View Security Assessment Violations
View Security Assessment Violations
Use this endpoint to get the security assessment violations from the latest scan or as a snapshot of time. This endpoint also replicates the input and output shown at Cloud Infrastructure > Compliance > Raw Findings.
Request Endpoint
https://<tenant-name>.goskope.com/api/v1/security_assessment
Valid parameters are:
Key | Value | Description |
---|---|---|
account_id | URL-encoded string | The Iaas platform provider account ID. |
account_name | URL-encoded string | The Iaas platform provider account name. |
cloud_provider | azure | aws | googlecloud | The IaaS platform provider. |
policy_name | URL-encoded string | The Security Assessment policy name. |
profile_name | URL-encoded string | The Security Assessment profile name. |
rule_name | URL-encoded string | The Security Assessment rule name. |
resource_category | URL-encoded string | The asset category set by Netskope per account resource. |
resource_id | URL-encoded string | The asset identifier created by the IaaS platform provider. |
resource_name | URL-encoded string | The IaaS instance name. |
resource_type | URL-encoded string | The resource type set by Netskope per account resource. |
tag_name | URL-encoded string | The tag name set in the Iaas platform provider account resource. Must also supply tag value. |
tag_value | URL-encoded string | The tag value set in the Iaas platform provider account resource. Must also supply tag name. |
remediated_by | AutoRemediation | OnDemandRemediation | How the policy violation was remediated. |
last_remediation_status | None | Started | Completed | Errored | Last remediation status. None means not any the other three options. |
as_of | Integer | Epoch time of results at that time. Default is the time of the request when not supplied, and is GMT time. |
severity | Critical | High | Medium | Low | The Security Assessment rule severity. |
limit | Positive integer less than 10000 | Required. REST API responses can return up to 10000 events in a single response. You can use pagination to retrieve more results. |
skip | Positive integer | Skip over some of the events (useful for pagination in combination with limit). |
status | Passed | Failed | The Security Assessment status. |
muted | Yes | No | Returns either muted or unmuted findings. |
compliance_standard | URL-encoded string | The name of the compliance standard, like CIS-AWSFND-1.2.0, NIST-CSF, etc. |
region | For Azure, some possible values are:
For AWS, possible values are:
For Google Cloud, some possible values are:
| The location reference |
Example Request with Response
curl -X GET 'https://<tenant-name>.goskope.com/api/v1/security_assessment?token=5f8a08f99d40d9b0130dd43798n5n5n&platform=aws&limit=1&skip=0’ { "status": "success", "msg": "", "data": [ { "status": "Passed", "account_name": "Rel66AWS", "account_id": "215406114230", "rule_name": "BPR-AWS | Ensure no user has AdminAccess policy", "remediation_steps": "Not Available", "resource_name": "gauthami", "resource_id": "gauthami", "resource_type": "User", "resource_category": "Identity", "severity": "High", "failing_since": "2020-02-12 02:30:17AM", // Will appear only if status = Failed "mute": "true", // Will appear only if muted or has been muted in the past "cloud_provider": "AWS", "profiles": [ "AWS Best Practices v1.0.0" ], "mute_until": "2020-04-14 07:00:00AM", // Will appear only if muted or has been muted in the past "mute_time": "2020-04-01 06:30:46AM", // Will appear only if muted or has been muted in the past "mute_by": "developer@netskope.com", // Will appear only if muted or has been muted in the past "auto_remediation_status": "errored", "remediation_action_name": "Ensure User does not have Admin Access Privilege", "remediated_by": "auto_remediation", "auto_remediation_time": "2019-08-01 06:54:45AM", "is_auto_remediation": "true", "policies": [ "ak-ar-policy" ], "region_name": "global", "error_msg": "", "last_scan_time": "2019-08-01 06:54:45AM", "tags": [ { "name": "gautami", "value": "1032" }], "compliance_standards": [{ "control": "1", "description": "Audit/log records are determined, documented, implemented, and reviewed in accordance with policy", "section": "PR.PT", "standard": "NIST-CSF-1.1", "reference_url": "https://nvlpubs.nist.gov/nistpubs/CSWP/NIST. CSWP.04162018.pdf" }, { "control": "9", "description": "Ensure a log metric filter and alarm exist for AWS Config configuration changes", "appname": "aws", "section": "3", "standard": "CIS-AWSFND-1.2.0", "reference_url": "https://www.cisecurity.org/benchmark/amazon_web_ services/" } ] }