Skip to main content

GET/cspm/checks

This API returns information on checks made on the scan accounts in your company.

Request

Format

GET /cspm/checks?results=<string>&severities=<string>&statuses=<string>&scans=<string>&scan_groups=<string>&rules=<string>&resources=<string>&resource_types=<string>&system_compliance=<string>

Parameters

Parameter

Type

Optional

Description

id

Array of Strings

Yes

The ID of the check you want to display information for.

If this parameter is not specified in the request, the response will include information for all the checks performed on your scan accounts.

results

Array of Strings

Yes

Return checks with these results.

Possible values: pass, fail.

severities

Array of Strings

Yes

Return checks that resulted in findings being created with these severities.

Possible values: informational, low, medium, high, critical.

statuses

Array of Strings

Yes

Return checks that resulted in findings being created with this statuses.

Possible values: open, remediated, risk_accepted, false_positive, needs_review.

scans

Array of Strings

Yes

Return checks performed on these scan accounts.

scan_groups

Array of Strings

Yes

Return checks performed on these scan groups.

rules

Array of Strings

Yes

Return checks based on these rules.

resources

Array of Strings

Yes

Return checks that involved these resources.

resource_types

Array of Strings

Yes

Return checks that involved resources of these types.

system_compliance

Array of Strings

Yes

Return checks related to these compliance standards.

Examples

Request information on all recent checks made on your cloud scans:

GET /cspm/checks

Request information on check 0015c4a9-82b9-4a40-9bf4-55130c******:

GET /cspm/checks/0015c4a9-82b9-4a40-9bf4-55130c******

Request all checks that resulted in findings with the high severity score and involved scans made Configuration Recorder resource types.

GET /cspm/checks?severities=high&resource_types=Configuration Recorder

Response

Format

{
  "data": [
    {
      "id": "string",
      "type": "check",
      "attributes": {
        "resource_region": "string",
        "resource_id": "string",
        "resource_name": "string",
        "resource_type": "string",
        "result": "pass",
        "severity": "informational",
        "status": "open",
        "created_at": "2024-01-04T16:23:10.219Z",
        "scan_name": "string",
        "scan_group_name": "string",
        "title": "string",
        "description": "string",
        "original_severity": "informational"
      },
      "relationships": {
        "scan": {
          "data": {
            "id": "3fa85f64-5717-4562-b3fc-2c963f******",
            "type": "scan"
          }
        },
        "scan_group": {
          "data": {
            "id": "3fa85f64-5717-4562-b3fc-2c963f******",
            "type": "scan_group"
          }
        },
        "rule": {
          "data": {
            "id": "3fa85f64-5717-4562-b3fc-2c963f******",
            "type": "rule",
            "meta": {
              "name": "string",
              "version": 0
            }
          }
        },
        "controls": {
          "data": [
            {
              "id": "string",
              "type": "control",
              "meta": {
                "compliance_type": "system_compliance",
                "compliance_id": "string",
                "section_id": "string"
              }
            }
          ]
        }
      },
      "links": {
        "self": "string"
      }
    }
  ],
  "links": {
    "self": "string",
    "next": "string"
  },
  "meta": {
    "total": 0,
    "elapsed": 0
  }
}

Attributes

This endpoint returns an object containing multiple attributes:

Attribute

Type

Description

data

Array

A list of attributes containing information on a specific check.

    id

String

The ID of the check.

    type

String

The type entity described by the object.

Possible values: check.

    attributes

Array

Provides check information.

        resource_region

String

The region where the resource involved in the scan are located.

        resource_id

String

The ID of the resource involved in the scan.

        resource_name

String

The name of the resource involved in the scan.

        resource_type

String

The type of the resource involved in the scan.

        result

String

The result of the scan.

Possible values: pass, fail.

A fail value indicates that a finding has been created as a result of the scan.

        severity

String

The severity assigned to the finding that was created as a result of the scan.

Possible values: informational, low, medium, high, critical.

        status

String

The current status of the finding that was created as a result of the scan.

Possible values: open, remediated, risk_accepted, false_positive, needs_review.

        created_at

String

The time and date the finding was created.

        scan_name

String

The name of the scan account that was scanned.

        scan_group_name

String

The name of the scan group the scan account that was scanned belonged to.

        title

String

The title of the the finding that was created as a result of the scan.

        description

String

The description of the the finding that was created as a result of the scan.

        original_severity

String

The severity originally assigned to the finding that was created as a result of the scan.

Possible values: informational, low, medium, high, critical.

    relationships

Object

A list of related entities.

        scans

Object

Contains information on the scan account the check was performed on.

            data

Array of Strings

A list providing information on the related scan account.

                id

String

The ID of the related scan account.

                type

String

The type of the related entity.

Possible value: scan.

        scans

Object

Contains information on the scan group the check was performed on.

            data

Array of Strings

A list providing information on the related scan group.

                id

String

The ID of the related scan group.

                type

String

The type of the related entity.

Possible value: scan_group.

        rule

Object

Contains information on the rule the scan was based on.

            data

Object

A list providing information on the related rule.

                id

String

The ID of the related rule.

                type

String

The type of the related entity.

Possible value: rule

                meta

Object

Provides overall information regarding the related rule.

                  name

String

The name of the related rule.

                  version

Integer

The version of the related rule at the time of the request.

        controls

Object

A list of controls the scan was based on.

            data

Object

A list providing information regarding the related entity.

                id

String

The ID of the related control.

                type

String

The type of the related entity.

Possible values: control.

                meta

Array of Strings

Provides overall information regarding the related control.

                  compliance_type

String

The type of the related entity.

Possible values: system_compliance.

                  compliance_id

String

The ID of the standard the control belongs to.

                  section_id

String

The ID of the section the control belongs to.

    links

Array

Provides links relevant to this section.

        self

String

A direct link this section.

The below attributes are returned only when requesting information for all checks performed on your scan accounts (no id is specified in the request.

links

Array

Provides links that allow you navigate between pages.

    self

String

A direct link the information for this check.

    next

String

A direct link the information for the next check returned by the request.

meta

Array of Integers

Provides overall information regarding to the information returned by the request.

    total

Integer

The total number of results returned by your request.

    elapsed

Integer

The number of results you have viewed, including the one being displayed.

Examples

Request information on all checks made on your scan accounts:

{
    "data": [
        {
            "id": "0015c4a9-82b9-4a40-9bf4-55130c******",
            "type": "check",
            "attributes": {
                "resource_region": "ap-southeast-1",
                "resource_id": "arn:aws:ec2:ap-southeast-1:829960215***:security-group/sg-06c75b15c86d92***",
                "resource_name": "sg-06c75b15c86d92***",
                "resource_type": "EC2 Security Group",
                "result": "pass",
                "severity": "medium",
                "status": null,
                "created_at": "2023-12-31T17:08:45+00:00",
                "scan_name": "[Staging] ****** AWS Account",
                "scan_group_name": "demo-group",
                "title": "Unrestricted EC2 Security Group Ingress Rule - MSSQL Access",
                "description": "It was discovered that one or more AWS EC2 security groups declare unrestricted ingress access to MSSQL. MSSQL runs on TCP port 1433 by default.\n\nA security group acts as a virtual firewall for an instance to control inbound and outbound traffic. When launching an instance in a VPC, it is possible to assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level.",
                "original_severity": "medium"
            },
            "relationships": {
                "scan": {
                    "data": {
                        "id": "3c807067-4097-43ac-82d7-4ee2ef******",
                        "type": "scan"
                    }
                },
                "scan_group": {
                    "data": {
                        "id": "16beea3e-d011-4c0c-932c-8d8e53******",
                        "type": "scan_group"
                    }
                },
                "rule": {
                    "data": {
                        "id": "407928a2-6539-4eb2-abe5-959613******",
                        "type": "rule",
                        "meta": {
                            "name": "cloud_scan/aws/ec2/security_group_unrestricted_ingress_access_mssql",
                            "version": 1
                        }
                    }
                },
                "controls": {
                    "data": [
                        {
                            "id": "CM-7",
                            "type": "control",
                            "meta": {
                                "compliance_type": "system_compliance",
                                "compliance_id": "nist-sp-800-53-r5",
                                "section_id": "CM"
                            }
                        },
                        {
                            "id": "I.c.2.h",
                            "type": "control",
                            "meta": {
                                "compliance_type": "system_compliance",
                                "compliance_id": "seojk-29-2022",
                                "section_id": "I"
                            }
                        },
                        {
                            "...": "..."
                        }

                                            ]
                }
            },
            "links": {
                "self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/checks/0015c4a9-82b9-4a40-9bf4-55130c******"
            }
        },
        {
            "id": "001c7b5e-26c3-41e3-94f3-f88360******",
            "type": "check",
            "attributes": {
                "resource_region": "eu-north-1",
                "resource_id": null,
                "resource_name": null,
                "resource_type": "Configuration Recorder",
                "result": "pass",
                "severity": "medium",
                "status": null,
                "created_at": "2023-12-31T17:08:45+00:00",
                "scan_name": "[Staging] ****** AWS Account",
                "scan_group_name": "demo-group",
                "title": "Config Log File Delivery Failing",
                "description": "It was discovered that one or more Config Configuration Recorder failed to delivery log files to their assigned S3 bucket.\n\nAWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.\n\nAWS Config delivers configuration items of the AWS resources that AWS Config is recording to the Amazon S3 bucket that you specified when you configured your delivery channel.\n\nUsually AWS Config fails to delivery its log files to the specified S3 Bucket for a variety of reasons\n- S3 Bucket is missing\n- IAM Role which it is using is missing or not authorized to access the S3 Bucket ",
                "original_severity": "medium"
            },
            "relationships": {
                "scan": {
                    "data": {
                        "id": "3c807067-4097-43ac-82d7-4ee2ef******",
                        "type": "scan"
                    }
                },
                "scan_group": {
                    "data": {
                        "id": "16beea3e-d011-4c0c-932c-8d8e53******",
                        "type": "scan_group"
                    }                },
                "rule": {
                    "data": {
                        "id": "d660659c-acea-4b0d-bc7a-fa2acd******",
                        "type": "rule",
                        "meta": {
                            "name": "cloud_scan/aws/config/log_files_delivery_failing",
                            "version": 1
                        }
                    }
                },
                "controls": {
                    "data": [
                        {
                            "id": "7.3.2",
                            "type": "control",
                            "meta": {
                                "compliance_type": "system_compliance",
                                "compliance_id": "seojk-21",
                                "section_id": "7"
                            }
                        },
                        {
                            "id": "2.9.4",
                            "type": "control",
                            "meta": {
                                "compliance_type": "system_compliance",
                                "compliance_id": "korean-isms-p",
                                "section_id": "2.9"
                            }
                        },
                        {
                            "...": "..."
                        }

                                            ]
                }
            },
            "links": {
                "self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/checks/001c7b5e-26c3-41e3-94f3-f88360******"
            }
        },
        {
            "...": "..."
        }
    ],
    "links": {
        "self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/checks?page_limit=500",
        "next": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/checks?page_cursor=eyJ0b3RhbCI6IDMwODE3LCAiZWxhcHNlZCI6IDUwMCwgIm5vX2xhdGVyX3RoYW4iOiAiMjAyNC0wMS0xNFQwNjo0NzoxNS40OTQwNDAiLCAibmV4dF9iZWdpbl91aWQiOiAiMTIwMzQyODctYjdkZC00NmZhLWE5Y2YtMmY2OTdiYmZlNGRjIn0%3D&page_limit=500"
    },
    "meta": {
        "total": 30817,
        "elapsed": 500
    }
}

Information was requested for check 0015c4a9-82b9-4a40-9bf4-55130c******:

{
    "data": {
        "id": "0015c4a9-82b9-4a40-9bf4-55130c******",
        "type": "check",
        "attributes": {
            "resource_region": "ap-southeast-1",
            "resource_id": "arn:aws:ec2:ap-southeast-1:829960215***:security-group/sg-06c75b15c86d92***",
            "resource_name": "sg-06c75b15c86d92***",
            "resource_type": "EC2 Security Group",
            "result": "pass",
            "severity": "medium",
            "status": null,
            "created_at": "2023-12-31T17:08:45+00:00",
            "scan_name": "[Staging] ****** AWS Account",
            "scan_group_name": "demo-group",
            "title": "Unrestricted EC2 Security Group Ingress Rule - MSSQL Access",
            "description": "It was discovered that one or more AWS EC2 security groups declare unrestricted ingress access to MSSQL. MSSQL runs on TCP port 1433 by default.\n\nA security group acts as a virtual firewall for an instance to control inbound and outbound traffic. When launching an instance in a VPC, it is possible to assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level.",
            "original_severity": "medium"
        },
        "relationships": {
            "scan": {
                "data": {
                    "id": "3c807067-4097-43ac-82d7-4ee2ef******",
                    "type": "scan"
                }
            },
            "scan_group": {
                "data": {
                    "id": "16beea3e-d011-4c0c-932c-8d8e53******",
                    "type": "scan_group"
                }
            },
            "rule": {
                "data": {
                    "id": "407928a2-6539-4eb2-abe5-959613******",
                    "type": "rule",
                    "meta": {
                        "name": "cloud_scan/aws/ec2/security_group_unrestricted_ingress_access_mssql",
                        "version": 1
                    }
                }
            },
            "controls": {
                "data": [
                    {
                        "id": "CC6.0.24",
                        "type": "control",
                        "meta": {
                            "compliance_type": "system_compliance",
                            "compliance_id": "sg-pdpa-26-2012",
                            "section_id": "CC6"
                        }
                    },
                    {
                        "id": "IV.2.17",
                        "type": "control",
                        "meta": {
                            "compliance_type": "system_compliance",
                            "compliance_id": "pojk-11-2022",
                            "section_id": "IV"
                        }
                    },
                    {
                        "...": "..."
                    }
                ]
            }
        },
        "links": {
            "self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/checks/0015c4a9-82b9-4a40-9bf4-55130c******"
        }
    }
}

Information was requested on checks that resulted in findings with the high severity score and involved scans made Configuration Recorder resource types:

{
    "data": [
        {
            "id": "05dcf14e-8ef5-470b-811b-b27052******",
            "type": "check",
            "attributes": {
                "resource_region": "ap-south-1",
                "resource_id": null,
                "resource_name": null,
                "resource_type": "Configuration Recorder",
                "result": "fail",
                "severity": "high",
                "status": "open",
                "created_at": "2024-01-04T17:06:14+00:00",
                "scan_name": "chifeng-backyard",
                "scan_group_name": "Test Scan Group 1",
                "title": "AWS Config Not Enabled",
                "description": "It was discovered that AWS Config Service is not enabled and recording in one or more regions. AWS Config keeps track of changes in the configurations made to selected critical AWS resources. ",
                "original_severity": "high"
            },
            "relationships": {
                "scan": {
                    "data": {
                        "id": "a76b1756-fde2-4754-8019-af82d9******",
                        "type": "scan"
                    }
                },
                "scan_group": {
                    "data": {
                        "id": "87b1da1d-9ce4-4924-b8b2-5f0b06******",
                        "type": "scan_group"
                    }
                },
                "rule": {
                    "data": {
                        "id": "c4b1c0f5-85d7-42d2-aee1-bb11a7******",
                        "type": "rule",
                        "meta": {
                            "name": "cloud_scan/aws/config/not_in_use",
                            "version": 1
                        }
                    }
                },
                "controls": {
                    "data": [
                        {
                            "id": "4.1.1",
                            "type": "control",
                            "meta": {
                                "compliance_type": "system_compliance",
                                "compliance_id": "ccop-v2",
                                "section_id": "4"
                            }
                        },
                        {
                            "id": "CM-8(2)",
                            "type": "control",
                            "meta": {
                                "compliance_type": "system_compliance",
                                "compliance_id": "nist-sp-800-53-r5",
                                "section_id": "CM"
                            }
                        },
                        {
                            "...": "..." 
                        }
                        ]
                }
            },
            "links": {
                "self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/checks/05dcf14e-8ef5-470b-811b-b27052******"
            }
        },
        {
            "id": "14c592c3-1b3f-4b1f-ae62-e77dc810b79f",
            "type": "check",
            "attributes": {
                "resource_region": "eu-west-3",
                "resource_id": null,
                "resource_name": null,
                "resource_type": "Configuration Recorder",
                "result": "fail",
                "severity": "high",
                "status": "open",
                "created_at": "2024-01-04T17:06:14+00:00",
                "scan_name": "chifeng-backyard",
                "scan_group_name": "Test Scan Group 1",
                "title": "AWS Config Not Enabled",
                "description": "It was discovered that AWS Config Service is not enabled and recording in one or more regions. AWS Config keeps track of changes in the configurations made to selected critical AWS resources. ",
                "original_severity": "high"
            },
            "relationships": {
                "scan": {
                    "data": {
                        "id": "a76b1756-fde2-4754-8019-af82d9******",
                        "type": "scan"
                    }
                },
                "scan_group": {
                    "data": {
                        "id": "87b1da1d-9ce4-4924-b8b2-5f0b06******",
                        "type": "scan_group"
                    }
                },
                "rule": {
                    "data": {
                        "id": "c4b1c0f5-85d7-42d2-aee1-bb11a7******",
                        "type": "rule",
                        "meta": {
                            "name": "cloud_scan/aws/config/not_in_use",
                            "version": 1
                        }
                    }
                },
                "controls": {
                    "data": [
                        {
                            "id": "4.1.1",
                            "type": "control",
                            "meta": {
                                "compliance_type": "system_compliance",
                                "compliance_id": "ccop-v2",
                                "section_id": "4"
                            }
                        },
                        {
                            "id": "CM-8(2)",
                            "type": "control",
                            "meta": {
                                "compliance_type": "system_compliance",
                                "compliance_id": "nist-sp-800-53-r5",
                                "section_id": "CM"
                            }
                        },
						{
                            "...": "..."
                        }
                                            ]
                }
            },
            "links": {
                "self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/checks/14c592c3-1b3f-4b1f-ae62-e77dc810b79f"
            }
        },
        {
            "...": "..."
        }
    ],
    "links": {
        "self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/checks?severities=high&page_limit=500&resource_types=Configuration+Recorder",
        "next": null
    },
    "meta": {
        "total": 35,
        "elapsed": 35
    }
}