GET/cspm/checks
This API returns information on checks made on the scan accounts in your company.
Request
Format
GET /cspm/checks?results=<string>&severities=<string>&statuses=<string>&scans=<string>&scan_groups=<string>&rules=<string>&resources=<string>&resource_types=<string>&system_compliance=<string>
Parameters
Parameter | Type | Optional | Description |
---|---|---|---|
| Array of Strings | Yes | The ID of the check you want to display information for. If this parameter is not specified in the request, the response will include information for all the checks performed on your scan accounts. |
| Array of Strings | Yes | Return checks with these results. Possible values: |
| Array of Strings | Yes | Return checks that resulted in findings being created with these severities. Possible values: |
| Array of Strings | Yes | Return checks that resulted in findings being created with this statuses. Possible values: |
| Array of Strings | Yes | Return checks performed on these scan accounts. |
| Array of Strings | Yes | Return checks performed on these scan groups. |
| Array of Strings | Yes | Return checks based on these rules. |
| Array of Strings | Yes | Return checks that involved these resources. |
| Array of Strings | Yes | Return checks that involved resources of these types. |
| Array of Strings | Yes | Return checks related to these compliance standards. |
Examples
Request information on all recent checks made on your cloud scans:
GET /cspm/checks
Request information on check 0015c4a9-82b9-4a40-9bf4-55130c******
:
GET /cspm/checks/0015c4a9-82b9-4a40-9bf4-55130c******
Request all checks that resulted in findings with the high
severity score and involved scans made Configuration Recorder
resource types.
GET /cspm/checks?severities=high&resource_types=Configuration Recorder
Response
Format
{ "data": [ { "id": "string", "type": "check", "attributes": { "resource_region": "string", "resource_id": "string", "resource_name": "string", "resource_type": "string", "result": "pass", "severity": "informational", "status": "open", "created_at": "2024-01-04T16:23:10.219Z", "scan_name": "string", "scan_group_name": "string", "title": "string", "description": "string", "original_severity": "informational" }, "relationships": { "scan": { "data": { "id": "3fa85f64-5717-4562-b3fc-2c963f******", "type": "scan" } }, "scan_group": { "data": { "id": "3fa85f64-5717-4562-b3fc-2c963f******", "type": "scan_group" } }, "rule": { "data": { "id": "3fa85f64-5717-4562-b3fc-2c963f******", "type": "rule", "meta": { "name": "string", "version": 0 } } }, "controls": { "data": [ { "id": "string", "type": "control", "meta": { "compliance_type": "system_compliance", "compliance_id": "string", "section_id": "string" } } ] } }, "links": { "self": "string" } } ], "links": { "self": "string", "next": "string" }, "meta": { "total": 0, "elapsed": 0 } }
Attributes
This endpoint returns an object containing multiple attributes:
Attribute | Type | Description |
---|---|---|
| Array | A list of attributes containing information on a specific check. |
| String | The ID of the check. |
| String | The type entity described by the object. Possible values: |
| Array | Provides check information. |
| String | The region where the resource involved in the scan are located. |
| String | The ID of the resource involved in the scan. |
| String | The name of the resource involved in the scan. |
| String | The type of the resource involved in the scan. |
| String | The result of the scan. Possible values: A |
| String | The severity assigned to the finding that was created as a result of the scan. Possible values: |
| String | The current status of the finding that was created as a result of the scan. Possible values: |
| String | The time and date the finding was created. |
| String | The name of the scan account that was scanned. |
| String | The name of the scan group the scan account that was scanned belonged to. |
| String | The title of the the finding that was created as a result of the scan. |
| String | The description of the the finding that was created as a result of the scan. |
| String | The severity originally assigned to the finding that was created as a result of the scan. Possible values: |
| Object | A list of related entities. |
| Object | Contains information on the scan account the check was performed on. |
| Array of Strings | A list providing information on the related scan account. |
| String | The ID of the related scan account. |
| String | The type of the related entity. Possible value: |
| Object | Contains information on the scan group the check was performed on. |
| Array of Strings | A list providing information on the related scan group. |
| String | The ID of the related scan group. |
| String | The type of the related entity. Possible value: |
| Object | Contains information on the rule the scan was based on. |
| Object | A list providing information on the related rule. |
| String | The ID of the related rule. |
| String | The type of the related entity. Possible value: |
| Object | Provides overall information regarding the related rule. |
| String | The name of the related rule. |
| Integer | The version of the related rule at the time of the request. |
| Object | A list of controls the scan was based on. |
| Object | A list providing information regarding the related entity. |
| String | The ID of the related control. |
| String | The type of the related entity. Possible values: |
| Array of Strings | Provides overall information regarding the related control. |
| String | The type of the related entity. Possible values: |
| String | The ID of the standard the control belongs to. |
| String | The ID of the section the control belongs to. |
| Array | Provides links relevant to this section. |
| String | A direct link this section. |
The below attributes are returned only when requesting information for all checks performed on your scan accounts (no | ||
| Array | Provides links that allow you navigate between pages. |
| String | A direct link the information for this check. |
| String | A direct link the information for the next check returned by the request. |
| Array of Integers | Provides overall information regarding to the information returned by the request. |
| Integer | The total number of results returned by your request. |
| Integer | The number of results you have viewed, including the one being displayed. |
Examples
Request information on all checks made on your scan accounts:
{ "data": [ { "id": "0015c4a9-82b9-4a40-9bf4-55130c******", "type": "check", "attributes": { "resource_region": "ap-southeast-1", "resource_id": "arn:aws:ec2:ap-southeast-1:829960215***:security-group/sg-06c75b15c86d92***", "resource_name": "sg-06c75b15c86d92***", "resource_type": "EC2 Security Group", "result": "pass", "severity": "medium", "status": null, "created_at": "2023-12-31T17:08:45+00:00", "scan_name": "[Staging] ****** AWS Account", "scan_group_name": "demo-group", "title": "Unrestricted EC2 Security Group Ingress Rule - MSSQL Access", "description": "It was discovered that one or more AWS EC2 security groups declare unrestricted ingress access to MSSQL. MSSQL runs on TCP port 1433 by default.\n\nA security group acts as a virtual firewall for an instance to control inbound and outbound traffic. When launching an instance in a VPC, it is possible to assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level.", "original_severity": "medium" }, "relationships": { "scan": { "data": { "id": "3c807067-4097-43ac-82d7-4ee2ef******", "type": "scan" } }, "scan_group": { "data": { "id": "16beea3e-d011-4c0c-932c-8d8e53******", "type": "scan_group" } }, "rule": { "data": { "id": "407928a2-6539-4eb2-abe5-959613******", "type": "rule", "meta": { "name": "cloud_scan/aws/ec2/security_group_unrestricted_ingress_access_mssql", "version": 1 } } }, "controls": { "data": [ { "id": "CM-7", "type": "control", "meta": { "compliance_type": "system_compliance", "compliance_id": "nist-sp-800-53-r5", "section_id": "CM" } }, { "id": "I.c.2.h", "type": "control", "meta": { "compliance_type": "system_compliance", "compliance_id": "seojk-29-2022", "section_id": "I" } }, { "...": "..." } ] } }, "links": { "self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/checks/0015c4a9-82b9-4a40-9bf4-55130c******" } }, { "id": "001c7b5e-26c3-41e3-94f3-f88360******", "type": "check", "attributes": { "resource_region": "eu-north-1", "resource_id": null, "resource_name": null, "resource_type": "Configuration Recorder", "result": "pass", "severity": "medium", "status": null, "created_at": "2023-12-31T17:08:45+00:00", "scan_name": "[Staging] ****** AWS Account", "scan_group_name": "demo-group", "title": "Config Log File Delivery Failing", "description": "It was discovered that one or more Config Configuration Recorder failed to delivery log files to their assigned S3 bucket.\n\nAWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.\n\nAWS Config delivers configuration items of the AWS resources that AWS Config is recording to the Amazon S3 bucket that you specified when you configured your delivery channel.\n\nUsually AWS Config fails to delivery its log files to the specified S3 Bucket for a variety of reasons\n- S3 Bucket is missing\n- IAM Role which it is using is missing or not authorized to access the S3 Bucket ", "original_severity": "medium" }, "relationships": { "scan": { "data": { "id": "3c807067-4097-43ac-82d7-4ee2ef******", "type": "scan" } }, "scan_group": { "data": { "id": "16beea3e-d011-4c0c-932c-8d8e53******", "type": "scan_group" } }, "rule": { "data": { "id": "d660659c-acea-4b0d-bc7a-fa2acd******", "type": "rule", "meta": { "name": "cloud_scan/aws/config/log_files_delivery_failing", "version": 1 } } }, "controls": { "data": [ { "id": "7.3.2", "type": "control", "meta": { "compliance_type": "system_compliance", "compliance_id": "seojk-21", "section_id": "7" } }, { "id": "2.9.4", "type": "control", "meta": { "compliance_type": "system_compliance", "compliance_id": "korean-isms-p", "section_id": "2.9" } }, { "...": "..." } ] } }, "links": { "self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/checks/001c7b5e-26c3-41e3-94f3-f88360******" } }, { "...": "..." } ], "links": { "self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/checks?page_limit=500", "next": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/checks?page_cursor=eyJ0b3RhbCI6IDMwODE3LCAiZWxhcHNlZCI6IDUwMCwgIm5vX2xhdGVyX3RoYW4iOiAiMjAyNC0wMS0xNFQwNjo0NzoxNS40OTQwNDAiLCAibmV4dF9iZWdpbl91aWQiOiAiMTIwMzQyODctYjdkZC00NmZhLWE5Y2YtMmY2OTdiYmZlNGRjIn0%3D&page_limit=500" }, "meta": { "total": 30817, "elapsed": 500 } }
Information was requested for check 0015c4a9-82b9-4a40-9bf4-55130c******
:
{ "data": { "id": "0015c4a9-82b9-4a40-9bf4-55130c******", "type": "check", "attributes": { "resource_region": "ap-southeast-1", "resource_id": "arn:aws:ec2:ap-southeast-1:829960215***:security-group/sg-06c75b15c86d92***", "resource_name": "sg-06c75b15c86d92***", "resource_type": "EC2 Security Group", "result": "pass", "severity": "medium", "status": null, "created_at": "2023-12-31T17:08:45+00:00", "scan_name": "[Staging] ****** AWS Account", "scan_group_name": "demo-group", "title": "Unrestricted EC2 Security Group Ingress Rule - MSSQL Access", "description": "It was discovered that one or more AWS EC2 security groups declare unrestricted ingress access to MSSQL. MSSQL runs on TCP port 1433 by default.\n\nA security group acts as a virtual firewall for an instance to control inbound and outbound traffic. When launching an instance in a VPC, it is possible to assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level.", "original_severity": "medium" }, "relationships": { "scan": { "data": { "id": "3c807067-4097-43ac-82d7-4ee2ef******", "type": "scan" } }, "scan_group": { "data": { "id": "16beea3e-d011-4c0c-932c-8d8e53******", "type": "scan_group" } }, "rule": { "data": { "id": "407928a2-6539-4eb2-abe5-959613******", "type": "rule", "meta": { "name": "cloud_scan/aws/ec2/security_group_unrestricted_ingress_access_mssql", "version": 1 } } }, "controls": { "data": [ { "id": "CC6.0.24", "type": "control", "meta": { "compliance_type": "system_compliance", "compliance_id": "sg-pdpa-26-2012", "section_id": "CC6" } }, { "id": "IV.2.17", "type": "control", "meta": { "compliance_type": "system_compliance", "compliance_id": "pojk-11-2022", "section_id": "IV" } }, { "...": "..." } ] } }, "links": { "self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/checks/0015c4a9-82b9-4a40-9bf4-55130c******" } } }
Information was requested on checks that resulted in findings with the high
severity score and involved scans made Configuration Recorder
resource types:
{ "data": [ { "id": "05dcf14e-8ef5-470b-811b-b27052******", "type": "check", "attributes": { "resource_region": "ap-south-1", "resource_id": null, "resource_name": null, "resource_type": "Configuration Recorder", "result": "fail", "severity": "high", "status": "open", "created_at": "2024-01-04T17:06:14+00:00", "scan_name": "chifeng-backyard", "scan_group_name": "Test Scan Group 1", "title": "AWS Config Not Enabled", "description": "It was discovered that AWS Config Service is not enabled and recording in one or more regions. AWS Config keeps track of changes in the configurations made to selected critical AWS resources. ", "original_severity": "high" }, "relationships": { "scan": { "data": { "id": "a76b1756-fde2-4754-8019-af82d9******", "type": "scan" } }, "scan_group": { "data": { "id": "87b1da1d-9ce4-4924-b8b2-5f0b06******", "type": "scan_group" } }, "rule": { "data": { "id": "c4b1c0f5-85d7-42d2-aee1-bb11a7******", "type": "rule", "meta": { "name": "cloud_scan/aws/config/not_in_use", "version": 1 } } }, "controls": { "data": [ { "id": "4.1.1", "type": "control", "meta": { "compliance_type": "system_compliance", "compliance_id": "ccop-v2", "section_id": "4" } }, { "id": "CM-8(2)", "type": "control", "meta": { "compliance_type": "system_compliance", "compliance_id": "nist-sp-800-53-r5", "section_id": "CM" } }, { "...": "..." } ] } }, "links": { "self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/checks/05dcf14e-8ef5-470b-811b-b27052******" } }, { "id": "14c592c3-1b3f-4b1f-ae62-e77dc810b79f", "type": "check", "attributes": { "resource_region": "eu-west-3", "resource_id": null, "resource_name": null, "resource_type": "Configuration Recorder", "result": "fail", "severity": "high", "status": "open", "created_at": "2024-01-04T17:06:14+00:00", "scan_name": "chifeng-backyard", "scan_group_name": "Test Scan Group 1", "title": "AWS Config Not Enabled", "description": "It was discovered that AWS Config Service is not enabled and recording in one or more regions. AWS Config keeps track of changes in the configurations made to selected critical AWS resources. ", "original_severity": "high" }, "relationships": { "scan": { "data": { "id": "a76b1756-fde2-4754-8019-af82d9******", "type": "scan" } }, "scan_group": { "data": { "id": "87b1da1d-9ce4-4924-b8b2-5f0b06******", "type": "scan_group" } }, "rule": { "data": { "id": "c4b1c0f5-85d7-42d2-aee1-bb11a7******", "type": "rule", "meta": { "name": "cloud_scan/aws/config/not_in_use", "version": 1 } } }, "controls": { "data": [ { "id": "4.1.1", "type": "control", "meta": { "compliance_type": "system_compliance", "compliance_id": "ccop-v2", "section_id": "4" } }, { "id": "CM-8(2)", "type": "control", "meta": { "compliance_type": "system_compliance", "compliance_id": "nist-sp-800-53-r5", "section_id": "CM" } }, { "...": "..." } ] } }, "links": { "self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/checks/14c592c3-1b3f-4b1f-ae62-e77dc810b79f" } }, { "...": "..." } ], "links": { "self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/checks?severities=high&page_limit=500&resource_types=Configuration+Recorder", "next": null }, "meta": { "total": 35, "elapsed": 35 } }