View Security Assessment Violations
View Security Assessment Violations
Use this endpoint to get the security assessment violations from the latest scan or as a snapshot of time. This endpoint also replicates the input and output shown at Cloud Infrastructure > Compliance > Raw Findings.
SSPM V1 is deprecated and REST API v1 endpoint is no longer supported for SSPM, instead use the REST API v2 endpoint. Log in to your tenant, navigate to Settings > Tools > REST API v2 and click API Documentation to see the endpoint information.
Request Endpoint
https://<tenant-URL>/api/v1/security_assessment
Valid parameters are:
Key | Value | Description |
---|---|---|
account_id | URL-encoded string | The Iaas platform provider account ID. |
account_name | URL-encoded string | The Iaas platform provider account name. |
cloud_provider | azure | aws | googlecloud | The IaaS platform provider. |
policy_name | URL-encoded string | The Security Assessment policy name. |
profile_name | URL-encoded string | The Security Assessment profile name. |
rule_name | URL-encoded string | The Security Assessment rule name. |
resource_category | URL-encoded string | The asset category set by Netskope per account resource. |
resource_id | URL-encoded string | The asset identifier created by the IaaS platform provider. |
resource_name | URL-encoded string | The IaaS instance name. |
resource_type | URL-encoded string | The resource type set by Netskope per account resource. |
tag_name | URL-encoded string | The tag name set in the Iaas platform provider account resource. Must also supply tag value. |
tag_value | URL-encoded string | The tag value set in the Iaas platform provider account resource. Must also supply tag name. |
remediated_by | AutoRemediation | OnDemandRemediation | How the policy violation was remediated. |
last_remediation_status | None | Started | Completed | Errored | Last remediation status. None means not any the other three options. |
as_of | Integer | Epoch time of results at that time. Default is the time of the request when not supplied, and is GMT time. |
severity | Critical | High | Medium | Low | The Security Assessment rule severity. |
limit | Positive integer less than 10000 | Required. REST API responses can return up to 10000 events in a single response. You can use pagination to retrieve more results. |
skip | Positive integer | Skip over some of the events (useful for pagination in combination with limit). |
status | Passed | Failed | The Security Assessment status. |
muted | Yes | No | Returns either muted or unmuted findings. |
compliance_standard | URL-encoded string | The name of the compliance standard, like CIS-AWSFND-1.2.0, NIST-CSF, etc. |
region | For Azure, some possible values are:
For AWS, possible values are:
For Google Cloud, some possible values are:
| The location reference |
Example Request with Response
curl -X GET 'https://<tenant-URL>/api/v1/security_assessment?token=<token>&platform=aws&limit=1&skip=0’ { "status": "success", "msg": "", "data": [ { "status": "Passed", "account_name": "Rel66AWS", "account_id": "215406114230", "rule_name": "BPR-AWS | Ensure no user has AdminAccess policy", "remediation_steps": "Not Available", "resource_name": "gauthami", "resource_id": "gauthami", "resource_type": "User", "resource_category": "Identity", "severity": "High", "failing_since": "2020-02-12 02:30:17AM", // Will appear only if status = Failed "mute": "true", // Will appear only if muted or has been muted in the past "cloud_provider": "AWS", "profiles": [ "AWS Best Practices v1.0.0" ], "mute_until": "2020-04-14 07:00:00AM", // Will appear only if muted or has been muted in the past "mute_time": "2020-04-01 06:30:46AM", // Will appear only if muted or has been muted in the past "mute_by": "developer@netskope.com", // Will appear only if muted or has been muted in the past "auto_remediation_status": "errored", "remediation_action_name": "Ensure User does not have Admin Access Privilege", "remediated_by": "auto_remediation", "auto_remediation_time": "2019-08-01 06:54:45AM", "is_auto_remediation": "true", "policies": [ "ak-ar-policy" ], "region_name": "global", "error_msg": "", "last_scan_time": "2019-08-01 06:54:45AM", "tags": [ { "name": "gautami", "value": "1032" }], "compliance_standards": [{ "control": "1", "description": "Audit/log records are determined, documented, implemented, and reviewed in accordance with policy", "section": "PR.PT", "standard": "NIST-CSF-1.1", "reference_url": "https://nvlpubs.nist.gov/nistpubs/CSWP/NIST. CSWP.04162018.pdf" }, { "control": "9", "description": "Ensure a log metric filter and alarm exist for AWS Config configuration changes", "appname": "aws", "section": "3", "standard": "CIS-AWSFND-1.2.0", "reference_url": "https://www.cisecurity.org/benchmark/amazon_web_ services/" } ] }