Netskope Help

View Security Assessment Violations

Use this endpoint to get the security assessment violations from the latest scan or as a snapshot of time. This endpoint also replicates the input and output shown at Cloud Infrastructure > Compliance > Raw Findings.

Request Endpoint
https://<tenant-name>.goskope.com/api/v1/security_assessment

Valid parameters are:

Key

Value

Description

account_id

URL-encoded string

The Iaas platform provider account ID.

account_name

URL-encoded string

The Iaas platform provider account name.

cloud_provider

azure | aws | googlecloud

The IaaS platform provider.

policy_name

URL-encoded string

The Security Assessment policy name.

profile_name

URL-encoded string

The Security Assessment profile name. 

rule_name

URL-encoded string

The Security Assessment rule name.

resource_category

URL-encoded string

The asset category set by Netskope per account resource.

resource_id

URL-encoded string

The asset identifier created by the IaaS platform provider.

resource_name

URL-encoded string

The IaaS instance name.

resource_type

URL-encoded string

The resource type set by Netskope per account resource.

tag_name

URL-encoded string

The tag name set in the Iaas platform provider account resource. Must also supply tag value.

tag_value

URL-encoded string

The tag value set in the Iaas platform provider account resource. Must also supply tag name.

remediated_by

AutoRemediation | OnDemandRemediation

How the policy violation was remediated.

last_remediation_status

None | Started | Completed | Errored

Last remediation status. None means not any the other three options.

as_of

Integer

Epoch time of results at that time. Default is the time of the request when not supplied, and is GMT time.

severity

Critical | High | Medium | Low

The Security Assessment rule severity.

limit

Positive integer less than 10000

Required.

REST API responses can return up to 10000 events in a single response. You can use pagination to retrieve more results.

skip

Positive integer

Skip over some of the events (useful for pagination in combination with limit).

status

Passed | Failed

The Security Assessment status.

muted

Yes | No

Returns either muted or unmuted findings.

compliance_standard

URL-encoded string

The name of the compliance standard, like CIS-AWSFND-1.2.0, NIST-CSF, etc.

region

For Azure, some possible values are:

  • all

  • global

  • eastus

  • northcentralus

  • westus

  • centralindia

  • centralus

  • australiacentral

For AWS, possible values are: 

  • global

  • ap-south-1

  • ap-northeast-2

  • ap-southeast-1

  • ap-southeast-2

  • ap-northeast-1

  • ca-central-1

  • eu-central-1

  • eu-west-1

  • eu-west-2

  • eu-west-3

  • eu-north-1

  • me-south-1

  • us-east-1

  • us-east-2

  • us-west-1

  • us-west-2

For Google Cloud, some possible values are:

  • asia-east1

  • asia-east2

  • asia-northeast1

  • asia-southeast1

  • asia-south1

  • europe-north1

  • europe-west1

  • europe-west2

  • europe-west3

  • europe-west4

  • northamerica-northeast1

  • southamerica-east1

  • us-central1

  • us-east1

  • us-east4

  • us-west1

  • us-west2

The location reference

Example Request with Response
curl -X GET 'https://<tenant-name>.goskope.com/api/v1/security_assessment?token=5f8a08f99d40d9b0130dd43798n5n5n&platform=aws&limit=1&skip=0’

{
    "status": "success",
    "msg": "",
    "data": [
        {
            "status": "Passed",
            "account_name": "Rel66AWS",
            "account_id": "215406114230",
            "rule_name": "BPR-AWS | Ensure no user has AdminAccess policy",
            "remediation_steps": "Not Available",
            "resource_name": "gauthami",
            "resource_id": "gauthami",
            "resource_type": "User",
            "resource_category": "Identity",
            "severity": "High",
            "failing_since": "2020-02-12 02:30:17AM", 
             // Will appear only if status = Failed    
            "mute": "true",
             // Will appear only if muted or has been muted in the past        
            "cloud_provider": "AWS",
            "profiles": [
                "AWS Best Practices v1.0.0"
            ],
            "mute_until": "2020-04-14 07:00:00AM",
            // Will appear only if muted or has been muted in the past
            "mute_time": "2020-04-01 06:30:46AM",
            // Will appear only if muted or has been muted in the past               
            "mute_by": "developer@netskope.com",
            // Will appear only if muted or has been muted in the past
            "auto_remediation_status": "errored",
            "remediation_action_name": "Ensure User does not have Admin Access Privilege",
            "remediated_by": "auto_remediation",
            "auto_remediation_time": "2019-08-01 06:54:45AM",
            "is_auto_remediation": "true",
            "policies": [
                "ak-ar-policy"
            ],
            "region_name": "global",
            "error_msg": "",
            "last_scan_time": "2019-08-01 06:54:45AM",
            "tags": [
                {
                    "name": "gautami",
                    "value": "1032"
            }],    
            "compliance_standards": [{ 
                "control": "1",
                "description": "Audit/log records are determined, documented, implemented, and reviewed in accordance with policy",           
                "section": "PR.PT",
                "standard": "NIST-CSF-1.1",
                "reference_url": "https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.
CSWP.04162018.pdf"
                },
                {            
                "control": "9",            
                "description": "Ensure a log metric filter and alarm exist for AWS Config configuration changes",
                "appname": "aws",
                "section": "3",
                "standard": "CIS-AWSFND-1.2.0",            
                "reference_url": "https://www.cisecurity.org/benchmark/amazon_web_
services/"        
                }
           ]
}