View Security Assessment Violations

View Security Assessment Violations

Use this endpoint to get the security assessment violations from the latest scan or as a snapshot of time. This endpoint also replicates the input and output shown at Cloud Infrastructure > Compliance > Raw Findings.

SSPM V1 is deprecated and REST API v1 endpoint is no longer supported for SSPM, instead use the REST API v2 endpoint. Log in to your tenant, navigate to Settings > Tools > REST API v2 and click API Documentation to see the endpoint information.

Request Endpoint

https://<tenant-URL>/api/v1/security_assessment

Valid parameters are:

KeyValueDescription
account_idURL-encoded stringThe Iaas platform provider account ID.
account_nameURL-encoded stringThe Iaas platform provider account name.
cloud_providerazure | aws | googlecloudThe IaaS platform provider.
policy_nameURL-encoded stringThe Security Assessment policy name.
profile_nameURL-encoded stringThe Security Assessment profile name. 
rule_nameURL-encoded stringThe Security Assessment rule name.
resource_categoryURL-encoded stringThe asset category set by Netskope per account resource.
resource_idURL-encoded stringThe asset identifier created by the IaaS platform provider.
resource_nameURL-encoded stringThe IaaS instance name.
resource_typeURL-encoded stringThe resource type set by Netskope per account resource.
tag_nameURL-encoded stringThe tag name set in the Iaas platform provider account resource. Must also supply tag value.
tag_valueURL-encoded stringThe tag value set in the Iaas platform provider account resource. Must also supply tag name.
remediated_byAutoRemediation | OnDemandRemediationHow the policy violation was remediated.
last_remediation_statusNone | Started | Completed | ErroredLast remediation status. None means not any the other three options.
as_ofIntegerEpoch time of results at that time. Default is the time of the request when not supplied, and is GMT time.
severityCritical | High | Medium | LowThe Security Assessment rule severity.
limitPositive integer less than 10000Required.

REST API responses can return up to 10000 events in a single response. You can use pagination to retrieve more results.

skipPositive integerSkip over some of the events (useful for pagination in combination with limit).
statusPassed | FailedThe Security Assessment status.
mutedYes | NoReturns either muted or unmuted findings.
compliance_standardURL-encoded string The name of the compliance standard, like CIS-AWSFND-1.2.0, NIST-CSF, etc.
regionFor Azure, some possible values are:
  • all
  • global
  • eastus
  • northcentralus
  • westus
  • centralindia
  • centralus
  • australiacentral

For AWS, possible values are: 

  • global
  • ap-south-1
  • ap-northeast-2
  • ap-southeast-1
  • ap-southeast-2
  • ap-northeast-1
  • ca-central-1
  • eu-central-1
  • eu-west-1
  • eu-west-2
  • eu-west-3
  • eu-north-1
  • me-south-1
  • us-east-1
  • us-east-2
  • us-west-1
  • us-west-2

For Google Cloud, some possible values are:

  • asia-east1
  • asia-east2
  • asia-northeast1
  • asia-southeast1
  • asia-south1
  • europe-north1
  • europe-west1
  • europe-west2
  • europe-west3
  • europe-west4
  • northamerica-northeast1
  • southamerica-east1
  • us-central1
  • us-east1
  • us-east4
  • us-west1
  • us-west2
The location reference

Example Request with Response

curl -X GET 'https://<tenant-URL>/api/v1/security_assessment?token=<token>&platform=aws&limit=1&skip=0’

{
    "status": "success",
    "msg": "",
    "data": [
        {
            "status": "Passed",
            "account_name": "Rel66AWS",
            "account_id": "215406114230",
            "rule_name": "BPR-AWS | Ensure no user has AdminAccess policy",
            "remediation_steps": "Not Available",
            "resource_name": "gauthami",
            "resource_id": "gauthami",
            "resource_type": "User",
            "resource_category": "Identity",
            "severity": "High",
            "failing_since": "2020-02-12 02:30:17AM", 
             // Will appear only if status = Failed    
            "mute": "true",
             // Will appear only if muted or has been muted in the past        
            "cloud_provider": "AWS",
            "profiles": [
                "AWS Best Practices v1.0.0"
            ],
            "mute_until": "2020-04-14 07:00:00AM",
            // Will appear only if muted or has been muted in the past
            "mute_time": "2020-04-01 06:30:46AM",
            // Will appear only if muted or has been muted in the past               
            "mute_by": "developer@netskope.com",
// Will appear only if muted or has been muted in the past
            "auto_remediation_status": "errored",
            "remediation_action_name": "Ensure User does not have Admin Access Privilege",
            "remediated_by": "auto_remediation",
            "auto_remediation_time": "2019-08-01 06:54:45AM",
            "is_auto_remediation": "true",
            "policies": [
                "ak-ar-policy"
            ],
            "region_name": "global",
            "error_msg": "",
            "last_scan_time": "2019-08-01 06:54:45AM",
            "tags": [
                {
                    "name": "gautami",
                    "value": "1032"
            }],    
            "compliance_standards": [{ 
                "control": "1",
                "description": "Audit/log records are determined, documented, implemented, and reviewed in accordance with policy",           
                "section": "PR.PT",
                "standard": "NIST-CSF-1.1",
                "reference_url": "https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.
CSWP.04162018.pdf"
                },
                {            
                "control": "9",            
                "description": "Ensure a log metric filter and alarm exist for AWS Config configuration changes",
                "appname": "aws",
                "section": "3",
                "standard": "CIS-AWSFND-1.2.0",            
                "reference_url": "https://www.cisecurity.org/benchmark/amazon_web_
services/"        
                }
           ]
}
Share this Doc

View Security Assessment Violations

Or copy link

In this topic ...