel66AWS",
            "account_id": "215406114230",
            "rule_name": "BPR-AWS | Ensure no user has AdminAccess policy",
            "remediation_steps": "Not Available",
            "resource_name": "gauthami",
            "resource_id": "gauthami",
            "resource_type": "User",
            "resource_category": "Identity",
            "severity": "High",
            "failing_since": "2020-02-12 02:30:17AM", 
             // Will appear only if status = Failed    
            "mute": "true",
             // Will appear only if muted or has been muted in the past        
            "cloud_provider": "AWS",
            "profiles": [
                "AWS Best Practices v1.0.0"
            ],
            "mute_until": "2020-04-14 07:00:00AM",
            // Will appear only if muted or has been muted in the past
            "mute_time": "2020-04-01 06:30:46AM",
            // Will appear only if muted or has been muted in the past               
            "mute_by": "developer@netskope.com",
// Will appear only if muted or has been muted in the past
            "auto_remediation_status": "errored",
            "remediation_action_name": "Ensure User does not have Admin Access Privilege",
            "remediated_by": "auto_remediation",
            "auto_remediation_time": "2019-08-01 06:54:45AM",
            "is_auto_remediation": "true",
            "policies": [
                "ak-ar-policy"
            ],
            "region_name": "global",
            "error_msg": "",
            "last_scan_time": "2019-08-01 06:54:45AM",
            "tags": [
                {
                    "name": "gautami",
                    "value": "1032"
            }],    
            "compliance_standards": [{ 
                "control": "1",
                "description": "Audit/log records are determined, documented, implemented, and reviewed in accordance with policy",           
                "section": "PR.PT",
                "standard": "NIST-CSF-1.1",
                "reference_url": "https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.
CSWP.04162018.pdf"
                },
                {            
                "control": "9",            
                "description": "Ensure a log metric filter and alarm exist for AWS Config configuration changes",
                "appname": "aws",
                "section": "3",
                "standard": "CIS-AWSFND-1.2.0",            
                "reference_url": "https://www.cisecurity.org/benchmark/amazon_web_
services/"        
                }
           ]
}
Share this Doc
In this topic ...