From 16deabdeefaa684174341cc653088e8e4400333f Mon Sep 17 00:00:00 2001 From: jrdevore Date: Mon, 9 Sep 2024 14:41:26 -0700 Subject: [PATCH 1/9] RLP-149246 AssetMicroservice data security for DSPM released in 24.9.1 --- openapi-specs/cspm/AssetMicroService.json | 96 +++++++++++++---------- 1 file changed, 56 insertions(+), 40 deletions(-) diff --git a/openapi-specs/cspm/AssetMicroService.json b/openapi-specs/cspm/AssetMicroService.json index 3788ed0b5..211665da1 100644 --- a/openapi-specs/cspm/AssetMicroService.json +++ b/openapi-specs/cspm/AssetMicroService.json @@ -188,8 +188,7 @@ "type": "string" }, "status": { - "type": "integer", - "format": "int32" + "$ref": "#/components/schemas/StatusType" }, "detail": { "type": "string" @@ -198,9 +197,9 @@ "type": "string", "format": "uri" }, - "createdTs": { - "type": "integer", - "format": "int64" + "type": { + "type": "string", + "format": "uri" }, "parameters": { "type": "object", @@ -230,12 +229,12 @@ "StatusType": { "type": "object", "properties": { - "reasonPhrase": { - "type": "string" - }, "statusCode": { "type": "integer", "format": "int32" + }, + "reasonPhrase": { + "type": "string" } } }, @@ -397,7 +396,9 @@ "vulnerabilities_group_by_type", "asset_cwp_vulns", "app_contexts", - "attributes" + "attributes", + "data_security", + "data_security_summary" ] }, "findingType": { @@ -673,37 +674,10 @@ "$ref": "#/components/schemas/AssetWrapper" }, "errors": { - "required": [ - "locations", - "message", - "path", - "pathAsString" - ], - "type": "object", - "properties": { - "message": { - "type": "string" - }, - "path": { - "type": "array", - "items": { - "type": "object" - } - }, - "locations": { - "type": "array", - "items": { - "type": "object" - } - }, - "extensions": { - "$ref": "#/components/schemas/GraphQLErrorExtensions" - }, - "pathAsString": { - "type": "string" - } - }, - "description": "Error Object." + "type": "array", + "items": { + "$ref": "#/components/schemas/GraphQLError" + } } }, "description": "Asset object" @@ -939,6 +913,39 @@ } } }, + "GraphQLError": { + "required": [ + "locations", + "message", + "path", + "pathAsString" + ], + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "path": { + "type": "array", + "items": { + "type": "object" + } + }, + "locations": { + "type": "array", + "items": { + "type": "object" + } + }, + "extensions": { + "$ref": "#/components/schemas/GraphQLErrorExtensions" + }, + "pathAsString": { + "type": "string" + } + }, + "description": "Error Object." + }, "GraphQLErrorDebugInfo": { "required": [ "subquery", @@ -1163,6 +1170,9 @@ "assetCategory": { "type": "string" }, + "dataSecurityServiceProviderId": { + "type": "string" + }, "problem": { "type": "array", "items": { @@ -1448,6 +1458,12 @@ }, "trueInternetExposure": { "type": "string" + }, + "dataSecurity": { + "type": "object", + "additionalProperties": { + "type": "object" + } } }, "description": "Asset Domain Service Object type." From e4fac38caf0785ccc4e2c4067d20118d44dfaa30 Mon Sep 17 00:00:00 2001 From: jrdevore Date: Mon, 9 Sep 2024 14:56:34 -0700 Subject: [PATCH 2/9] Fix spec file parsing issue --- openapi-specs/cspm/AssetMicroService.json | 57 ++++++----------------- 1 file changed, 15 insertions(+), 42 deletions(-) diff --git a/openapi-specs/cspm/AssetMicroService.json b/openapi-specs/cspm/AssetMicroService.json index 211665da1..b3464e203 100644 --- a/openapi-specs/cspm/AssetMicroService.json +++ b/openapi-specs/cspm/AssetMicroService.json @@ -1,14 +1,13 @@ { "openapi": "3.0.1", "info": { - "title": "Prisma Cloud Unified Asset Inventory", - "description": "All assets known to Prisma Cloud with a comprehensive Asset Service", + "title": "APIs to query unified asset", + "description": "APIs to query data from Unified Asset Inventory (UAI)", "contact": { - "name": "Slack Us", - "url": "https://panw-rnd.slack.com/archives/C01DQJBJ7LJ", - "email": "pcs-scrum-platform-da-aaaacvlzsrzhfngxbqrn5mqpre@paloaltonetworks.org.slack.com" + "name": "Platform-Ironman", + "url": "" }, - "version": "V1" + "version": "v1.0" }, "servers": [ { @@ -57,14 +56,19 @@ "url": "https://api.fr.prismacloud.io" } ], + "security": [ + { + "bearerAuth": [] + } + ], "tags": [ { "name": "Asset Lookup", - "description": "All assets known to Prisma Cloud with a comprehensive Asset Service" + "description": "APIs to query data from Unified Asset Inventory (UAI)" }, { "name": "Id Translations", - "description": "All assets known to Prisma Cloud with a comprehensive Asset Service" + "description": "APIs to query data from Unified Asset Inventory (UAI)" } ], "paths": { @@ -74,7 +78,7 @@ "Asset Explorer" ], "summary": "Get Asset", - "description": "Returns detailed information for the asset with the given id.\n\nThe data field in the response object contains the raw JSON blob as returned by the source cloud service provider API for the given asset.\n\nOnly the rrn parameter in the request body is used for this API. Ignore the timelineItemId and findingType fields.\n\n Ensure to add the required parameters for the asset query parameter with type as follows: \n\n | **Type** | **Conditionally Required Query Parameters** |\n| ------------------------------- | ----------------------------------------------------------------- |\n| external_finding | |\n| alerts | alertIds |\n| attack_path | attackPathIds |\n| package_info | |\n| labels | filters |\n| vulnerability_aggregates | filters |\n| process_info | filters |\n| vulnerabilities_group_by_type | |\n| asset_cwp_vulns | |\n\n", + "description": "Returns detailed information for the asset with the given id.\n\nThe data field in the response object contains the raw JSON blob as returned by the source cloud service provider API for the given asset.\n\nOnly the rrn parameter in the request body is used for this API. Ignore the timelineItemId and findingType fields.", "operationId": "get-asset-details-by-id", "parameters": [], "requestBody": { @@ -157,33 +161,21 @@ "type": "object", "properties": { "ids": { - "maximum": 200, - "minimum": 1, "type": "array", - "format": "IdLookup", - "example": "[d49d2177f00f7ce4ab24bb86655efad4]", "items": { "maximum": 200, "minimum": 1, "type": "string", "format": "IdLookup", - "example": "[d49d2177f00f7ce4ab24bb86655efad4]" + "example": "d49d2177f00f7ce4ab24bb86655efad4" } } }, "description": "Request object for id translation" }, "Problem": { - "required": [ - "createdTs", - "parameters" - ], "type": "object", "properties": { - "type": { - "type": "string", - "format": "uri" - }, "title": { "type": "string" }, @@ -320,12 +312,6 @@ "items": { "type": "object" } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - } } } }, @@ -336,17 +322,13 @@ "type": "object", "properties": { "ids": { - "maximum": 200, - "minimum": 1, "type": "array", - "format": "String", - "example": "[rrn:xxx:xx:xx-xx-x:xxx:xxx:x-xxxx]", "items": { "maximum": 200, "minimum": 1, "type": "string", "format": "String", - "example": "[rrn:xxx:xx:xx-xx-x:xxx:xxx:x-xxxx]" + "example": "rrn:xxx:xx:xx-xx-x:xxx:xxx:x-xxxx" } } }, @@ -354,10 +336,7 @@ }, "AssetRequest": { "required": [ - "alertIds", "assetId", - "attackPathIds", - "prismaCloudFindingsOnly", "type" ], "type": "object", @@ -1145,12 +1124,6 @@ "hasExtFindingRiskFactors": { "type": "boolean" }, - "assetClassId": { - "type": "string" - }, - "assetClass": { - "type": "string" - }, "alertsCount": { "type": "array", "items": { From 87b77e51e932404264e2074daa941591d761b94b Mon Sep 17 00:00:00 2001 From: AbiMano4688 Date: Wed, 11 Sep 2024 15:23:41 +0530 Subject: [PATCH 3/9] RLP-149539 updates --- openapi-specs/cspm/IAMV2MicroService.json | 5177 +++++++++++++++------ 1 file changed, 3768 insertions(+), 1409 deletions(-) diff --git a/openapi-specs/cspm/IAMV2MicroService.json b/openapi-specs/cspm/IAMV2MicroService.json index 81b973f98..9df504d34 100644 --- a/openapi-specs/cspm/IAMV2MicroService.json +++ b/openapi-specs/cspm/IAMV2MicroService.json @@ -52,14 +52,14 @@ } ], "paths": { - "/iam/api/v3/search/permission": { + "/iam/api/v4/search/permission": { "post": { "tags": [ "IAM" ], - "summary": "Get Permissions V3", - "description": "Returns a page of permissions and a page token for the next page if applicable", - "operationId": "search-permissions-v3", + "summary": "Get permissions V4", + "description": "Returns permissions grouped by requested fields and a page token for the next page if applicable", + "operationId": "permission-search-v4_1", "parameters": [ { "name": "limit", @@ -77,59 +77,34 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PermissionSearchRequestDtoV3" + "$ref": "#/components/schemas/PermissionSearchV4RequestDto" } } }, "required": true }, "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionSearchResponseDtoV3" - } - } - } - }, "400": { "description": "Bad request", "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" - } - } - } - }, - "401": { - "description": "Unauthorized", - "content": { - "application/json": { + "*/*": { "schema": { "$ref": "#/components/schemas/ApiErrorResponseDto" } - } - } - }, - "403": { - "description": "Forbidden", - "content": { + }, "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "404": { - "description": "Not found", + "200": { + "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/PermissionSearchV4ResponseDto" } } } @@ -162,65 +137,13 @@ } } } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v4/search/permission": { - "post": { - "tags": [ - "IAM" - ], - "summary": "Get Permissions V4", - "description": "Returns permissions grouped by requested fields and a page token for the next page if applicable.", - "operationId": "permission-search-v4", - "parameters": [ - { - "name": "limit", - "in": "query", - "description": "Query records limit", - "required": false, - "schema": { - "type": "integer", - "format": "int32" - }, - "example": 100 - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionSearchV4RequestDto" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionSearchV4ResponseDto" - } - } - } }, - "400": { - "description": "Bad request", + "404": { + "description": "Not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } @@ -230,7 +153,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } @@ -240,46 +163,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" - } - } - } - }, - "404": { - "description": "Not found", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" - } - } - } - }, - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", - "schema": { - "type": "integer" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } @@ -299,7 +183,7 @@ "tags": [ "IAM" ], - "summary": "Get Permission Accesses V3", + "summary": "Get accesses of a permission V3", "description": "Returns a page of permission's last acceses and a page token for the next page if applicable", "operationId": "permissions-accesses-v3", "parameters": [ @@ -324,7 +208,7 @@ "type": "integer", "format": "int32" }, - "example": 5 + "example": 100 } ], "requestBody": { @@ -338,12 +222,31 @@ "required": true }, "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", "schema": { - "$ref": "#/components/schemas/PermissionAccessResponseDtoV3" + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" } } } @@ -353,66 +256,47 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "401": { - "description": "Unauthorized", + "404": { + "description": "Not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "403": { - "description": "Forbidden", + "401": { + "description": "Unauthorized", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "404": { - "description": "Not found", + "403": { + "description": "Forbidden", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", + "200": { + "description": "OK", + "content": { + "application/json": { "schema": { - "type": "integer" + "$ref": "#/components/schemas/PermissionAccessResponseDtoV3" } } } @@ -432,7 +316,7 @@ "tags": [ "IAM" ], - "summary": "Get Query Suggestions V2", + "summary": "Suggest RQL V2", "description": "Suggest auto completion for RQL and notify whether the current RQL is valid or not", "operationId": "iam-suggest-v2", "parameters": [], @@ -447,12 +331,31 @@ "required": true }, "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", "schema": { - "$ref": "#/components/schemas/SuggestResponseDto" + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" } } } @@ -462,7 +365,17 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "404": { + "description": "Not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" } } } @@ -472,7 +385,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } @@ -482,46 +395,17 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "404": { - "description": "Not found", + "200": { + "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" - } - } - } - }, - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", - "schema": { - "type": "integer" + "$ref": "#/components/schemas/SuggestResponseDto" } } } @@ -541,9 +425,9 @@ "tags": [ "IAM" ], - "summary": "Get Permissions Role or Policy Definition V2", + "summary": "Get permissions role/policy definition V2", "description": "Returns the raw config (policy/role definition) which the permission was calculated from", - "operationId": "permission-raw-config-definition", + "operationId": "permission-raw-config-definition-v2", "parameters": [], "requestBody": { "content": { @@ -556,12 +440,31 @@ "required": true }, "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", "schema": { - "$ref": "#/components/schemas/PermissionRawDataResponseDto" + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" } } } @@ -571,66 +474,47 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "401": { - "description": "Unauthorized", + "404": { + "description": "Not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "403": { - "description": "Forbidden", + "401": { + "description": "Unauthorized", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "404": { - "description": "Not found", + "403": { + "description": "Forbidden", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", + "200": { + "description": "OK", + "content": { + "application/json": { "schema": { - "type": "integer" + "$ref": "#/components/schemas/PermissionRawDataResponseDto" } } } @@ -645,45 +529,20 @@ ] } }, - "/iam/api/v1/asset/{asset-id}/related-asset": { + "/iam/api/v2/search/graph/source_to_granter": { "post": { "tags": [ "IAM" ], - "summary": "Get Cloud Identity Inventory (CII) Resource Related Assets", - "description": "Get assets related to Cloud Identity Inventory (CII) resource.", - "operationId": "cii-related-assets-v1", - "parameters": [ - { - "name": "asset-id", - "in": "path", - "description": "The asset UAI where you want to find it related assets", - "required": true, - "schema": { - "type": "string", - "description": "The asset UAI where you want to find it related assets", - "example": "681390424b288d835f5cd03e7bfb0993" - }, - "example": "681390424b288d835f5cd03e7bfb0993" - }, - { - "name": "limit", - "in": "query", - "description": "Query client records limit, return MAX(0, MIN(client.limit, service.limit))", - "required": false, - "schema": { - "type": "string", - "description": "Query client records limit, return MAX(0, MIN(client.limit, service.limit))", - "example": 5 - }, - "example": 5 - } - ], + "summary": "Get graph source to granter v2", + "description": "Get a stream of unique source and granted by values for a given permissions query", + "operationId": "permissions-graph-source-to-granter-v2", + "parameters": [], "requestBody": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CloudAssetRelatedAssetsRequestDto" + "$ref": "#/components/schemas/PermissionGraphRequestDtoV2" } } }, @@ -695,7 +554,36 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CloudAssetRelatedAssetsResponseDto" + "$ref": "#/components/schemas/SourceToGranterPermissionResponseDtoV2" + } + } + } + }, + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" } } } @@ -705,41 +593,71 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "401": { - "description": "Unauthorized", + "404": { + "description": "Not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "403": { - "description": "Forbidden", + "401": { + "description": "Unauthorized", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "404": { - "description": "Not found", + "403": { + "description": "Forbidden", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v2/search/graph/granter_to_dest": { + "post": { + "tags": [ + "IAM" + ], + "summary": "Get graph granter to dest v2", + "description": "Get a stream of unique granted by and dest by values for a given permissions query", + "operationId": "permissions-graph-granter-to-dest-v2", + "parameters": [], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PermissionGraphRequestDtoV2" + } + } }, + "required": true + }, + "responses": { "429": { "description": "Throttled", "headers": { @@ -768,46 +686,13 @@ } } } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v2/alert/{alertId}/remediation_command": { - "get": { - "tags": [ - "IAM" - ], - "summary": "Get Remediation Command", - "description": "Get remediation command for an alert", - "operationId": "alert-remediation-command", - "parameters": [ - { - "name": "alertId", - "in": "path", - "description": "The alert id", - "required": true, - "schema": { - "type": "string", - "description": "The alert id", - "example": "I-34537" - }, - "example": "I-34537" - } - ], - "responses": { + }, "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/RemediationResponseDtoV2" + "$ref": "#/components/schemas/GranterToDestPermissionResponseDtoV2" } } } @@ -817,66 +702,37 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "401": { - "description": "Unauthorized", + "404": { + "description": "Not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "403": { - "description": "Forbidden", + "401": { + "description": "Unauthorized", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "404": { - "description": "Not found", + "403": { + "description": "Forbidden", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" - } - } - } - }, - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", - "schema": { - "type": "integer" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } @@ -891,35 +747,85 @@ ] } }, - "/iam/api/v2/alert/{alertId}/query": { - "get": { + "/iam/api/v2/permission/{permission-id}/list_access": { + "post": { "tags": [ "IAM" ], - "summary": "Get IAM Query V2", - "description": "Returns the query associated with an alert instance", - "operationId": "investigate-alert", + "summary": "Get accesses of a permission V2", + "description": "Returns a page of permission's last accesses and a page token for the next page if applicable", + "operationId": "permissions-accesses-v2", "parameters": [ { - "name": "alertId", + "name": "permission-id", "in": "path", - "description": "The alert id", + "description": "The permission id. Can be retrieved from search/permission api", "required": true, "schema": { "type": "string", - "description": "The alert id", - "example": "I-34537" + "description": "The permission id. Can be retrieved from search/permission api", + "example": "06c3cb4403ac276ff59679139b8e6afca2afe93100c8b39014f033ca0339ff0f" }, - "example": "I-34537" + "example": "06c3cb4403ac276ff59679139b8e6afca2afe93100c8b39014f033ca0339ff0f" + }, + { + "name": "limit", + "in": "query", + "description": "Query records limit", + "required": false, + "schema": { + "type": "integer", + "format": "int32" + }, + "example": 5 + }, + { + "name": "page-token", + "in": "query", + "description": "Page token", + "required": false, + "schema": { + "type": "string" + }, + "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" } ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PermissionAccessRequestDtoV2" + } + } + }, + "required": true + }, "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", "schema": { - "$ref": "#/components/schemas/RqlResponseDtoV2" + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" } } } @@ -929,41 +835,100 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "401": { - "description": "Unauthorized", + "404": { + "description": "Not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "403": { - "description": "Forbidden", + "200": { + "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/PermissionAccessResponseDtoV2" } } } }, - "404": { - "description": "Not found", + "401": { + "description": "Unauthorized", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" } } } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v2/asset/{asset-id}/related-asset": { + "post": { + "tags": [ + "Asset Relationship Controller V2" + ], + "description": "Get resource related assets and a page token for the next page if applicable", + "operationId": "getCloudAssetRelatedAssetsResponseAsCsv_1", + "parameters": [ + { + "name": "asset-id", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "limit", + "in": "query", + "description": "Query client records limit, return MAX(0, MIN(client.limit, service.limit))", + "required": false, + "schema": { + "type": "integer", + "format": "int32" + }, + "example": 5 + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CloudAssetRelatedAssetsRequestDto" + } + } }, + "required": true + }, + "responses": { "429": { "description": "Throttled", "headers": { @@ -992,56 +957,23 @@ } } } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v1/assets/{assetId}/over-permissive-metadata": { - "get": { - "tags": [ - "IAM" - ], - "summary": "Get Least Privilege Access Metadata of an Asset", - "description": "Return a metadata and info about the improvement potential for an assert of Least Privilege Access.", - "operationId": "least-privilege-access-metadata-v1", - "parameters": [ - { - "name": "assetId", - "in": "path", - "description": "the UAI asset Id", - "required": true, - "schema": { - "type": "string", - "description": "the UAI asset Id", - "example": "681390424b288d835f5cd03e7bfb0993" - }, - "example": "681390424b288d835f5cd03e7bfb0993" - } - ], - "responses": { - "200": { - "description": "OK", + }, + "400": { + "description": "Bad request", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/OverPermissiveMetadataResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "400": { - "description": "Bad request", + "404": { + "description": "Not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } @@ -1051,7 +983,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } @@ -1061,21 +993,62 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "404": { - "description": "Not found", + "200": { + "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/CloudAssetRelatedAssetsResponseDto" } } } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v2/asset/relationship/search": { + "post": { + "tags": [ + "Asset Relationship Controller V2" + ], + "description": "Get resource relationships first page and a page token for the next page if applicable", + "operationId": "getCloudAssetRelationshipResponse", + "parameters": [ + { + "name": "limit", + "in": "query", + "description": "Query records limit", + "required": false, + "schema": { + "type": "integer", + "format": "int32" + }, + "example": 5 + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CloudAssetRelationshipSearchRequestDto" + } + } }, + "required": true + }, + "responses": { "429": { "description": "Throttled", "headers": { @@ -1104,68 +1077,13 @@ } } } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v1/assets/{assetId}/existing-least-privileged-access": { - "get": { - "tags": [ - "IAM" - ], - "summary": "Get Existing Least Privilege Access Suggestions for an Asset", - "description": "Suggest least privileged access from existing resources according to the asset. This configuration will minimize the amount of policies/roles used while preserve all the actions used in the last specified last X days", - "operationId": "existing-least-privilege-access-v1", - "parameters": [ - { - "name": "assetId", - "in": "path", - "description": "the UAI asset Id", - "required": true, - "schema": { - "type": "string", - "description": "the UAI asset Id", - "example": "681390424b288d835f5cd03e7bfb0993" - }, - "example": "681390424b288d835f5cd03e7bfb0993" - }, - { - "name": "output_format", - "in": "query", - "description": "Output format type. One of: JSON / TERRAFORM/ CF", - "required": true, - "schema": { - "type": "integer", - "format": "int32" - }, - "example": "JSON" }, - { - "name": "lookback_duration_days", - "in": "query", - "description": "Amount of days to look back for used actions", - "required": true, - "schema": { - "type": "integer", - "format": "int32" - }, - "example": 90 - } - ], - "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExistingLeastPrivilegedAccessResponseDto" + "$ref": "#/components/schemas/CloudAssetRelationshipResponseDto" } } } @@ -1175,66 +1093,37 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "401": { - "description": "Unauthorized", + "404": { + "description": "Not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "403": { - "description": "Forbidden", + "401": { + "description": "Unauthorized", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "404": { - "description": "Not found", + "403": { + "description": "Forbidden", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" - } - } - } - }, - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", - "schema": { - "type": "integer" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } @@ -1249,57 +1138,71 @@ ] } }, - "/iam/api/v1/assets/{assetId}/custom-least-privileged-access": { - "get": { + "/iam/api/v1/asset/{asset-id}/related-asset": { + "post": { "tags": [ "IAM" ], - "summary": "Get New Least Privilege Access Suggestions for an Asset", - "description": "Generate Custom least privileged access configuration for the asset. Applying this configuration will minimize the amount of policies/roles used while preserve all the actions used in the last specified last X days", - "operationId": "custom-least-privilege-access-v1", + "summary": "Get Cloud Identity Inventory (CII) resource related assets", + "description": "Get the related assets of a resource", + "operationId": "cii-related-assets-v1_1", "parameters": [ { - "name": "assetId", + "name": "asset-id", "in": "path", - "description": "The UAI of the asset.", "required": true, "schema": { "type": "string" } }, { - "name": "output_format", - "in": "query", - "description": "Output format type. One of: JSON / TERRAFORM/ CF", - "required": true, - "schema": { - "type": "string", - "enum": [ - "JSON", - "TERRAFORM", - "CF" - ] - } - }, - { - "name": "lookback_duration_days", + "name": "limit", "in": "query", - "description": "Amount of days to look back for used actions", - "required": true, + "description": "Query client records limit, return MAX(0, MIN(client.limit, service.limit))", + "required": false, "schema": { "type": "integer", "format": "int32" }, - "example": 90 + "example": 5 } ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CloudAssetRelatedAssetsRequestDto" + } + } + }, + "required": true + }, "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", "schema": { - "$ref": "#/components/schemas/CustomLeastPrivilegedAccessResponseDto" + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" } } } @@ -1309,7 +1212,17 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "404": { + "description": "Not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" } } } @@ -1319,7 +1232,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } @@ -1329,21 +1242,63 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "404": { - "description": "Not found", + "200": { + "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/CloudAssetRelatedAssetsResponseDto" } } } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v1/asset/relationship/search": { + "post": { + "tags": [ + "IAM" + ], + "summary": "Get Cloud Identity Inventory (CII) resource relationships", + "description": "Get the relationships of a resource", + "operationId": "cii-asset-relationships-v1", + "parameters": [ + { + "name": "limit", + "in": "query", + "description": "Query records limit", + "required": false, + "schema": { + "type": "integer", + "format": "int32" + }, + "example": 5 + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CloudAssetRelationshipSearchRequestDto" + } + } }, + "required": true + }, + "responses": { "429": { "description": "Throttled", "headers": { @@ -1372,43 +1327,13 @@ } } } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v1/resources/{resourceId}/over-permissive-metadata": { - "get": { - "tags": [ - "IAM" - ], - "summary": "Get Least Privilege Access Metadata of a Resource", - "description": "Returns metadata describing whether an asset has potential for access optimization", - "operationId": "least-privilege-access-metadata-by-resource-v1", - "parameters": [ - { - "name": "resourceId", - "in": "path", - "description": "The resource ID", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { + }, "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExistingLeastPrivilegedAccessResponseDto" + "$ref": "#/components/schemas/CloudAssetRelationshipResponseDto" } } } @@ -1418,7 +1343,17 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "404": { + "description": "Not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" } } } @@ -1428,7 +1363,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } @@ -1438,46 +1373,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" - } - } - } - }, - "404": { - "description": "Not found", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" - } - } - } - }, - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", - "schema": { - "type": "integer" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } @@ -1492,98 +1388,42 @@ ] } }, - "/iam/api/v1/resources/{resourceId}/existing-least-privileged-access": { - "get": { + "/iam/api/v1/admin-identities": { + "post": { "tags": [ "IAM" ], - "summary": "Get Least Privilege Access Suggestions for a Resource", - "description": "Suggest the least privileged access based on existing IAM configurations. This configuration will minimize the number of policies/roles used preserving all the actions used in the last specified X days.", - "operationId": "existing-least-privilege-access-by-resource-v1", - "parameters": [ - { - "name": "resourceId", - "in": "path", - "description": "The resource ID", - "required": true, - "schema": { - "type": "string", - "description": "the resource ID" - } - }, - { - "name": "output_format", - "in": "query", - "description": "Output format.", - "required": true, - "schema": { - "type": "string", - "enum": [ - "JSON", - "TERRAFORM", - "CF" - ] - } - }, - { - "name": "lookback_duration_days", - "in": "query", - "description": "Amount of days to look back for used actions.", - "required": true, - "schema": { - "type": "integer", - "format": "int32" - }, - "example": 90 - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExistingLeastPrivilegedAccessResponseDto" - } + "summary": "Get admin identities", + "description": "Returns admin identities by cloud provider for each level", + "operationId": "admin-identities", + "parameters": [], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AdminIdentitiesRequestDto" } } }, + "required": true + }, + "responses": { "400": { "description": "Bad request", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" - } - } - } - }, - "401": { - "description": "Unauthorized", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } }, - "404": { - "description": "Not found", + "200": { + "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/AdminIdentitiesResponseDto" } } } @@ -1616,78 +1456,13 @@ } } } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v1/resources/{resourceId}/custom-least-privileged-access": { - "get": { - "tags": [ - "IAM" - ], - "summary": "Get New Least Privilege Access Suggestions for a Resource", - "description": "Generate a custom least privileged access configuration for the resource. Applying this configuration will minimize the number of policies/roles used while preserving all the actions used in the last specified X days", - "operationId": "custom-least-privilege-access-by-resource-v1", - "parameters": [ - { - "name": "resourceId", - "in": "path", - "description": "The resource ID", - "required": true, - "schema": { - "type": "string" - } - }, - { - "name": "output_format", - "in": "query", - "description": "Output format.", - "required": true, - "schema": { - "type": "string", - "enum": [ - "JSON", - "TERRAFORM", - "CF" - ] - } - }, - { - "name": "lookback_duration_days", - "in": "query", - "description": "Amount of days to look back for used actions", - "required": true, - "schema": { - "type": "integer", - "format": "int32" - }, - "example": 90 - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CustomLeastPrivilegedAccessResponseDto" - } - } - } }, - "400": { - "description": "Bad request", + "404": { + "description": "Not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } @@ -1697,7 +1472,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } @@ -1707,46 +1482,47 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" + "$ref": "#/components/schemas/ExceptionResponseDto" } } } - }, - "404": { - "description": "Not found", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiErrorResponseDto" - } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/api/v1/suggest": { + "post": { + "tags": [ + "IAM" + ], + "summary": "Suggest RQL V1", + "description": "Suggest auto completion for RQL and notify whether the current RQL is valid or not", + "operationId": "iam-suggest-v1", + "parameters": [], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SuggestRequestDto" } } }, - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { "schema": { - "type": "integer" + "$ref": "#/components/schemas/SuggestResponseDto" } } } @@ -1760,60 +1536,1852 @@ } ] } - } - }, - "components": { - "schemas": { - "ApiErrorResponseBodyDto": { - "required": [ - "code", - "message" + }, + "/api/v1/permission": { + "post": { + "tags": [ + "IAM" ], - "type": "object", - "properties": { - "code": { + "summary": "Get permissions V1", + "description": "Returns the first page of permissions and a page token for the next page if applicable", + "operationId": "search-permissions-v1_1", + "parameters": [], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PermissionSearchRequestDto" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PermissionSearchResponseDto" + } + } + } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/api/v1/permission/graph/source_to_granter": { + "post": { + "tags": [ + "IAM" + ], + "summary": "Get graph source to granter v1", + "description": "Get a stream of unique source and granted by values for a given permissions query", + "operationId": "permissions-graph-source-to-granter-v1", + "parameters": [], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PermissionGraphRequestDto" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK" + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/api/v1/permission/graph/granter_to_dest": { + "post": { + "tags": [ + "IAM" + ], + "summary": "Get graph granter to dest v1", + "description": "Get a stream of unique granted by and dest by values for a given permissions query", + "operationId": "permissions-graph-granter-to-dest-v1", + "parameters": [], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PermissionGraphRequestDto" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK" + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/api/v1/permission/alert/remediation": { + "post": { + "tags": [ + "IAM" + ], + "summary": "Get alert remediation command V1", + "description": "Get remediation command for an alert", + "operationId": "alert-remediation-command", + "parameters": [], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RemediationRequestDto" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RemediationResponseDto" + } + } + } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/api/v1/permission/access": { + "post": { + "tags": [ + "IAM" + ], + "summary": "Get permission last access first page v1", + "description": "Returns the first page of permission's last access and a page token for the next page if applicable", + "operationId": "permissions-accesses-v1", + "parameters": [], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PermissionAccessRequestDto" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PermissionAccessResponseDto" + } + } + } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/api/v1/permission/access/page": { + "post": { + "tags": [ + "IAM" + ], + "summary": "Get permission last access next page v1", + "description": "Returns page of permission's last access from a given next page token", + "operationId": "permissions-accesses-next-page-v1", + "parameters": [], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PermissionAccessPageRequestDto" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PermissionAccessResultDataDto" + } + } + } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v2/alert/{alertId}/remediation_command": { + "get": { + "tags": [ + "IAM" + ], + "summary": "Get alert remediation command V2", + "description": "Get remediation command for an alert", + "operationId": "alert-remediation-command-v2", + "parameters": [ + { + "name": "alertId", + "in": "path", + "description": "Alert Id", + "required": true, + "schema": { + "type": "string", + "description": "Alert Id", + "example": "I-837629" + }, + "example": "I-837629" + } + ], + "responses": { + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" + } + } + } + }, + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "404": { + "description": "Not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RemediationResponseDtoV2" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v2/alert/{alertId}/query": { + "get": { + "tags": [ + "IAM" + ], + "summary": "Investigate alert V2", + "description": "Returns the query associated with an alert instance", + "operationId": "investigate-alert-v2", + "parameters": [ + { + "name": "alertId", + "in": "path", + "description": "The alert id", + "required": true, + "schema": { + "type": "string", + "description": "The alert id", + "example": "I-34537" + }, + "example": "I-34537" + } + ], + "responses": { + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" + } + } + } + }, + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RqlResponseDtoV2" + } + } + } + }, + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "404": { + "description": "Not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v1/resources/{resourceId}/over-permissive-metadata": { + "get": { + "tags": [ + "IAM" + ], + "summary": "Get Least Privilege Access metadata for resource V1", + "description": "Returns metadata describing whether an asset has potential for access optimization", + "operationId": "least-privilege-access-metadata-by-resource-v1", + "parameters": [ + { + "name": "resourceId", + "in": "path", + "description": "the resource ID", + "required": true, + "schema": { + "type": "string", + "description": "the resource ID", + "example": "arn:aws:iam::accountId:role/roleName for AWS\n\"(should be encoded - arn%3Aaws%3Aiam%3A%3AaccountId%3Arole%2FroleName),\n 1f50e22a-46b6-3ac9-174d-537287ed9523 for Azure\n" + }, + "example": "arn:aws:iam::accountId:role/roleName for AWS\n\"(should be encoded - arn%3Aaws%3Aiam%3A%3AaccountId%3Arole%2FroleName),\n 1f50e22a-46b6-3ac9-174d-537287ed9523 for Azure\n" + } + ], + "responses": { + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" + } + } + } + }, + "404": { + "description": "Not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OverPermissiveMetadataResponseDto" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v1/resources/{resourceId}/existing-least-privileged-access": { + "get": { + "tags": [ + "IAM" + ], + "summary": "Generates existing Least Privilege Access suggestion for asset V1", + "description": "Suggest the least privileged access based on existing IAM configurations. This configuration will minimize the number of policies/roles used preserving all the actions used in the last specified X days", + "operationId": "existing-least-privilege-access-by-resource-v1", + "parameters": [ + { + "name": "resourceId", + "in": "path", + "description": "the resource ID", + "required": true, + "schema": { + "type": "string", + "description": "the resource ID", + "example": "arn:aws:iam::accountId:role/roleName for AWS\n\"(should be encoded - arn%3Aaws%3Aiam%3A%3AaccountId%3Arole%2FroleName),\n 1f50e22a-46b6-3ac9-174d-537287ed9523 for Azure\n" + }, + "example": "arn:aws:iam::accountId:role/roleName for AWS\n\"(should be encoded - arn%3Aaws%3Aiam%3A%3AaccountId%3Arole%2FroleName),\n 1f50e22a-46b6-3ac9-174d-537287ed9523 for Azure\n" + }, + { + "name": "output_format", + "in": "query", + "description": "Output format type. One of: JSON / TERRAFORM/ CF", + "required": true, + "schema": { + "type": "string" + }, + "example": "JSON" + }, + { + "name": "lookback_duration_days", + "in": "query", + "description": "Amount of days to look back for used actions", + "required": true, + "schema": { + "type": "integer", + "format": "int32" + }, + "example": 90 + } + ], + "responses": { + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" + } + } + } + }, + "404": { + "description": "Not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExistingLeastPrivilegedAccessResponseDto" + } + } + } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v1/resources/{resourceId}/custom-least-privileged-access": { + "get": { + "tags": [ + "IAM" + ], + "summary": "Generates custom (new) Least Privilege Access suggestion for asset V1", + "description": "Generate a custom least privileged access configuration for the resource. Applying this configuration will minimize the number of policies/roles used while preserving all the actions used in the last specified X days", + "operationId": "custom-least-privilege-access-by-resource-v1", + "parameters": [ + { + "name": "resourceId", + "in": "path", + "description": "the resource ID", + "required": true, + "schema": { + "type": "string", + "description": "the resource ID", + "example": "arn:aws:iam::accountId:role/roleName for AWS\n\"(should be encoded - arn%3Aaws%3Aiam%3A%3AaccountId%3Arole%2FroleName),\n 1f50e22a-46b6-3ac9-174d-537287ed9523 for Azure\n" + }, + "example": "arn:aws:iam::accountId:role/roleName for AWS\n\"(should be encoded - arn%3Aaws%3Aiam%3A%3AaccountId%3Arole%2FroleName),\n 1f50e22a-46b6-3ac9-174d-537287ed9523 for Azure\n" + }, + { + "name": "output_format", + "in": "query", + "description": "Output format type. One of: JSON / TERRAFORM/ CF", + "required": true, + "schema": { + "type": "string" + }, + "example": "JSON" + }, + { + "name": "lookback_duration_days", + "in": "query", + "description": "Amount of days to look back for used actions", + "required": true, + "schema": { + "type": "integer", + "format": "int32" + }, + "example": 90 + } + ], + "responses": { + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" + } + } + } + }, + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CustomLeastPrivilegedAccessResponseDto" + } + } + } + }, + "404": { + "description": "Not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v1/assets/{assetId}/over-permissive-metadata": { + "get": { + "tags": [ + "IAM" + ], + "summary": "Get Least Privilege Access metadata for asset V1", + "description": "Return a metadata and info about the improvement potential for an assert of Least Privilege Access", + "operationId": "least-privilege-access-metadata-by-uai-v1", + "parameters": [ + { + "name": "assetId", + "in": "path", + "description": "the UAI asset Id", + "required": true, + "schema": { + "type": "string", + "description": "the UAI asset Id", + "example": "681390424b288d835f5cd03e7bfb0993" + }, + "example": "681390424b288d835f5cd03e7bfb0993" + } + ], + "responses": { + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" + } + } + } + }, + "404": { + "description": "Not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OverPermissiveMetadataResponseDto" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v1/assets/{assetId}/existing-least-privileged-access": { + "get": { + "tags": [ + "IAM" + ], + "summary": "Generates existing Least Privilege Access suggestion for asset V1", + "description": "Suggest least privileged access from existing resources according to the asset. This configuration will minimize the amount of policies/roles used while preserve all the actions used in the last specified last X days", + "operationId": "existing-least-privilege-access-by-uai-v1", + "parameters": [ + { + "name": "assetId", + "in": "path", + "description": "the UAI asset Id", + "required": true, + "schema": { + "type": "string", + "description": "the UAI asset Id", + "example": "681390424b288d835f5cd03e7bfb0993" + }, + "example": "681390424b288d835f5cd03e7bfb0993" + }, + { + "name": "output_format", + "in": "query", + "description": "Output format type. One of: JSON / TERRAFORM/ CF", + "required": true, + "schema": { + "type": "string" + }, + "example": "JSON" + }, + { + "name": "lookback_duration_days", + "in": "query", + "description": "Amount of days to look back for used actions", + "required": true, + "schema": { + "type": "integer", + "format": "int32" + }, + "example": 90 + } + ], + "responses": { + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" + } + } + } + }, + "404": { + "description": "Not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExistingLeastPrivilegedAccessResponseDto" + } + } + } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v1/assets/{assetId}/custom-least-privileged-access": { + "get": { + "tags": [ + "IAM" + ], + "summary": "Generates custom (new) Least Privilege Access suggestion for asset V1", + "description": "Generate Custom least privileged access configuration for the asset. Applying this configuration will minimize the amount of policies/roles used while preserve all the actions used in the last specified last X days", + "operationId": "custom-least-privilege-access-by-uai-v1", + "parameters": [ + { + "name": "assetId", + "in": "path", + "description": "the UAI asset Id", + "required": true, + "schema": { + "type": "string", + "description": "the UAI asset Id", + "example": "681390424b288d835f5cd03e7bfb0993" + }, + "example": "681390424b288d835f5cd03e7bfb0993" + }, + { + "name": "output_format", + "in": "query", + "description": "Output format type. One of: JSON / TERRAFORM/ CF", + "required": true, + "schema": { + "type": "string" + }, + "example": "JSON" + }, + { + "name": "lookback_duration_days", + "in": "query", + "description": "Amount of days to look back for used actions", + "required": true, + "schema": { + "type": "integer", + "format": "int32" + }, + "example": 90 + } + ], + "responses": { + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" + } + } + } + }, + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CustomLeastPrivilegedAccessResponseDto" + } + } + } + }, + "404": { + "description": "Not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponseDto" + } + } + } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/api/v1/permission/raw/{permissionId}": { + "get": { + "tags": [ + "IAM" + ], + "summary": "Get permissions role/policy definition V1", + "description": "Returns the raw config (policy/role definition) which the permission was calculated from", + "operationId": "permission-raw-config-definition-v1", + "parameters": [ + { + "name": "permissionId", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "string" + } + } + } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/api/v1/permission/alert/search": { + "get": { + "tags": [ + "IAM" + ], + "summary": "Investigate alert V1", + "description": "Returns the query associated with an alert instance", + "operationId": "investigate-alert-v1", + "parameters": [ + { + "name": "alertId", + "in": "query", + "description": "Alert id", + "required": true, + "schema": { + "type": "string" + }, + "example": "I-983167" + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RqlResponseDto" + } + } + } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + } + }, + "components": { + "schemas": { + "ApiErrorResponseBodyDto": { + "required": [ + "code", + "message" + ], + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "message": { + "type": "string" + }, + "target": { "type": "string" }, - "message": { - "type": "string" + "details": { + "type": "array", + "items": { + "type": "string" + } + }, + "innerError": { + "$ref": "#/components/schemas/ApiErrorResponseDto" + } + } + }, + "ApiErrorResponseDto": { + "type": "object", + "properties": { + "error": { + "$ref": "#/components/schemas/ApiErrorResponseBodyDto" + } + } + }, + "PermissionSearchV4RequestDto": { + "required": [ + "query" + ], + "type": "object", + "properties": { + "query": { + "type": "string", + "description": "RQL query (default: empty string)", + "example": "config from iam where dest.cloud.type='AWS'" + }, + "searchId": { + "type": "string", + "description": "Saved search id", + "example": "ff4fcb80-03f6-41dd-8bd8-6179fd46b3a4" + }, + "nextPageToken": { + "type": "string", + "description": "Page Token", + "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" + }, + "groupByFields": { + "uniqueItems": true, + "type": "array", + "description": "Fields to group results by. Empty or missing array is considered the same as an array with all possible fields", + "example": [ + "source", + "sourceCloudAccount", + "grantedByEntity", + "entityCloudAccount", + "grantedByPolicy", + "policyCloudAccount", + "grantedByLevel", + "action", + "destination", + "destCloudAccount", + "lastAccess" + ], + "items": { + "type": "string", + "description": "Fields to group results by. Empty or missing array is considered the same as an array with all possible fields", + "example": "[\"source\",\"sourceCloudAccount\",\"grantedByEntity\",\"entityCloudAccount\",\"grantedByPolicy\",\"policyCloudAccount\",\"grantedByLevel\",\"action\",\"destination\",\"destCloudAccount\",\"lastAccess\"]", + "enum": [ + "source", + "sourceCloudAccount", + "grantedByEntity", + "entityCloudAccount", + "grantedByPolicy", + "policyCloudAccount", + "grantedByLevel", + "action", + "destination", + "destCloudAccount", + "lastAccess" + ] + } + } + } + }, + "ErrorResponseDto": { + "type": "object", + "properties": { + "code": { + "type": "string", + "description": "HTTP response code", + "example": "Not found" + }, + "message": { + "type": "string", + "description": "Error message", + "example": "Reason" + } + } + }, + "ExceptionResponseDto": { + "type": "object", + "properties": { + "error": { + "$ref": "#/components/schemas/ErrorResponseDto" + } + } + }, + "AbsoluteTimeRangeDto": { + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/TimeRangeDto" + }, + { + "type": "object", + "properties": { + "value": { + "$ref": "#/components/schemas/Value" + } + } + } + ] + }, + "PermissionExceptionDto": { + "type": "object", + "properties": { + "messageCode": { + "type": "string", + "description": "Message code", + "example": "LIMITED_BY_DENY_STATEMENT" + } + }, + "description": "Permission exception list" + }, + "PermissionSearchV4ResponseDataDto": { + "type": "object", + "properties": { + "items": { + "type": "array", + "description": "items list", + "items": { + "$ref": "#/components/schemas/PermissionV4DataItemDto" + } + }, + "nextPageToken": { + "type": "string", + "description": "Next page token", + "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" + }, + "totalRows": { + "type": "integer", + "description": "Total rows count", + "format": "int64", + "example": 1243 + }, + "searchedDestCloudResourceNames": { + "uniqueItems": true, + "type": "array", + "description": "Searched destination cloud resource names", + "example": [], + "items": { + "type": "string", + "description": "Searched destination cloud resource names", + "example": "[]" + } + } + } + }, + "PermissionSearchV4ResponseDto": { + "type": "object", + "properties": { + "data": { + "$ref": "#/components/schemas/PermissionSearchV4ResponseDataDto" + }, + "query": { + "type": "string", + "description": "Query string", + "example": "config from iam where ..." + }, + "id": { + "type": "string", + "description": "Request user Id", + "example": "111111" + }, + "saved": { + "type": "boolean", + "description": "Is search saved", + "example": true + }, + "name": { + "type": "string", + "description": "Search name", + "example": "search-name" + }, + "timeRange": { + "$ref": "#/components/schemas/TimeRangeDto" + }, + "searchType": { + "type": "string", + "description": "Search type", + "example": "search-type" + }, + "description": { + "type": "string", + "description": "Search description", + "example": "search-description" + }, + "cloudType": { + "type": "string", + "description": "Cloud Type", + "example": "aws" + } + } + }, + "PermissionV4DataItemDto": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Message id", + "example": "13" + }, + "sourcePublic": { + "type": "boolean", + "description": "Is source public", + "example": false + }, + "sourceCloudType": { + "type": "string", + "description": "Source cloud type", + "example": "AWS" + }, + "sourceCloudAccount": { + "type": "string", + "description": "Source cloud account", + "example": "123456789" + }, + "sourceCloudRegion": { + "type": "string", + "description": "Source cloud region", + "example": "AWS London" + }, + "sourceCloudServiceName": { + "type": "string", + "description": "Source cloud service name", + "example": "iam" + }, + "sourceResourceName": { + "type": "string", + "description": "Source cloud resource name", + "example": "john" + }, + "sourceResourceType": { + "type": "string", + "description": "Source cloud resource type", + "example": "user" + }, + "sourceResourceId": { + "type": "string", + "description": "Source cloud resource id", + "example": "arn:aws:iam::111111:user/john" + }, + "sourceCloudResourceUai": { + "type": "string", + "description": "Source cloud resource UAI", + "example": "681390624b288d835f4cd03e7bfb0994" + }, + "sourceIdpService": { + "type": "string", + "description": "Source IDP service", + "example": "AWS Identity Center" + }, + "sourceIdpDomain": { + "type": "string", + "description": "Source IDP domain", + "example": "idp.com" + }, + "sourceIdpEmail": { + "type": "string", + "description": "Source IDP email", + "example": "idp@email.com" + }, + "sourceIdpUserId": { + "type": "string", + "description": "Source IDP user id", + "example": "123456789" + }, + "sourceIdpUsername": { + "type": "string", + "description": "Source IDP user name", + "example": "idp-user" + }, + "sourceIdpGroup": { + "type": "string", + "description": "Source IDP group", + "example": "IdpGroup" + }, + "sourceIdpUai": { + "type": "string", + "description": "Source idp UAI", + "example": "681390424b288d835f5cd03e7bfb0993" + }, + "destCloudType": { + "type": "string", + "description": "Destination cloud type", + "example": "AWS" + }, + "destCloudAccount": { + "type": "string", + "description": "Destination cloud account", + "example": "123456789" + }, + "destCloudRegion": { + "type": "string", + "description": "Destination cloud region", + "example": "AWS London" + }, + "destCloudServiceName": { + "type": "string", + "description": "Destination cloud service name", + "example": "iam" + }, + "destResourceName": { + "type": "string", + "description": "Destination cloud resource name", + "example": "john" + }, + "destResourceType": { + "type": "string", + "description": "Destination cloud resource type", + "example": "user" + }, + "destResourceId": { + "type": "string", + "description": "Destination cloud resource id", + "example": "arn:aws:iam::111111:user/john" + }, + "destCloudResourceUai": { + "type": "string", + "description": "Destination cloud resource UAI", + "example": "181390424b298d835f4cd03e7bfb0991" + }, + "grantedByCloudType": { + "type": "string", + "description": "Granted by cloud type", + "example": "AWS" + }, + "grantedByCloudPolicyId": { + "type": "string", + "description": "Granted by cloud policy Id", + "example": "arn:aws:iam::aws:policy/aws-policy" + }, + "grantedByCloudPolicyName": { + "type": "string", + "description": "Granted by cloud policy name", + "example": "my-policy" + }, + "grantedByCloudPolicyType": { + "type": "string", + "description": "Granted by cloud policy type", + "example": "Customer Managed Policy" + }, + "grantedByCloudPolicyUai": { + "type": "string", + "description": "Granted by cloud policy UAI", + "example": "771390424b298d835f4cd03e7bfb0232" + }, + "grantedByCloudPolicyAccount": { + "type": "string", + "description": "Granted by cloud policy account", + "example": "123456789" + }, + "grantedByCloudEntityId": { + "type": "string", + "description": "Granted by cloud entity id", + "example": "arn:aws:iam:::role/my-role" + }, + "grantedByCloudEntityName": { + "type": "string", + "description": "Granted by cloud entity name", + "example": "my-role" + }, + "grantedByCloudEntityType": { + "type": "string", + "description": "Granted by cloud entity type", + "example": "user" + }, + "grantedByCloudEntityAccount": { + "type": "string", + "description": "Granted by cloud entity account", + "example": "123456789" + }, + "grantedByCloudEntityUai": { + "type": "string", + "description": "Granted by cloud entity UAI", + "example": "223390424b298d835f4cd03e7bfb0111" + }, + "grantedByLevelType": { + "type": "string", + "description": "Granted by level type", + "example": "GCP Folder" + }, + "grantedByLevelId": { + "type": "string", + "description": "Granted by level id", + "example": "level_id" + }, + "grantedByLevelName": { + "type": "string", + "description": "Granted by level name", + "example": "level_name" + }, + "grantedByLevelUai": { + "type": "string", + "description": "Granted by level UAI", + "example": "123390424cb99d835f4cd03e7bfb0991" + }, + "lastAccessDate": { + "type": "string", + "description": "Last accessed data", + "example": "2024-01-02" + }, + "lastAccessStatus": { + "type": "string", + "description": "Last accessed status", + "example": "ACCESSED", + "enum": [ + "NOT_AVAILABLE", + "NOT_ACCESSED_IN_TRACKING_PERIOD", + "ACCESSED" + ] + }, + "accessedResourcesCount": { + "type": "integer", + "description": "Accessed resource count", + "format": "int64", + "example": 12 + }, + "effectiveActionName": { + "type": "string", + "description": "Effective action name", + "example": "sso:ListApplications" + }, + "exceptions": { + "type": "array", + "description": "Permission exception list", + "example": [ + { + "messageCode": "LIMITED_BY_DENY_STATEMENT" + } + ], + "items": { + "$ref": "#/components/schemas/PermissionExceptionDto" + } + }, + "nonNullValues": { + "type": "array", + "items": { + "type": "string" + } + }, + "wildCardDestCloudResourceName": { + "type": "boolean" + } + }, + "description": "items list" + }, + "RelativeTimeRangeDto": { + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/TimeRangeDto" }, - "target": { + { + "type": "object", + "properties": { + "value": { + "$ref": "#/components/schemas/Value" + } + } + } + ] + }, + "TimeRangeDto": { + "required": [ + "type" + ], + "type": "object", + "properties": { + "type": { "type": "string" + } + }, + "description": "The time range which the query run at to generate the alert", + "example": "{''type': 'relative', 'value': {'unit': 'day', 'amount': 7} }", + "discriminator": { + "propertyName": "type" + } + }, + "ToNowTimeRangeDto": { + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/TimeRangeDto" }, - "details": { - "type": "array", - "items": { - "type": "string" + { + "type": "object", + "properties": { + "value": { + "type": "string", + "description": "Time range value", + "example": "epoch" + } } - }, - "innerError": { - "$ref": "#/components/schemas/ApiErrorResponseDto" } - } + ] }, - "ApiErrorResponseDto": { + "Value": { "type": "object", "properties": { - "error": { - "$ref": "#/components/schemas/ApiErrorResponseBodyDto" + "unit": { + "type": "string" + }, + "amount": { + "type": "integer", + "format": "int32" } + }, + "description": "Unit and amount", + "example": { + "unit": "day", + "amount": 7 } }, "PermissionSearchRequestDtoV3": { - "required": [ - "query" - ], "type": "object", "properties": { "query": { "type": "string", - "description": "RQL query", - "example": "config from iam where source.cloud.type = 'AWS'" + "description": "Query body (default: empty string)", + "example": "config from iam where ..." }, "id": { "type": "string", - "description": "An optional saved search id. If not provided, a new saved search will be created.", - "example": "445f6ec2-0a47-4d60-a80c-b0c47e5616f1" + "description": "Requested search id", + "example": "123456" }, "nextPageToken": { "type": "string", @@ -2049,50 +3617,267 @@ "description": "Granted by level id", "example": "level_id" }, - "grantedByLevelName": { - "type": "string", - "description": "Granted by level name", - "example": "level_name" + "grantedByLevelName": { + "type": "string", + "description": "Granted by level name", + "example": "level_name" + }, + "grantedByLevelRrn": { + "type": "string", + "description": "Granted by level rrn", + "example": "level_rrn" + }, + "grantedByLevelUai": { + "type": "string", + "description": "Granted by level UAI", + "example": "123390424cb99d835f4cd03e7bfb0991" + } + }, + "description": "items list" + }, + "PermissionSearchResponseDtoV3": { + "type": "object", + "properties": { + "data": { + "$ref": "#/components/schemas/PermissionSearchResultDataDtoV3" + }, + "query": { + "type": "string", + "description": "Query string", + "example": "config from iam where ..." + }, + "id": { + "type": "string", + "description": "Request user Id", + "example": "111111" + }, + "saved": { + "type": "boolean", + "description": "Is search saved", + "example": true + }, + "name": { + "type": "string", + "description": "Search name", + "example": "search-name" + }, + "timeRange": { + "$ref": "#/components/schemas/TimeRangeDto" + }, + "searchType": { + "type": "string", + "description": "Search type", + "example": "search-type" + }, + "description": { + "type": "string", + "description": "Search description", + "example": "search-description" + }, + "cloudType": { + "type": "string", + "description": "Cloud Type", + "example": "aws" + } + } + }, + "PermissionSearchResultDataDtoV3": { + "type": "object", + "properties": { + "items": { + "type": "array", + "description": "items list", + "items": { + "$ref": "#/components/schemas/PermissionDto" + } + }, + "nextPageToken": { + "type": "string", + "description": "Next page token", + "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" + }, + "totalRows": { + "type": "integer", + "description": "Total rows count", + "format": "int64", + "example": 1243 + }, + "searchedDestCloudResourceNames": { + "uniqueItems": true, + "type": "array", + "description": "Searched destination cloud resource names", + "example": [], + "items": { + "type": "string", + "description": "Searched destination cloud resource names", + "example": "[]" + } + } + } + }, + "PermissionAccessRequestDtoV3": { + "required": [ + "query" + ], + "type": "object", + "properties": { + "query": { + "type": "string", + "description": "Query string", + "example": "config from iam where ..." + }, + "nextPageToken": { + "type": "string", + "description": "Page Token", + "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" + } + } + }, + "PermissionAccessResponseDtoV3": { + "type": "object", + "properties": { + "data": { + "$ref": "#/components/schemas/PermissionAccessResultDataDtoV3" + } + } + }, + "PermissionAccessResultDataDtoV3": { + "type": "object", + "properties": { + "items": { + "type": "array", + "description": "items list", + "items": { + "$ref": "#/components/schemas/PermissionLastAccessDto" + } + }, + "nextPageToken": { + "type": "string", + "description": "Next page token", + "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" + }, + "totalRows": { + "type": "integer", + "description": "Total rows count", + "format": "int64", + "example": 1243 + } + }, + "description": "Permissions last access list", + "readOnly": true + }, + "PermissionLastAccessDto": { + "type": "object", + "properties": { + "destCloudResourceName": { + "type": "string", + "description": "Destination cloud resource name", + "example": "my-function" + }, + "lastAccessDate": { + "type": "string", + "description": "Action last access date in the format of a unix timestamp", + "example": "1593691785" + }, + "destCloudRegion": { + "type": "string", + "description": "Action last access region", + "example": "AWS Virginia" + }, + "destCloudAccount": { + "type": "string", + "description": "Action last access account name", + "example": "account_name" + } + }, + "description": "items list" + }, + "SuggestRequestDto": { + "required": [ + "query" + ], + "type": "object", + "properties": { + "query": { + "type": "string", + "description": "Query to validate", + "example": "config from iam where dest.cloud.type='AWS'" + } + } + }, + "SuggestResponseDto": { + "type": "object", + "properties": { + "valid": { + "type": "boolean", + "description": "Is query valid", + "readOnly": true, + "example": true + }, + "suggestions": { + "uniqueItems": true, + "type": "array", + "description": "Suggestion list", + "readOnly": true, + "example": [ + "AND" + ], + "items": { + "type": "string", + "description": "Suggestion list", + "readOnly": true, + "example": "[\"AND\"]" + } + }, + "translate": { + "type": "boolean", + "description": "Should translate", + "readOnly": true, + "example": false }, - "grantedByLevelRrn": { - "type": "string", - "description": "Granted by level rrn", - "example": "level_rrn" + "needsOffsetUpdate": { + "type": "boolean", + "description": "Should add offset from the query beginning", + "readOnly": true, + "example": true }, - "grantedByLevelUai": { - "type": "string", - "description": "Granted by level UAI", - "example": "123390424cb99d835f4cd03e7bfb0991" + "offset": { + "type": "integer", + "description": "The number of characters of offset from the query beginning", + "format": "int32", + "readOnly": true, + "example": 43 } - }, - "description": "items list" + } }, - "PermissionExceptionDto": { + "PermissionSearchRequestDtoV2": { + "required": [ + "query" + ], "type": "object", "properties": { - "messageCode": { + "query": { "type": "string", - "description": "Message code", - "example": "LIMITED_BY_DENY_STATEMENT" - } - }, - "description": "Permission exception list", - "example": [ - { - "messageCode": "LIMITED_BY_DENY_STATEMENT" + "description": "Query body", + "example": "config from iam where source.cloud.type = 'aws'" + }, + "id": { + "type": "string", + "description": "Saved search id", + "example": "b75169aa-650a-4f03-b748-76cb7e66e383" } - ] + } }, - "PermissionSearchResponseDtoV3": { + "PermissionSearchResponseDtoV2": { "type": "object", "properties": { "data": { - "$ref": "#/components/schemas/PermissionSearchResultDataDtoV3" + "$ref": "#/components/schemas/PermissionSearchResultDataDtoV2" }, "query": { "type": "string", "description": "Query string", - "example": "config from iam where ..." + "example": "config from iam where source.cloud.type = 'aws'" }, "id": { "type": "string", @@ -2129,7 +3914,7 @@ } } }, - "PermissionSearchResultDataDtoV3": { + "PermissionSearchResultDataDtoV2": { "type": "object", "properties": { "items": { @@ -2139,9 +3924,9 @@ "$ref": "#/components/schemas/PermissionDto" } }, - "nextPageToken": { + "nextPage": { "type": "string", - "description": "Next page token", + "description": "Next page url with the token", "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" }, "totalRows": { @@ -2163,23 +3948,199 @@ } } }, - "TimeRangeDto": { - "required": [ - "type" - ], + "PermissionRawDataRequestDto": { "type": "object", "properties": { - "type": { + "permissionId": { + "type": "string", + "description": "PermissionId to get the raw config for", + "example": "06c3cb4403ac276ff59679139b8e6afca2afe93100c8b39014f033ca0339ff0f" + } + } + }, + "PermissionRawDataResponseDto": { + "type": "object", + "properties": { + "raw": { + "type": "string", + "description": "raw iam config (role/policy) which the permission was calculated from" + } + } + }, + "PermissionGraphRequestDtoV2": { + "type": "object", + "properties": { + "query": { + "type": "string", + "description": "RQL query", + "example": "config from iam where source.cloud.type = 'aws'" + } + } + }, + "SourceToGranterPermissionResponseDtoV2": { + "type": "object", + "properties": { + "data": { + "$ref": "#/components/schemas/SourceToGranterPermissionResultDtoV2" + } + } + }, + "SourceToGranterPermissionResultDtoV2": { + "type": "object", + "properties": { + "items": { + "type": "array", + "description": "items list", + "items": { + "$ref": "#/components/schemas/SourceToGranterPermissionResultItemDtoV2" + } + } + } + }, + "SourceToGranterPermissionResultItemDtoV2": { + "type": "object", + "properties": { + "sourceCloudType": { + "type": "string", + "example": "AWS", + "enum": [ + "UNKNOWN", + "ALL", + "AWS", + "AZURE", + "GCP", + "ALIBABA_CLOUD", + "OCI", + "IBM" + ] + }, + "sourceIsPublic": { + "type": "boolean" + }, + "sourceCloudAccountId": { + "type": "string", + "example": "123456789" + }, + "sourceCloudServiceName": { + "type": "string", + "example": "iam" + }, + "sourceCloudResourceName": { + "type": "string", + "example": "john" + }, + "sourceIdpService": { + "type": "string", + "example": "OKTA", + "enum": [ + "UNKNOWN", + "OKTA", + "AZURE_AD", + "AWS_IC" + ] + }, + "sourceIdpGroup": { + "type": "string" + }, + "sourceIdpUsername": { "type": "string" + }, + "grantedByCloudType": { + "type": "string", + "example": "AWS", + "enum": [ + "UNKNOWN", + "ALL", + "AWS", + "AZURE", + "GCP", + "ALIBABA_CLOUD", + "OCI", + "IBM" + ] + }, + "grantedByEntityType": { + "type": "string", + "example": "user" + }, + "grantedByEntityName": { + "type": "string", + "example": "my-role" } }, - "description": "The time range which the query run at to generate the alert", - "example": "{''type': 'relative', 'value': {'unit': 'day', 'amount': 7} }", - "discriminator": { - "propertyName": "type" + "description": "items list" + }, + "GranterToDestPermissionResponseDtoV2": { + "type": "object", + "properties": { + "data": { + "$ref": "#/components/schemas/GranterToDestPermissionResultDtoV2" + } } }, - "PermissionAccessRequestDtoV3": { + "GranterToDestPermissionResultDtoV2": { + "type": "object", + "properties": { + "items": { + "type": "array", + "description": "items list", + "items": { + "$ref": "#/components/schemas/GranterToDestPermissionResultItemDtoV2" + } + } + } + }, + "GranterToDestPermissionResultItemDtoV2": { + "type": "object", + "properties": { + "grantedByCloudType": { + "type": "string", + "example": "AWS", + "enum": [ + "UNKNOWN", + "ALL", + "AWS", + "AZURE", + "GCP", + "ALIBABA_CLOUD", + "OCI", + "IBM" + ] + }, + "grantedByEntityType": { + "type": "string", + "example": "user" + }, + "grantedByEntityName": { + "type": "string", + "example": "my-role" + }, + "destCloudType": { + "type": "string", + "example": "AWS", + "enum": [ + "UNKNOWN", + "ALL", + "AWS", + "AZURE", + "GCP", + "ALIBABA_CLOUD", + "OCI", + "IBM" + ] + }, + "destCloudServiceName": { + "type": "string", + "example": "iam" + }, + "destCloudResourceName": { + "type": "string", + "example": "john" + } + }, + "description": "items list" + }, + "PolicyValidationRequestDtoV2": { "required": [ "query" ], @@ -2187,25 +4148,47 @@ "properties": { "query": { "type": "string", - "description": "Query string", - "example": "config from iam where source.cloud.type = 'AWS'" + "description": "Query body", + "example": "config from iam where source.cloud.type = 'aws'" + } + } + }, + "PolicyValidationResponseDtoV2": { + "type": "object", + "properties": { + "valid": { + "type": "boolean", + "description": "Is policy RQL valid", + "example": true }, - "nextPageToken": { + "error": { "type": "string", - "description": "Page Token", - "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" + "description": "Error description in case of a failure" } } }, - "PermissionAccessResponseDtoV3": { + "PermissionAccessRequestDtoV2": { + "required": [ + "query" + ], + "type": "object", + "properties": { + "query": { + "type": "string", + "description": "Query string", + "example": "config from iam where source.cloud.type = 'aws'" + } + } + }, + "PermissionAccessResponseDtoV2": { "type": "object", "properties": { "data": { - "$ref": "#/components/schemas/PermissionAccessResultDataDtoV3" + "$ref": "#/components/schemas/PermissionAccessResultDataDtoV2" } } }, - "PermissionAccessResultDataDtoV3": { + "PermissionAccessResultDataDtoV2": { "type": "object", "properties": { "items": { @@ -2215,9 +4198,9 @@ "$ref": "#/components/schemas/PermissionLastAccessDto" } }, - "nextPageToken": { + "nextPage": { "type": "string", - "description": "Next page token", + "description": "Next page url with the token", "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" }, "totalRows": { @@ -2226,137 +4209,158 @@ "format": "int64", "example": 1243 } - }, - "description": "Permissions last access list", - "readOnly": true + }, + "description": "Permissions last access list", + "readOnly": true + }, + "CloudAssetRelatedAssetsRequestDto": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "description": "Relationship Type", + "example": "aws_policy_role", + "enum": [ + "aws_role_policy", + "aws_role_trusted", + "aws_group_user", + "aws_group_policy", + "aws_policy_group", + "aws_policy_role", + "aws_policy_resource", + "aws_ec2_role", + "azure_userAssigned_serviceApp", + "azure_userAssigned_roleDefinition", + "azure_roleDefinition_userAssigned", + "azure_roleDefinition_user", + "azure_group_members", + "azure_group_roleDefinition", + "azure_roleDefinition_group", + "azure_servicePrincipal_appRegistration", + "azure_servicePrincipal_roleDefinition", + "azure_roleDefinition_servicePrincipal" + ] + }, + "lastAccessFromTime": { + "type": "integer", + "description": "Last accessed From epoch (epoch)", + "format": "int64", + "example": 1678785157 + }, + "lastAccessToTime": { + "type": "integer", + "description": "Last accessed To epoch (epoch)", + "format": "int64", + "example": 1678785157 + }, + "nextPageToken": { + "type": "string", + "description": "Page Token", + "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" + } + } }, - "PermissionLastAccessDto": { + "CloudAssetRelatedAssetDto": { "type": "object", "properties": { - "destCloudResourceName": { + "targetAssetId": { "type": "string", - "description": "Destination cloud resource name", - "example": "my-function" + "description": "Target Asset Id (unifiedAssetId)", + "example": "1593691785" + }, + "targetCloudResourceId": { + "type": "string", + "description": "Target Asset Cloud Resource Id", + "example": "1593691785" + }, + "targetDisplayName": { + "type": "string", + "description": "Target DisplayName" + }, + "targetResourceType": { + "type": "string", + "description": "Target resource type" }, "lastAccessDate": { "type": "string", "description": "Action last access date in the format of a unix timestamp", "example": "1593691785" }, - "destCloudRegion": { + "lastAccessStatus": { "type": "string", - "description": "Action last access region", - "example": "AWS Virginia" + "description": "Last accessed status" }, - "destCloudAccount": { + "grantedByLevelType": { "type": "string", - "description": "Action last access account name", - "example": "account_name" + "description": "Granted by level type" } }, "description": "items list" }, - "SuggestRequestDto": { + "CloudAssetRelatedAssetsResponseDto": { "type": "object", "properties": { - "query": { + "value": { + "type": "array", + "description": "items list", + "items": { + "$ref": "#/components/schemas/CloudAssetRelatedAssetDto" + } + }, + "nextPageToken": { "type": "string", - "description": "Query to validate", - "example": "config from iam where dest.cloud.type = 'AWS'" + "description": "Next page token", + "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" + }, + "totalRows": { + "type": "integer", + "description": "Total rows count", + "format": "int64", + "example": 1243 } } }, - "SuggestResponseDto": { + "CloudAssetRelationshipSearchRequestDto": { + "required": [ + "targetApiIds" + ], "type": "object", "properties": { - "valid": { - "type": "boolean", - "description": "Is query valid", - "readOnly": true, - "example": true + "sourceApiIds": { + "type": "array", + "description": "Prisma Api Ids of the source assets. Can't be supplied together with sourceAssetIds.", + "example": [ + 1 + ], + "items": { + "type": "integer", + "description": "Prisma Api Ids of the source assets. Can't be supplied together with sourceAssetIds.", + "format": "int32" + } }, - "suggestions": { - "uniqueItems": true, + "sourceAssetIds": { "type": "array", - "description": "Suggestion list", - "readOnly": true, + "description": "Asset ids of the source asset (request for its relationships). Can't be supplied together with sourceApiIds.", "example": [ - "AND" + "assetId1" ], "items": { "type": "string", - "description": "Suggestion list", - "readOnly": true, - "example": "[\"AND\"]" + "description": "Asset ids of the source asset (request for its relationships). Can't be supplied together with sourceApiIds.", + "example": "[\"assetId1\"]" } }, - "translate": { - "type": "boolean", - "description": "Should translate", - "readOnly": true, - "example": false - }, - "needsOffsetUpdate": { - "type": "boolean", - "description": "Should add offset from the query beginning", - "readOnly": true, - "example": true - }, - "offset": { - "type": "integer", - "description": "The number of characters of offset from the query beginning", - "format": "int32", - "readOnly": true, - "example": 43 - } - } - }, - "PermissionRawDataRequestDto": { - "type": "object", - "properties": { - "permissionId": { - "type": "string", - "description": "PermissionId to get the raw config for. Can be obtain form calling search/permission API", - "example": "06c3cb4403ac276ff59679139b8e6afca2afe93100c8b39014f033ca0339ff0f" - } - } - }, - "PermissionRawDataResponseDto": { - "type": "object", - "properties": { - "raw": { - "type": "string", - "description": "raw iam config (rolw/policy) which the permission was calculated from" - } - } - }, - "CloudAssetRelatedAssetsRequestDto": { - "type": "object", - "properties": { - "relationshipType": { - "type": "string", - "description": "Relationship Type", - "example": "aws_policy_role", - "enum": [ - "AWS_ROLE_POLICY", - "AWS_ROLE_TRUSTED", - "AWS_GROUP_USER", - "AWS_GROUP_POLICY", - "AWS_POLICY_GROUP", - "AWS_POLICY_ROLE", - "AWS_POLICY_RESOURCE", - "AWS_EC2_ROLE", - "AZURE_USERASSIGNED_SERVICEAPP", - "AZURE_USERASSIGNED_ROLEDEFINITION", - "AZURE_ROLEDEFINITION_USERASSIGNED", - "AZURE_ROLEDEFINITION_USER", - "AZURE_GROUP_MEMBERS", - "AZURE_GROUP_ROLEDEFINITION", - "AZURE_ROLEDEFINITION_GROUP", - "AZURE_SERVICEPRINCIPAL_APPREGISTRATION", - "AZURE_SERVICEPRINCIPAL_ROLEDEFINITION", - "AZURE_ROLEDEFINITION_SERVICEPRINCIPAL" - ] + "targetApiIds": { + "type": "array", + "description": "Prisma Api Ids of the target assets", + "example": [ + 2 + ], + "items": { + "type": "integer", + "description": "Prisma Api Ids of the target assets", + "format": "int32" + } }, "lastAccessFromTime": { "type": "integer", @@ -2366,10 +4370,25 @@ }, "lastAccessToTime": { "type": "integer", - "description": "Last accessed To epoch (epoch)", + "description": "Last accessed To time (epoch)", "format": "int64", "example": 1678785157 }, + "cloudProviderType": { + "type": "string", + "description": "Prisma Cloud Provider Type from this query", + "example": "AWS", + "enum": [ + "UNKNOWN", + "ALL", + "AWS", + "AZURE", + "GCP", + "ALIBABA_CLOUD", + "OCI", + "IBM" + ] + }, "nextPageToken": { "type": "string", "description": "Page Token", @@ -2377,7 +4396,7 @@ } } }, - "CloudAssetRelatedAssetDto": { + "CloudAssetRelationshipDto": { "type": "object", "properties": { "targetAssetId": { @@ -2410,18 +4429,35 @@ "grantedByLevelType": { "type": "string", "description": "Granted by level type" + }, + "sourceAssetId": { + "type": "string", + "description": "Source Asset Id (unifiedAssetId)" + }, + "sourceCloudResourceId": { + "type": "string", + "description": "Source Asset Cloud Resource Id", + "example": "1593691785" + }, + "sourceDisplayName": { + "type": "string", + "description": "Source Display Name" + }, + "sourceResourceType": { + "type": "string", + "description": "Source Resource type" } }, "description": "items list" }, - "CloudAssetRelatedAssetsResponseDto": { + "CloudAssetRelationshipResponseDto": { "type": "object", "properties": { - "items": { + "value": { "type": "array", "description": "items list", "items": { - "$ref": "#/components/schemas/CloudAssetRelatedAssetDto" + "$ref": "#/components/schemas/CloudAssetRelationshipDto" } }, "nextPageToken": { @@ -2437,97 +4473,238 @@ } } }, - "RemediationResponseDtoV2": { + "PolicyFindingSearchRequestDto": { "type": "object", "properties": { - "cliCommand": { - "type": "string", - "description": "Relevant cli command for remediation", - "example": "cli command" + "uaiIds": { + "uniqueItems": true, + "type": "array", + "description": "Set of UAIs", + "example": "[681390624b288d835f4cd03e7bfb0994]", + "items": { + "type": "string", + "description": "Set of UAIs", + "example": "[681390624b288d835f4cd03e7bfb0994]" + } }, - "cliDescription": { - "type": "string", - "description": "Cli Description", - "example": "The following are CLI command is required for remediation. Successful execution will limit the relevant permissions of the violating resource." + "distinctFields": { + "uniqueItems": true, + "type": "array", + "description": "Set of fields to distinct by", + "example": "[grantedByCloudType, grantedByEntityType, grantedByEntityName, destCloudType, destCloudServiceName, destCloudResourceName, grantedByEntityTypeId, destResourceTypeId, grantedByEntityAssetId, destResourceAssetId ]", + "items": { + "type": "string", + "description": "Set of fields to distinct by", + "example": "[grantedByCloudType, grantedByEntityType, grantedByEntityName, destCloudType, destCloudServiceName, destCloudResourceName, grantedByEntityTypeId, destResourceTypeId, grantedByEntityAssetId, destResourceAssetId ]", + "enum": [ + "grantedByCloudType", + "grantedByEntityType", + "grantedByEntityName", + "destCloudType", + "destCloudServiceName", + "destCloudResourceName", + "grantedByEntityTypeId", + "destResourceTypeId", + "grantedByEntityAssetId", + "destResourceAssetId" + ] + } } } }, - "RqlResponseDtoV2": { + "PrismaApiCollectionResponseDto": { "type": "object", "properties": { - "timeRange": { - "$ref": "#/components/schemas/TimeRangeDto" + "items": { + "type": "array", + "description": "items list", + "items": { + "type": "object", + "description": "items list" + } }, - "query": { + "nextPageToken": { "type": "string", - "example": "config from iam where source.cloud.type = 'AWS'" + "description": "Next page token to be used to fetch the next page", + "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" } } }, - "OverPermissiveMetadataResponseDto": { + "AdminIdentitiesRequestDto": { "type": "object", "properties": { - "totalIamResourceCount": { + "accountNamesFilter": { + "type": "array", + "description": "Account names to filter with", + "example": "account1,account2", + "items": { + "type": "string", + "description": "Account names to filter with", + "example": "account1,account2" + } + }, + "accountGroupNamesFilter": { + "type": "array", + "description": "Account groups names to filter with", + "example": "account_group1,account_group2", + "items": { + "type": "string", + "description": "Account groups names to filter with", + "example": "account_group1,account_group2" + } + } + } + }, + "AdminIdentitiesCloudProviderResponseDto": { + "type": "object", + "properties": { + "levels": { + "type": "array", + "description": "Number of admin identities per level", + "items": { + "$ref": "#/components/schemas/AdminLevelDto" + } + }, + "allIdentitiesCount": { "type": "integer", - "description": "The total number of iam resources attached to the asset", - "format": "int32", - "example": 15 + "description": "All identities count", + "format": "int64", + "example": 100 }, - "overPermissiveCount": { + "adminIdentitiesCount": { "type": "integer", - "description": "The number of over permissive iam resources attached to the asset", - "format": "int32", - "example": 10 + "description": "Admin identities count", + "format": "int64", + "example": 50 + } + }, + "description": "All admin identities of AZURE by granted level" + }, + "AdminIdentitiesResponseDto": { + "type": "object", + "properties": { + "aws": { + "$ref": "#/components/schemas/AdminIdentitiesCloudProviderResponseDto" }, - "isCustomLeastPrivilegedSupported": { - "type": "boolean", - "description": "Is custom least privileged access supported for asset", - "example": true + "gcp": { + "$ref": "#/components/schemas/AdminIdentitiesCloudProviderResponseDto" }, - "isExistingLeastPrivilegedSupported": { - "type": "boolean", - "description": "Is existing least privileged access supported for asset", - "example": true + "azure": { + "$ref": "#/components/schemas/AdminIdentitiesCloudProviderResponseDto" + } + } + }, + "AdminLevelDto": { + "type": "object", + "properties": { + "levelType": { + "type": "string", + "description": "Granted Admin level type", + "example": "GCP_ORGANIZATION", + "enum": [ + "UNKNOWN", + "AWS_ORGANIZATION", + "AWS_ACCOUNT", + "GCP_ORGANIZATION", + "GCP_FOLDER", + "GCP_PROJECT", + "GCP_SERVICE", + "AZURE_RESOURCE", + "AZURE_MANAGEMENT_GROUP", + "AZURE_SUBSCRIPTION" + ] + }, + "count": { + "type": "integer", + "description": "Number of admin identities in this specific level", + "format": "int64", + "example": 10 + } + }, + "description": "Number of admin identities per level" + }, + "PermissionSearchRequestDto": { + "required": [ + "limit", + "query" + ], + "type": "object", + "properties": { + "limit": { + "type": "integer", + "description": "Query records limit", + "format": "int32", + "example": 5 + }, + "query": { + "type": "string", + "description": "Query body", + "example": "config from iam where source.cloud.type = 'aws'" }, - "iamResourceType": { + "id": { "type": "string", - "description": "The type of resources attached to the asset", - "example": "AWS IAM Policy" + "description": "Saved search id", + "example": "b75169aa-650a-4f03-b748-76cb7e66e383" } } }, - "ExistingLeastPrivilegedAccessDto": { + "PermissionSearchResponseDto": { "type": "object", "properties": { - "iamResourceName": { + "data": { + "$ref": "#/components/schemas/PermissionSearchResultDataDto" + }, + "query": { "type": "string", - "description": "The name of the iam resource", - "example": "MyIamResource" + "description": "Query string", + "example": "config from iam where ..." }, - "iamResourceId": { + "id": { "type": "string", - "description": "The id of the iam resource", - "example": "rrn:aws:iamRole::123456789012:3fab987adf7c268519219cdfe5a4c4c2d4dc:AROAXHNDH53GWC2HSVKSR" + "description": "Request user Id", + "example": "111111" }, - "iamResourceType": { + "saved": { + "type": "boolean", + "description": "Is search saved", + "example": true + }, + "name": { "type": "string", - "description": "The type of iam resource", - "example": "AWS_POLICY" + "description": "Search name", + "example": "search-name" }, - "formatType": { + "timeRange": { + "oneOf": [ + { + "$ref": "#/components/schemas/AbsoluteTimeRangeDto" + }, + { + "$ref": "#/components/schemas/RelativeTimeRangeDto" + }, + { + "$ref": "#/components/schemas/ToNowTimeRangeDto" + } + ] + }, + "searchType": { "type": "string", - "description": "Format type of the access policy", - "example": "TERRAFORM" + "description": "Search type", + "example": "search-type" }, - "snippet": { + "description": { "type": "string", - "description": "The access policy", - "example": "A Terraform code for creating a policy" + "description": "Search description", + "example": "search-description" + }, + "cloudType": { + "type": "string", + "description": "Cloud Type", + "example": "aws" } - }, - "description": "Least Privileged Access items" + } }, - "ExistingLeastPrivilegedAccessResponseDto": { + "PermissionSearchResultDataDto": { "type": "object", "properties": { "nextPageToken": { @@ -2535,486 +4712,668 @@ "description": "Next page token", "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" }, - "permissionsInAssetCount": { - "type": "integer", - "description": "Number of actions in asset", - "format": "int32", - "example": 10 - }, - "permissionsInLeastPrivilegedCount": { + "totalRows": { "type": "integer", - "description": "Number of actions in least privileged access", - "format": "int32", - "example": 10 + "description": "Total rows count", + "format": "int64", + "example": 1243 }, - "analysis": { + "items": { "type": "array", - "description": "Least Privileged result analysis", + "description": "Requested permissions list", "items": { - "$ref": "#/components/schemas/LeastPrivilegedPermissionVerdict" + "$ref": "#/components/schemas/PermissionDto" } }, - "value": { + "searchedDestCloudResourceNames": { + "uniqueItems": true, "type": "array", - "description": "Least Privileged Access items", + "description": "Searched destination cloud resource names", + "example": [], "items": { - "$ref": "#/components/schemas/ExistingLeastPrivilegedAccessDto" + "type": "string", + "description": "Searched destination cloud resource names", + "example": "[]" } } } }, - "LeastPrivilegedPermissionVerdict": { + "PolicyValidationRequestDto": { + "required": [ + "query" + ], "type": "object", "properties": { - "action": { - "type": "string" + "query": { + "type": "string", + "description": "RQL Query", + "example": "config from iam where source.cloud.type = 'aws'" + } + } + }, + "PermissionSearchPageRequestDto": { + "type": "object", + "properties": { + "limit": { + "type": "integer", + "format": "int32" }, - "configurationName": { + "pageToken": { "type": "string" - }, - "keep": { - "type": "boolean" } - }, - "description": "Least Privileged result analysis" + } }, - "CustomLeastPrivilegedAccessDto": { + "PermissionGraphRequestDto": { + "required": [ + "query" + ], "type": "object", "properties": { - "formatType": { - "type": "string", - "description": "Format type of the access policy", - "example": "TERRAFORM" - }, - "snippet": { + "query": { "type": "string", - "description": "The access policy", - "example": "Terraform code for creating a policy" + "description": "RQL Query", + "example": "config from iam where source.cloud.type = 'aws'" } - }, - "description": "Least Privileged Access items" + } }, - "CustomLeastPrivilegedAccessResponseDto": { + "RemediationRequestDto": { + "required": [ + "alerts" + ], "type": "object", "properties": { - "nextPageToken": { - "type": "string", - "description": "Next page token", - "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" - }, - "permissionsInAssetCount": { - "type": "integer", - "description": "Number of actions in asset", - "format": "int32", - "example": 10 - }, - "permissionsInLeastPrivilegedCount": { - "type": "integer", - "description": "Number of actions in least privileged access", - "format": "int32", - "example": 10 - }, - "analysis": { + "alerts": { "type": "array", - "description": "Least Privileged result analysis", + "description": "List of relevant alerts", + "example": [ + "I-1234", + "I-1235" + ], "items": { - "$ref": "#/components/schemas/LeastPrivilegedPermissionVerdict" + "type": "string", + "description": "List of relevant alerts", + "example": "[\"I-1234\",\"I-1235\"]" } - }, - "value": { - "type": "array", - "description": "Least Privileged Access items", - "items": { - "$ref": "#/components/schemas/CustomLeastPrivilegedAccessDto" + } + } + }, + "RemediationResponseDto": { + "type": "object", + "properties": { + "alertIdVsCliScript": { + "type": "object", + "additionalProperties": { + "type": "string", + "description": "List of relevant remediations", + "readOnly": true, + "example": "{\"I-1234\":\"cli command1\",\"I-1235\":\"cli command2\"}" + }, + "description": "List of relevant remediations", + "readOnly": true, + "example": { + "I-1234": "cli command1", + "I-1235": "cli command2" } + }, + "cliDescription": { + "type": "string", + "description": "Cli Description", + "readOnly": true, + "example": "The following are CLI commands required for remediation. Successful execution will limit the relevant permissions of the violating resource.}" } } }, - "PermissionSearchV4RequestDto": { + "PermissionAccessRequestDto": { "required": [ + "permissionId", "query" ], "type": "object", "properties": { - "query": { + "permissionId": { "type": "string", - "description": "RQL query", - "example": "config from iam where dest.cloud.type='AWS'" + "description": "Permission Id", + "example": "111111" }, - "searchId": { - "type": "string", - "description": "Saved search id", - "example": "ff4fcb80-03f6-41dd-8bd8-6179fd46b3a4" + "limit": { + "type": "integer", + "description": "Query records limit (default 0)", + "format": "int32", + "example": 5 }, + "query": { + "type": "string", + "description": "Query string", + "example": "config from iam where ..." + } + } + }, + "PermissionAccessResponseDto": { + "type": "object", + "properties": { + "data": { + "$ref": "#/components/schemas/PermissionAccessResultDataDto" + } + } + }, + "PermissionAccessResultDataDto": { + "type": "object", + "properties": { "nextPageToken": { "type": "string", - "description": "Page Token", + "description": "Next page token", + "readOnly": true, "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" }, - "groupByFields": { - "uniqueItems": true, + "totalRows": { + "type": "integer", + "description": "Total rows count", + "format": "int64", + "readOnly": true, + "example": 1243 + }, + "items": { "type": "array", - "description": "Fields to group results by. Empty or missing array is considered the same as an array with all possible fields", - "example": [ - "source", - "sourceCloudAccount", - "grantedByEntity", - "entityCloudAccount", - "grantedByPolicy", - "policyCloudAccount", - "grantedByLevel", - "action", - "destination", - "destCloudAccount", - "lastAccess" - ], + "description": "Permissions list", + "readOnly": true, "items": { - "type": "string", - "description": "Fields to group results by. Empty or missing array is considered the same as an array with all possible fields", - "example": "[\"source\",\"sourceCloudAccount\",\"grantedByEntity\",\"entityCloudAccount\",\"grantedByPolicy\",\"policyCloudAccount\",\"grantedByLevel\",\"action\",\"destination\",\"destCloudAccount\",\"lastAccess\"]", - "enum": [ - "source", - "sourceCloudAccount", - "grantedByEntity", - "entityCloudAccount", - "grantedByPolicy", - "policyCloudAccount", - "grantedByLevel", - "action", - "destination", - "destCloudAccount", - "lastAccess" - ] + "$ref": "#/components/schemas/PermissionLastAccessDto" } } + }, + "description": "Permissions last access list", + "readOnly": true + }, + "PermissionAccessPageRequestDto": { + "type": "object", + "properties": { + "limit": { + "type": "integer", + "description": "Query records limit (default: 0)", + "format": "int32", + "example": 5 + }, + "pageToken": { + "type": "string", + "description": "Page token (default: empty string)", + "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" + } } }, - "PermissionSearchV4ResponseDataDto": { + "DbAccountAttributesRequestDto": { + "required": [ + "accountIds", + "cloudTypes", + "tenantIds" + ], "type": "object", "properties": { - "items": { + "tenantIds": { "type": "array", - "description": "items list", + "description": "Tenant id of the accounts. if only one tenant id, update all accounts in the tenant. If [-1], update all accounts in the environment", + "example": 321423423, "items": { - "$ref": "#/components/schemas/PermissionV4DataItemDto" + "type": "integer", + "description": "Tenant id of the accounts. if only one tenant id, update all accounts in the tenant. If [-1], update all accounts in the environment", + "format": "int32", + "example": 321423423 } }, - "nextPageToken": { - "type": "string", - "description": "Next page token", - "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" + "accountIds": { + "type": "array", + "description": "List of account ids. If [-1], update all accounts of tenant", + "example": "[234234,23q423423]", + "items": { + "type": "string", + "description": "List of account ids. If [-1], update all accounts of tenant", + "example": "[234234,23q423423]" + } }, - "totalRows": { - "type": "integer", - "description": "Total rows count", - "format": "int64", - "example": 1243 + "rootAccountIds": { + "type": "array", + "description": "List of root account ids. If [-1], update all root accounts of tenant", + "example": "[234234,23q423423]", + "items": { + "type": "string", + "description": "List of root account ids. If [-1], update all root accounts of tenant", + "example": "[234234,23q423423]" + } }, - "searchedDestCloudResourceNames": { - "uniqueItems": true, + "cloudTypes": { "type": "array", - "description": "Searched destination cloud resource names", - "example": [], + "description": "List of cloud types.", + "example": "AWS", "items": { "type": "string", - "description": "Searched destination cloud resource names", - "example": "[]" + "description": "List of cloud types.", + "example": "AWS", + "enum": [ + "UNKNOWN", + "ALL", + "AWS", + "AZURE", + "GCP", + "ALIBABA_CLOUD", + "OCI", + "IBM" + ] } - } - } - }, - "PermissionSearchV4ResponseDto": { - "type": "object", - "properties": { - "data": { - "$ref": "#/components/schemas/PermissionSearchV4ResponseDataDto" }, - "query": { - "type": "string", - "description": "Query string", - "example": "config from iam where ..." + "epcCalculationTypeNoUnionOnAdd": { + "type": "boolean", + "description": "Whether or not to change the calculation type to NO_UNION_ON_ADD", + "example": true, + "default": false }, - "id": { - "type": "string", - "description": "Request user Id", - "example": "111111" + "epcCalculationTypeRegular": { + "type": "boolean", + "description": "Whether or not to change the calculation type to REGULAR", + "example": true, + "default": false }, - "saved": { + "epcRecalcNeeded": { "type": "boolean", - "description": "Is search saved", - "example": true + "description": "Whether or not to perform a epc recalc.", + "example": true, + "default": false }, - "name": { - "type": "string", - "description": "Search name", - "example": "search-name" + "epcStatusTooManyFailures": { + "type": "boolean", + "description": "Whether or not to set EPC status to TOO_MANY_FAILURES.", + "example": true, + "default": false }, - "timeRange": { - "$ref": "#/components/schemas/TimeRangeDto" + "epcWorkerTypeSmall": { + "type": "boolean", + "description": "Whether or not to set EPC worker type to SMALL.", + "example": true, + "default": false }, - "searchType": { - "type": "string", - "description": "Search type", - "example": "search-type" + "epcWorkerTypeLarge": { + "type": "boolean", + "description": "Whether or not to set EPC worker type to LARGE.", + "example": true, + "default": false }, - "description": { - "type": "string", - "description": "Search description", - "example": "search-description" + "adminIdentitiesRecalcNeeded": { + "type": "boolean", + "description": "Whether or not to perform an admin identities recalc.", + "example": true, + "default": false }, - "cloudType": { - "type": "string", - "description": "Cloud Type", - "example": "aws" + "policyIsAccessiveRecalcNeeded": { + "type": "boolean", + "description": "Whether or not to perform a policy isAccessive recalc.", + "example": true, + "default": false + }, + "releaseEpcCalculation": { + "type": "boolean", + "description": "Whether or not to release stuck accounts.", + "example": true, + "default": false + }, + "rescanNeeded": { + "type": "boolean", + "description": "Whether or not to perform a rescan.", + "example": true, + "default": false + } + }, + "description": "A list of account update requests.", + "example": "{\"data\":[{\"tenantIds\":-9,\"accountIds\":[\"123456789012\"],\"cloudType\":\"AWS\",\"epcCalculationTypeNoUnionOnAdd\":true,\"epcCalculationTypeRegular\":false,\"epcRecalcNeeded\":true,\"rescanNeeded\":true\"epcStatusTooManyFailures\":false,\"epcWorkerTypeSmall\":false,\"epcWorkerTypeLarge\":true,\"adminIdentitiesRecalcNeeded\":true,\"policyIsAccessiveRecalcNeeded\":true,\"releaseEpcCalculation\":true}]}" + }, + "DbAccountEpcAttributesChangeRequestDto": { + "required": [ + "data" + ], + "type": "object", + "properties": { + "data": { + "type": "array", + "description": "A list of account update requests.", + "example": "{\"data\":[{\"tenantIds\":-9,\"accountIds\":[\"123456789012\"],\"cloudType\":\"AWS\",\"epcCalculationTypeNoUnionOnAdd\":true,\"epcCalculationTypeRegular\":false,\"epcRecalcNeeded\":true,\"rescanNeeded\":true\"epcStatusTooManyFailures\":false,\"epcWorkerTypeSmall\":false,\"epcWorkerTypeLarge\":true,\"adminIdentitiesRecalcNeeded\":true,\"policyIsAccessiveRecalcNeeded\":true,\"releaseEpcCalculation\":true}]}", + "items": { + "$ref": "#/components/schemas/DbAccountAttributesRequestDto" + } } } }, - "PermissionV4DataItemDto": { + "ResourceDtoV2": { "type": "object", "properties": { - "id": { - "type": "string", - "description": "Message id", - "example": "13" - }, - "sourcePublic": { - "type": "boolean", - "description": "Is source public", - "example": false - }, - "sourceCloudType": { - "type": "string", - "description": "Source cloud type", - "example": "AWS" - }, - "sourceCloudAccount": { - "type": "string", - "description": "Source cloud account", - "example": "123456789" - }, - "sourceCloudRegion": { - "type": "string", - "description": "Source cloud region", - "example": "AWS London" - }, - "sourceCloudServiceName": { - "type": "string", - "description": "Source cloud service name", - "example": "iam" - }, - "sourceResourceName": { - "type": "string", - "description": "Source cloud resource name", - "example": "john" - }, - "sourceResourceType": { - "type": "string", - "description": "Source cloud resource type", - "example": "user" - }, - "sourceResourceId": { - "type": "string", - "description": "Source cloud resource id", - "example": "arn:aws:iam::111111:user/john" - }, - "sourceCloudResourceUai": { - "type": "string", - "description": "Source cloud resource UAI", - "example": "681390624b288d835f4cd03e7bfb0994" + "type": { + "type": "string" }, - "sourceIdpService": { + "id": { "type": "string", - "description": "Source IDP service", - "example": "AWS Identity Center" + "example": "a4e1d00b-b835-49c3-a194-16ee8d9aa837" }, - "sourceIdpDomain": { + "name": { "type": "string", - "description": "Source IDP domain", - "example": "idp.com" + "example": "groups/01baon6m1j3014o" + } + }, + "description": "items list" + }, + "ResourceIdsResponseV2Dto": { + "type": "object", + "properties": { + "data": { + "$ref": "#/components/schemas/ResourceIdsResultDtoV2" + } + } + }, + "ResourceIdsResultDtoV2": { + "type": "object", + "properties": { + "items": { + "type": "array", + "description": "items list", + "items": { + "$ref": "#/components/schemas/ResourceDtoV2" + } }, - "sourceIdpEmail": { + "nextPage": { "type": "string", - "description": "Source IDP email", - "example": "idp@email.com" - }, - "sourceIdpUserId": { + "description": "Next page url with the token", + "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" + } + } + }, + "RemediationResponseDtoV2": { + "type": "object", + "properties": { + "cliCommand": { "type": "string", - "description": "Source IDP user id", - "example": "123456789" + "description": "Relevant cli command for remediation", + "example": "cli command" }, - "sourceIdpUsername": { + "cliDescription": { "type": "string", - "description": "Source IDP user name", - "example": "idp-user" + "description": "Cli Description", + "example": "The following are CLI command is required for remediation. Successful execution will limit the relevant permissions of the violating resource.}" + } + } + }, + "RqlResponseDtoV2": { + "type": "object", + "properties": { + "timeRange": { + "$ref": "#/components/schemas/TimeRangeDto" }, - "sourceIdpGroup": { + "query": { "type": "string", - "description": "Source IDP group", - "example": "IdpGroup" + "example": "config from iam where source.cloud.type = 'AWS'" }, - "sourceIdpUai": { - "type": "string", - "description": "Source idp UAI", - "example": "681390424b288d835f5cd03e7bfb0993" + "data": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "ResourceDto": { + "type": "object", + "properties": { + "type": { + "type": "string" }, - "destCloudType": { - "type": "string", - "description": "Destination cloud type", - "example": "AWS" + "id": { + "type": "string" }, - "destCloudAccount": { - "type": "string", - "description": "Destination cloud account", - "example": "123456789" + "name": { + "type": "string" + } + }, + "description": "Resource ids and names array", + "example": [ + { + "id": "a4e1d00b-b835-49c3-a194-16ee8d9aa837", + "name": "groups/01baon6m1j3014o" + } + ] + }, + "ResourceIdsResponseDto": { + "type": "object", + "properties": { + "value": { + "type": "array", + "description": "Resource ids and names array", + "example": [ + { + "id": "a4e1d00b-b835-49c3-a194-16ee8d9aa837", + "name": "groups/01baon6m1j3014o" + } + ], + "items": { + "$ref": "#/components/schemas/ResourceDto" + } }, - "destCloudRegion": { + "nextPage": { "type": "string", - "description": "Destination cloud region", - "example": "AWS London" + "description": "Next page url with the token", + "example": "iam/api/v1/tenants/{prismaCustomerId}/cloud_types/{cloudType}/accounts/{accountId}/resource_types/{resourceType}/resources?pageToken=Q74589g444gg" + } + } + }, + "OverPermissiveMetadataResponseDto": { + "type": "object", + "properties": { + "totalIamResourceCount": { + "type": "integer", + "description": "The total number of iam resources attached to the asset", + "format": "int32", + "example": 15 }, - "destCloudServiceName": { - "type": "string", - "description": "Destination cloud service name", - "example": "iam" + "overPermissiveCount": { + "type": "integer", + "description": "The number of over permissive iam resources attached to the asset", + "format": "int32", + "example": 10 }, - "destResourceName": { - "type": "string", - "description": "Destination cloud resource name", - "example": "john" + "isCustomLeastPrivilegedSupported": { + "type": "boolean", + "description": "Is custom least privileged access supported for asset", + "example": true }, - "destResourceType": { - "type": "string", - "description": "Destination cloud resource type", - "example": "user" + "isExistingLeastPrivilegedSupported": { + "type": "boolean", + "description": "Is existing least privileged access supported for asset", + "example": true }, - "destResourceId": { + "iamResourceType": { "type": "string", - "description": "Destination cloud resource id", - "example": "arn:aws:iam::111111:user/john" - }, - "destCloudResourceUai": { + "description": "The type of resources attached to the asset", + "example": "AWS IAM Policy" + } + } + }, + "ExistingLeastPrivilegedAccessDto": { + "type": "object", + "properties": { + "iamResourceName": { "type": "string", - "description": "Destination cloud resource UAI", - "example": "181390424b298d835f4cd03e7bfb0991" + "description": "The name of the iam resource", + "example": "MyIamResource" }, - "grantedByCloudType": { + "iamResourceId": { "type": "string", - "description": "Granted by cloud type", - "example": "AWS" + "description": "The id of the iam resource", + "example": "rrn:aws:iamRole::123456789012:3fab987adf7c268519219cdfe5a4c4c2d4dc:AROAXHNDH53GWC2HSVKSR" }, - "grantedByCloudPolicyId": { + "iamResourceType": { "type": "string", - "description": "Granted by cloud policy Id", - "example": "arn:aws:iam::aws:policy/aws-policy" + "description": "The type of iam resource", + "example": "AWS_POLICY" }, - "grantedByCloudPolicyName": { + "formatType": { "type": "string", - "description": "Granted by cloud policy name", - "example": "my-policy" + "description": "Format type of the access policy", + "example": "TERRAFORM" }, - "grantedByCloudPolicyType": { + "snippet": { "type": "string", - "description": "Granted by cloud policy type", - "example": "Customer Managed Policy" - }, - "grantedByCloudPolicyUai": { + "description": "The access policy", + "example": "Terraform code for creating a policy" + } + }, + "description": "Least Privileged Access items" + }, + "ExistingLeastPrivilegedAccessResponseDto": { + "type": "object", + "properties": { + "nextPageToken": { "type": "string", - "description": "Granted by cloud policy UAI", - "example": "771390424b298d835f4cd03e7bfb0232" + "description": "Next page token", + "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" }, - "grantedByCloudPolicyAccount": { - "type": "string", - "description": "Granted by cloud policy account", - "example": "123456789" + "permissionsInAssetCount": { + "type": "integer", + "description": "Number of actions in asset", + "format": "int32", + "example": 10 }, - "grantedByCloudEntityId": { - "type": "string", - "description": "Granted by cloud entity id", - "example": "arn:aws:iam:::role/my-role" + "permissionsInLeastPrivilegedCount": { + "type": "integer", + "description": "Number of actions in least privileged access", + "format": "int32", + "example": 10 }, - "grantedByCloudEntityName": { - "type": "string", - "description": "Granted by cloud entity name", - "example": "my-role" + "verdicts": { + "type": "array", + "description": "Least Privileged result verdicts", + "items": { + "$ref": "#/components/schemas/LeastPrivilegedPermissionVerdict" + } }, - "grantedByCloudEntityType": { - "type": "string", - "description": "Granted by cloud entity type", - "example": "user" + "value": { + "type": "array", + "description": "Least Privileged Access items", + "items": { + "$ref": "#/components/schemas/ExistingLeastPrivilegedAccessDto" + } + } + } + }, + "LeastPrivilegedPermissionVerdict": { + "type": "object", + "properties": { + "action": { + "type": "string" }, - "grantedByCloudEntityAccount": { - "type": "string", - "description": "Granted by cloud entity account", - "example": "123456789" + "iamResourceName": { + "type": "string" }, - "grantedByCloudEntityUai": { + "keep": { + "type": "boolean" + } + }, + "description": "Least Privileged result verdicts" + }, + "CustomLeastPrivilegedAccessDto": { + "type": "object", + "properties": { + "formatType": { "type": "string", - "description": "Granted by cloud entity UAI", - "example": "223390424b298d835f4cd03e7bfb0111" + "description": "Format type of the access policy", + "example": "TERRAFORM" }, - "grantedByLevelType": { + "snippet": { "type": "string", - "description": "Granted by level type", - "example": "GCP Folder" - }, - "grantedByLevelId": { + "description": "The access policy", + "example": "Terraform code for creating a policy" + } + }, + "description": "Least Privileged Access items" + }, + "CustomLeastPrivilegedAccessResponseDto": { + "type": "object", + "properties": { + "nextPageToken": { "type": "string", - "description": "Granted by level id", - "example": "level_id" + "description": "Next page token", + "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" }, - "grantedByLevelName": { - "type": "string", - "description": "Granted by level name", - "example": "level_name" + "permissionsInAssetCount": { + "type": "integer", + "description": "Number of actions in asset", + "format": "int32", + "example": 10 }, - "grantedByLevelUai": { - "type": "string", - "description": "Granted by level UAI", - "example": "123390424cb99d835f4cd03e7bfb0991" + "permissionsInLeastPrivilegedCount": { + "type": "integer", + "description": "Number of actions in least privileged access", + "format": "int32", + "example": 10 }, - "lastAccessDate": { - "type": "string", - "description": "Last accessed data", - "example": "2024-01-02" + "verdicts": { + "type": "array", + "description": "Least Privileged result verdicts", + "items": { + "$ref": "#/components/schemas/LeastPrivilegedPermissionVerdict" + } }, - "lastAccessStatus": { - "type": "string", - "description": "Last accessed status", - "example": "ACCESSED", - "enum": [ - "NOT_AVAILABLE", - "NOT_ACCESSED_IN_TRACKING_PERIOD", - "ACCESSED" + "value": { + "type": "array", + "description": "Least Privileged Access items", + "items": { + "$ref": "#/components/schemas/CustomLeastPrivilegedAccessDto" + } + } + } + }, + "RqlResponseDto": { + "type": "object", + "properties": { + "timeRange": { + "oneOf": [ + { + "$ref": "#/components/schemas/AbsoluteTimeRangeDto" + }, + { + "$ref": "#/components/schemas/RelativeTimeRangeDto" + }, + { + "$ref": "#/components/schemas/ToNowTimeRangeDto" + } ] }, - "accessedResourcesCount": { - "type": "integer", - "description": "Accessed resource count", - "format": "int64", - "example": 12 - }, - "effectiveActionName": { + "query": { "type": "string", - "description": "Effective action name", - "example": "sso:ListApplications" + "example": "config from iam where source.cloud.type = 'AWS'" }, - "exceptions": { + "data": { "type": "array", - "description": "Permission exception list", + "items": { + "type": "string" + } + } + } + }, + "AzureGroupIdsResponseDto": { + "type": "object", + "properties": { + "groups": { + "type": "array", + "description": "Group ids array", "example": [ - { - "messageCode": "LIMITED_BY_DENY_STATEMENT" - } + "a8eb7d22-a93b-470b-a5dd-cdca638ec4bb", + "b8eb7d22-a93b-470b-a5dd-cdca638ec4dd" ], "items": { - "$ref": "#/components/schemas/PermissionExceptionDto" + "type": "string", + "description": "Group ids array", + "example": "[\"a8eb7d22-a93b-470b-a5dd-cdca638ec4bb\",\"b8eb7d22-a93b-470b-a5dd-cdca638ec4dd\"]" } }, - "wildCardDestCloudResourceName": { - "type": "boolean" + "nextPageToken": { + "type": "string", + "description": "Query string", + "example": "=Q74589g444gg" } - }, - "description": "items list" + } } }, "securitySchemes": { From a7024d2e4ddc0ff10f859038f46a6808f51fbbd3 Mon Sep 17 00:00:00 2001 From: AbiMano4688 Date: Wed, 11 Sep 2024 16:13:01 +0530 Subject: [PATCH 4/9] Revert "RLP-149539 updates" This reverts commit 87b77e51e932404264e2074daa941591d761b94b. --- openapi-specs/cspm/IAMV2MicroService.json | 5095 ++++++--------------- 1 file changed, 1368 insertions(+), 3727 deletions(-) diff --git a/openapi-specs/cspm/IAMV2MicroService.json b/openapi-specs/cspm/IAMV2MicroService.json index 9df504d34..81b973f98 100644 --- a/openapi-specs/cspm/IAMV2MicroService.json +++ b/openapi-specs/cspm/IAMV2MicroService.json @@ -52,14 +52,14 @@ } ], "paths": { - "/iam/api/v4/search/permission": { + "/iam/api/v3/search/permission": { "post": { "tags": [ "IAM" ], - "summary": "Get permissions V4", - "description": "Returns permissions grouped by requested fields and a page token for the next page if applicable", - "operationId": "permission-search-v4_1", + "summary": "Get Permissions V3", + "description": "Returns a page of permissions and a page token for the next page if applicable", + "operationId": "search-permissions-v3", "parameters": [ { "name": "limit", @@ -77,34 +77,59 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PermissionSearchV4RequestDto" + "$ref": "#/components/schemas/PermissionSearchRequestDtoV3" } } }, "required": true }, "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PermissionSearchResponseDtoV3" + } + } + } + }, "400": { "description": "Bad request", "content": { - "*/*": { + "application/json": { "schema": { "$ref": "#/components/schemas/ApiErrorResponseDto" } - }, + } + } + }, + "401": { + "description": "Unauthorized", + "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } }, - "200": { - "description": "OK", + "403": { + "description": "Forbidden", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PermissionSearchV4ResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" + } + } + } + }, + "404": { + "description": "Not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -137,13 +162,65 @@ } } } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v4/search/permission": { + "post": { + "tags": [ + "IAM" + ], + "summary": "Get Permissions V4", + "description": "Returns permissions grouped by requested fields and a page token for the next page if applicable.", + "operationId": "permission-search-v4", + "parameters": [ + { + "name": "limit", + "in": "query", + "description": "Query records limit", + "required": false, + "schema": { + "type": "integer", + "format": "int32" + }, + "example": 100 + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PermissionSearchV4RequestDto" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PermissionSearchV4ResponseDto" + } + } + } }, - "404": { - "description": "Not found", + "400": { + "description": "Bad request", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -153,7 +230,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -163,7 +240,46 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" + } + } + } + }, + "404": { + "description": "Not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponseDto" + } + } + } + }, + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" } } } @@ -183,7 +299,7 @@ "tags": [ "IAM" ], - "summary": "Get accesses of a permission V3", + "summary": "Get Permission Accesses V3", "description": "Returns a page of permission's last acceses and a page token for the next page if applicable", "operationId": "permissions-accesses-v3", "parameters": [ @@ -208,7 +324,7 @@ "type": "integer", "format": "int32" }, - "example": 100 + "example": 5 } ], "requestBody": { @@ -222,31 +338,12 @@ "required": true }, "responses": { - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", + "200": { + "description": "OK", + "content": { + "application/json": { "schema": { - "type": "integer" + "$ref": "#/components/schemas/PermissionAccessResponseDtoV3" } } } @@ -256,47 +353,66 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } }, - "404": { - "description": "Not found", + "401": { + "description": "Unauthorized", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } }, - "401": { - "description": "Unauthorized", + "403": { + "description": "Forbidden", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } }, - "403": { - "description": "Forbidden", + "404": { + "description": "Not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } }, - "200": { - "description": "OK", - "content": { - "application/json": { + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", "schema": { - "$ref": "#/components/schemas/PermissionAccessResponseDtoV3" + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" } } } @@ -316,7 +432,7 @@ "tags": [ "IAM" ], - "summary": "Suggest RQL V2", + "summary": "Get Query Suggestions V2", "description": "Suggest auto completion for RQL and notify whether the current RQL is valid or not", "operationId": "iam-suggest-v2", "parameters": [], @@ -331,51 +447,22 @@ "required": true }, "responses": { - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", - "schema": { - "type": "integer" - } - } - } - }, - "400": { - "description": "Bad request", + "200": { + "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/SuggestResponseDto" } } } }, - "404": { - "description": "Not found", + "400": { + "description": "Bad request", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -385,7 +472,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -395,51 +482,21 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } }, - "200": { - "description": "OK", + "404": { + "description": "Not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SuggestResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v2/search/iam_config": { - "post": { - "tags": [ - "IAM" - ], - "summary": "Get permissions role/policy definition V2", - "description": "Returns the raw config (policy/role definition) which the permission was calculated from", - "operationId": "permission-raw-config-definition-v2", - "parameters": [], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionRawDataRequestDto" - } - } }, - "required": true - }, - "responses": { "429": { "description": "Throttled", "headers": { @@ -468,23 +525,53 @@ } } } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v2/search/iam_config": { + "post": { + "tags": [ + "IAM" + ], + "summary": "Get Permissions Role or Policy Definition V2", + "description": "Returns the raw config (policy/role definition) which the permission was calculated from", + "operationId": "permission-raw-config-definition", + "parameters": [], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PermissionRawDataRequestDto" + } + } }, - "400": { - "description": "Bad request", + "required": true + }, + "responses": { + "200": { + "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/PermissionRawDataResponseDto" } } } }, - "404": { - "description": "Not found", + "400": { + "description": "Bad request", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -494,7 +581,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -504,57 +591,17 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionRawDataResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v2/search/graph/source_to_granter": { - "post": { - "tags": [ - "IAM" - ], - "summary": "Get graph source to granter v2", - "description": "Get a stream of unique source and granted by values for a given permissions query", - "operationId": "permissions-graph-source-to-granter-v2", - "parameters": [], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionGraphRequestDtoV2" - } - } }, - "required": true - }, - "responses": { - "200": { - "description": "OK", + "404": { + "description": "Not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SourceToGranterPermissionResponseDtoV2" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -587,23 +634,78 @@ } } } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v1/asset/{asset-id}/related-asset": { + "post": { + "tags": [ + "IAM" + ], + "summary": "Get Cloud Identity Inventory (CII) Resource Related Assets", + "description": "Get assets related to Cloud Identity Inventory (CII) resource.", + "operationId": "cii-related-assets-v1", + "parameters": [ + { + "name": "asset-id", + "in": "path", + "description": "The asset UAI where you want to find it related assets", + "required": true, + "schema": { + "type": "string", + "description": "The asset UAI where you want to find it related assets", + "example": "681390424b288d835f5cd03e7bfb0993" + }, + "example": "681390424b288d835f5cd03e7bfb0993" + }, + { + "name": "limit", + "in": "query", + "description": "Query client records limit, return MAX(0, MIN(client.limit, service.limit))", + "required": false, + "schema": { + "type": "string", + "description": "Query client records limit, return MAX(0, MIN(client.limit, service.limit))", + "example": 5 + }, + "example": 5 + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CloudAssetRelatedAssetsRequestDto" + } + } }, - "400": { - "description": "Bad request", + "required": true + }, + "responses": { + "200": { + "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/CloudAssetRelatedAssetsResponseDto" } } } }, - "404": { - "description": "Not found", + "400": { + "description": "Bad request", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -613,7 +715,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -623,41 +725,21 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v2/search/graph/granter_to_dest": { - "post": { - "tags": [ - "IAM" - ], - "summary": "Get graph granter to dest v2", - "description": "Get a stream of unique granted by and dest by values for a given permissions query", - "operationId": "permissions-graph-granter-to-dest-v2", - "parameters": [], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionGraphRequestDtoV2" + }, + "404": { + "description": "Not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponseDto" + } } } }, - "required": true - }, - "responses": { "429": { "description": "Throttled", "headers": { @@ -686,13 +768,46 @@ } } } - }, + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v2/alert/{alertId}/remediation_command": { + "get": { + "tags": [ + "IAM" + ], + "summary": "Get Remediation Command", + "description": "Get remediation command for an alert", + "operationId": "alert-remediation-command", + "parameters": [ + { + "name": "alertId", + "in": "path", + "description": "The alert id", + "required": true, + "schema": { + "type": "string", + "description": "The alert id", + "example": "I-34537" + }, + "example": "I-34537" + } + ], + "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/GranterToDestPermissionResponseDtoV2" + "$ref": "#/components/schemas/RemediationResponseDtoV2" } } } @@ -702,105 +817,41 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } }, - "404": { - "description": "Not found", + "401": { + "description": "Unauthorized", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } }, - "401": { - "description": "Unauthorized", + "403": { + "description": "Forbidden", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } }, - "403": { - "description": "Forbidden", + "404": { + "description": "Not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v2/permission/{permission-id}/list_access": { - "post": { - "tags": [ - "IAM" - ], - "summary": "Get accesses of a permission V2", - "description": "Returns a page of permission's last accesses and a page token for the next page if applicable", - "operationId": "permissions-accesses-v2", - "parameters": [ - { - "name": "permission-id", - "in": "path", - "description": "The permission id. Can be retrieved from search/permission api", - "required": true, - "schema": { - "type": "string", - "description": "The permission id. Can be retrieved from search/permission api", - "example": "06c3cb4403ac276ff59679139b8e6afca2afe93100c8b39014f033ca0339ff0f" - }, - "example": "06c3cb4403ac276ff59679139b8e6afca2afe93100c8b39014f033ca0339ff0f" - }, - { - "name": "limit", - "in": "query", - "description": "Query records limit", - "required": false, - "schema": { - "type": "integer", - "format": "int32" - }, - "example": 5 - }, - { - "name": "page-token", - "in": "query", - "description": "Page token", - "required": false, - "schema": { - "type": "string" - }, - "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionAccessRequestDtoV2" - } - } }, - "required": true - }, - "responses": { "429": { "description": "Throttled", "headers": { @@ -829,33 +880,56 @@ } } } - }, - "400": { - "description": "Bad request", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "404": { - "description": "Not found", + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v2/alert/{alertId}/query": { + "get": { + "tags": [ + "IAM" + ], + "summary": "Get IAM Query V2", + "description": "Returns the query associated with an alert instance", + "operationId": "investigate-alert", + "parameters": [ + { + "name": "alertId", + "in": "path", + "description": "The alert id", + "required": true, + "schema": { + "type": "string", + "description": "The alert id", + "example": "I-34537" + }, + "example": "I-34537" + } + ], + "responses": { + "200": { + "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/RqlResponseDtoV2" } } } }, - "200": { - "description": "OK", + "400": { + "description": "Bad request", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PermissionAccessResponseDtoV2" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -865,7 +939,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -875,60 +949,21 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v2/asset/{asset-id}/related-asset": { - "post": { - "tags": [ - "Asset Relationship Controller V2" - ], - "description": "Get resource related assets and a page token for the next page if applicable", - "operationId": "getCloudAssetRelatedAssetsResponseAsCsv_1", - "parameters": [ - { - "name": "asset-id", - "in": "path", - "required": true, - "schema": { - "type": "string" - } }, - { - "name": "limit", - "in": "query", - "description": "Query client records limit, return MAX(0, MIN(client.limit, service.limit))", - "required": false, - "schema": { - "type": "integer", - "format": "int32" - }, - "example": 5 - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CloudAssetRelatedAssetsRequestDto" + "404": { + "description": "Not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponseDto" + } } } }, - "required": true - }, - "responses": { "429": { "description": "Throttled", "headers": { @@ -957,23 +992,56 @@ } } } - }, - "400": { - "description": "Bad request", + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v1/assets/{assetId}/over-permissive-metadata": { + "get": { + "tags": [ + "IAM" + ], + "summary": "Get Least Privilege Access Metadata of an Asset", + "description": "Return a metadata and info about the improvement potential for an assert of Least Privilege Access.", + "operationId": "least-privilege-access-metadata-v1", + "parameters": [ + { + "name": "assetId", + "in": "path", + "description": "the UAI asset Id", + "required": true, + "schema": { + "type": "string", + "description": "the UAI asset Id", + "example": "681390424b288d835f5cd03e7bfb0993" + }, + "example": "681390424b288d835f5cd03e7bfb0993" + } + ], + "responses": { + "200": { + "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/OverPermissiveMetadataResponseDto" } } } }, - "404": { - "description": "Not found", + "400": { + "description": "Bad request", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -983,7 +1051,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -993,62 +1061,21 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } }, - "200": { - "description": "OK", + "404": { + "description": "Not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CloudAssetRelatedAssetsResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v2/asset/relationship/search": { - "post": { - "tags": [ - "Asset Relationship Controller V2" - ], - "description": "Get resource relationships first page and a page token for the next page if applicable", - "operationId": "getCloudAssetRelationshipResponse", - "parameters": [ - { - "name": "limit", - "in": "query", - "description": "Query records limit", - "required": false, - "schema": { - "type": "integer", - "format": "int32" - }, - "example": 5 - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CloudAssetRelationshipSearchRequestDto" - } - } }, - "required": true - }, - "responses": { "429": { "description": "Throttled", "headers": { @@ -1077,56 +1104,6 @@ } } } - }, - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CloudAssetRelationshipResponseDto" - } - } - } - }, - "400": { - "description": "Bad request", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "404": { - "description": "Not found", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "401": { - "description": "Unauthorized", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } } }, "x-microservice": "true", @@ -1138,91 +1115,67 @@ ] } }, - "/iam/api/v1/asset/{asset-id}/related-asset": { - "post": { + "/iam/api/v1/assets/{assetId}/existing-least-privileged-access": { + "get": { "tags": [ "IAM" ], - "summary": "Get Cloud Identity Inventory (CII) resource related assets", - "description": "Get the related assets of a resource", - "operationId": "cii-related-assets-v1_1", + "summary": "Get Existing Least Privilege Access Suggestions for an Asset", + "description": "Suggest least privileged access from existing resources according to the asset. This configuration will minimize the amount of policies/roles used while preserve all the actions used in the last specified last X days", + "operationId": "existing-least-privilege-access-v1", "parameters": [ { - "name": "asset-id", + "name": "assetId", "in": "path", + "description": "the UAI asset Id", "required": true, "schema": { - "type": "string" - } + "type": "string", + "description": "the UAI asset Id", + "example": "681390424b288d835f5cd03e7bfb0993" + }, + "example": "681390424b288d835f5cd03e7bfb0993" }, { - "name": "limit", + "name": "output_format", "in": "query", - "description": "Query client records limit, return MAX(0, MIN(client.limit, service.limit))", - "required": false, + "description": "Output format type. One of: JSON / TERRAFORM/ CF", + "required": true, "schema": { "type": "integer", "format": "int32" }, - "example": 5 + "example": "JSON" + }, + { + "name": "lookback_duration_days", + "in": "query", + "description": "Amount of days to look back for used actions", + "required": true, + "schema": { + "type": "integer", + "format": "int32" + }, + "example": 90 } ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CloudAssetRelatedAssetsRequestDto" - } - } - }, - "required": true - }, "responses": { - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", - "schema": { - "type": "integer" - } - } - } - }, - "400": { - "description": "Bad request", + "200": { + "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ExistingLeastPrivilegedAccessResponseDto" } } } }, - "404": { - "description": "Not found", + "400": { + "description": "Bad request", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -1232,7 +1185,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -1242,63 +1195,21 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } }, - "200": { - "description": "OK", + "404": { + "description": "Not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CloudAssetRelatedAssetsResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v1/asset/relationship/search": { - "post": { - "tags": [ - "IAM" - ], - "summary": "Get Cloud Identity Inventory (CII) resource relationships", - "description": "Get the relationships of a resource", - "operationId": "cii-asset-relationships-v1", - "parameters": [ - { - "name": "limit", - "in": "query", - "description": "Query records limit", - "required": false, - "schema": { - "type": "integer", - "format": "int32" - }, - "example": 5 - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CloudAssetRelationshipSearchRequestDto" - } - } }, - "required": true - }, - "responses": { "429": { "description": "Throttled", "headers": { @@ -1327,13 +1238,68 @@ } } } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v1/assets/{assetId}/custom-least-privileged-access": { + "get": { + "tags": [ + "IAM" + ], + "summary": "Get New Least Privilege Access Suggestions for an Asset", + "description": "Generate Custom least privileged access configuration for the asset. Applying this configuration will minimize the amount of policies/roles used while preserve all the actions used in the last specified last X days", + "operationId": "custom-least-privilege-access-v1", + "parameters": [ + { + "name": "assetId", + "in": "path", + "description": "The UAI of the asset.", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "output_format", + "in": "query", + "description": "Output format type. One of: JSON / TERRAFORM/ CF", + "required": true, + "schema": { + "type": "string", + "enum": [ + "JSON", + "TERRAFORM", + "CF" + ] + } }, + { + "name": "lookback_duration_days", + "in": "query", + "description": "Amount of days to look back for used actions", + "required": true, + "schema": { + "type": "integer", + "format": "int32" + }, + "example": 90 + } + ], + "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CloudAssetRelationshipResponseDto" + "$ref": "#/components/schemas/CustomLeastPrivilegedAccessResponseDto" } } } @@ -1343,17 +1309,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "404": { - "description": "Not found", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -1363,7 +1319,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -1373,57 +1329,17 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v1/admin-identities": { - "post": { - "tags": [ - "IAM" - ], - "summary": "Get admin identities", - "description": "Returns admin identities by cloud provider for each level", - "operationId": "admin-identities", - "parameters": [], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AdminIdentitiesRequestDto" - } - } - }, - "required": true - }, - "responses": { - "400": { - "description": "Bad request", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } }, - "200": { - "description": "OK", + "404": { + "description": "Not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AdminIdentitiesResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -1456,13 +1372,53 @@ } } } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/iam/api/v1/resources/{resourceId}/over-permissive-metadata": { + "get": { + "tags": [ + "IAM" + ], + "summary": "Get Least Privilege Access Metadata of a Resource", + "description": "Returns metadata describing whether an asset has potential for access optimization", + "operationId": "least-privilege-access-metadata-by-resource-v1", + "parameters": [ + { + "name": "resourceId", + "in": "path", + "description": "The resource ID", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExistingLeastPrivilegedAccessResponseDto" + } + } + } }, - "404": { - "description": "Not found", + "400": { + "description": "Bad request", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -1472,7 +1428,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } @@ -1482,7 +1438,46 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" + } + } + } + }, + "404": { + "description": "Not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponseDto" + } + } + } + }, + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" } } } @@ -1497,108 +1492,130 @@ ] } }, - "/api/v1/suggest": { - "post": { + "/iam/api/v1/resources/{resourceId}/existing-least-privileged-access": { + "get": { "tags": [ "IAM" ], - "summary": "Suggest RQL V1", - "description": "Suggest auto completion for RQL and notify whether the current RQL is valid or not", - "operationId": "iam-suggest-v1", - "parameters": [], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SuggestRequestDto" - } + "summary": "Get Least Privilege Access Suggestions for a Resource", + "description": "Suggest the least privileged access based on existing IAM configurations. This configuration will minimize the number of policies/roles used preserving all the actions used in the last specified X days.", + "operationId": "existing-least-privilege-access-by-resource-v1", + "parameters": [ + { + "name": "resourceId", + "in": "path", + "description": "The resource ID", + "required": true, + "schema": { + "type": "string", + "description": "the resource ID" } }, - "required": true - }, + { + "name": "output_format", + "in": "query", + "description": "Output format.", + "required": true, + "schema": { + "type": "string", + "enum": [ + "JSON", + "TERRAFORM", + "CF" + ] + } + }, + { + "name": "lookback_duration_days", + "in": "query", + "description": "Amount of days to look back for used actions.", + "required": true, + "schema": { + "type": "integer", + "format": "int32" + }, + "example": 90 + } + ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SuggestResponseDto" + "$ref": "#/components/schemas/ExistingLeastPrivilegedAccessResponseDto" } } } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/api/v1/permission": { - "post": { - "tags": [ - "IAM" - ], - "summary": "Get permissions V1", - "description": "Returns the first page of permissions and a page token for the next page if applicable", - "operationId": "search-permissions-v1_1", - "parameters": [], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionSearchRequestDto" + }, + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponseDto" + } } } }, - "required": true - }, - "responses": { - "200": { - "description": "OK", + "401": { + "description": "Unauthorized", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PermissionSearchResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/api/v1/permission/graph/source_to_granter": { - "post": { - "tags": [ - "IAM" - ], - "summary": "Get graph source to granter v1", - "description": "Get a stream of unique source and granted by values for a given permissions query", - "operationId": "permissions-graph-source-to-granter-v1", - "parameters": [], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionGraphRequestDto" + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponseDto" + } } } }, - "required": true - }, - "responses": { - "200": { - "description": "OK" + "404": { + "description": "Not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponseDto" + } + } + } + }, + "429": { + "description": "Throttled", + "headers": { + "X-RateLimit-Remaining": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Requested-Tokens": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Burst-Capacity": { + "style": "simple", + "schema": { + "type": "integer" + } + }, + "X-RateLimit-Replenish-Rate": { + "style": "simple", + "schema": { + "type": "integer" + } + } + } } }, "x-microservice": "true", @@ -1610,207 +1627,57 @@ ] } }, - "/api/v1/permission/graph/granter_to_dest": { - "post": { + "/iam/api/v1/resources/{resourceId}/custom-least-privileged-access": { + "get": { "tags": [ "IAM" ], - "summary": "Get graph granter to dest v1", - "description": "Get a stream of unique granted by and dest by values for a given permissions query", - "operationId": "permissions-graph-granter-to-dest-v1", - "parameters": [], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionGraphRequestDto" - } + "summary": "Get New Least Privilege Access Suggestions for a Resource", + "description": "Generate a custom least privileged access configuration for the resource. Applying this configuration will minimize the number of policies/roles used while preserving all the actions used in the last specified X days", + "operationId": "custom-least-privilege-access-by-resource-v1", + "parameters": [ + { + "name": "resourceId", + "in": "path", + "description": "The resource ID", + "required": true, + "schema": { + "type": "string" } }, - "required": true - }, - "responses": { - "200": { - "description": "OK" - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/api/v1/permission/alert/remediation": { - "post": { - "tags": [ - "IAM" - ], - "summary": "Get alert remediation command V1", - "description": "Get remediation command for an alert", - "operationId": "alert-remediation-command", - "parameters": [], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/RemediationRequestDto" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/RemediationResponseDto" - } - } - } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ { - "x-redlock-auth": [] - } - ] - } - }, - "/api/v1/permission/access": { - "post": { - "tags": [ - "IAM" - ], - "summary": "Get permission last access first page v1", - "description": "Returns the first page of permission's last access and a page token for the next page if applicable", - "operationId": "permissions-accesses-v1", - "parameters": [], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionAccessRequestDto" - } + "name": "output_format", + "in": "query", + "description": "Output format.", + "required": true, + "schema": { + "type": "string", + "enum": [ + "JSON", + "TERRAFORM", + "CF" + ] } }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionAccessResponseDto" - } - } - } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ { - "x-redlock-auth": [] + "name": "lookback_duration_days", + "in": "query", + "description": "Amount of days to look back for used actions", + "required": true, + "schema": { + "type": "integer", + "format": "int32" + }, + "example": 90 } - ] - } - }, - "/api/v1/permission/access/page": { - "post": { - "tags": [ - "IAM" ], - "summary": "Get permission last access next page v1", - "description": "Returns page of permission's last access from a given next page token", - "operationId": "permissions-accesses-next-page-v1", - "parameters": [], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionAccessPageRequestDto" - } - } - }, - "required": true - }, "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PermissionAccessResultDataDto" - } - } - } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v2/alert/{alertId}/remediation_command": { - "get": { - "tags": [ - "IAM" - ], - "summary": "Get alert remediation command V2", - "description": "Get remediation command for an alert", - "operationId": "alert-remediation-command-v2", - "parameters": [ - { - "name": "alertId", - "in": "path", - "description": "Alert Id", - "required": true, - "schema": { - "type": "string", - "description": "Alert Id", - "example": "I-837629" - }, - "example": "I-837629" - } - ], - "responses": { - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", - "schema": { - "type": "integer" + "$ref": "#/components/schemas/CustomLeastPrivilegedAccessResponseDto" } } } @@ -1820,84 +1687,41 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } }, - "404": { - "description": "Not found", + "401": { + "description": "Unauthorized", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } }, - "200": { - "description": "OK", + "403": { + "description": "Forbidden", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/RemediationResponseDtoV2" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } }, - "401": { - "description": "Unauthorized", + "404": { + "description": "Not found", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" + "$ref": "#/components/schemas/ApiErrorResponseDto" } } } }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v2/alert/{alertId}/query": { - "get": { - "tags": [ - "IAM" - ], - "summary": "Investigate alert V2", - "description": "Returns the query associated with an alert instance", - "operationId": "investigate-alert-v2", - "parameters": [ - { - "name": "alertId", - "in": "path", - "description": "The alert id", - "required": true, - "schema": { - "type": "string", - "description": "The alert id", - "example": "I-34537" - }, - "example": "I-34537" - } - ], - "responses": { "429": { "description": "Throttled", "headers": { @@ -1926,1462 +1750,70 @@ } } } + } + }, + "x-microservice": "true", + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + } + }, + "components": { + "schemas": { + "ApiErrorResponseBodyDto": { + "required": [ + "code", + "message" + ], + "type": "object", + "properties": { + "code": { + "type": "string" }, - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/RqlResponseDtoV2" - } - } - } + "message": { + "type": "string" }, - "400": { - "description": "Bad request", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "404": { - "description": "Not found", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "401": { - "description": "Unauthorized", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v1/resources/{resourceId}/over-permissive-metadata": { - "get": { - "tags": [ - "IAM" - ], - "summary": "Get Least Privilege Access metadata for resource V1", - "description": "Returns metadata describing whether an asset has potential for access optimization", - "operationId": "least-privilege-access-metadata-by-resource-v1", - "parameters": [ - { - "name": "resourceId", - "in": "path", - "description": "the resource ID", - "required": true, - "schema": { - "type": "string", - "description": "the resource ID", - "example": "arn:aws:iam::accountId:role/roleName for AWS\n\"(should be encoded - arn%3Aaws%3Aiam%3A%3AaccountId%3Arole%2FroleName),\n 1f50e22a-46b6-3ac9-174d-537287ed9523 for Azure\n" - }, - "example": "arn:aws:iam::accountId:role/roleName for AWS\n\"(should be encoded - arn%3Aaws%3Aiam%3A%3AaccountId%3Arole%2FroleName),\n 1f50e22a-46b6-3ac9-174d-537287ed9523 for Azure\n" - } - ], - "responses": { - "400": { - "description": "Bad request", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", - "schema": { - "type": "integer" - } - } - } - }, - "404": { - "description": "Not found", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/OverPermissiveMetadataResponseDto" - } - } - } - }, - "401": { - "description": "Unauthorized", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v1/resources/{resourceId}/existing-least-privileged-access": { - "get": { - "tags": [ - "IAM" - ], - "summary": "Generates existing Least Privilege Access suggestion for asset V1", - "description": "Suggest the least privileged access based on existing IAM configurations. This configuration will minimize the number of policies/roles used preserving all the actions used in the last specified X days", - "operationId": "existing-least-privilege-access-by-resource-v1", - "parameters": [ - { - "name": "resourceId", - "in": "path", - "description": "the resource ID", - "required": true, - "schema": { - "type": "string", - "description": "the resource ID", - "example": "arn:aws:iam::accountId:role/roleName for AWS\n\"(should be encoded - arn%3Aaws%3Aiam%3A%3AaccountId%3Arole%2FroleName),\n 1f50e22a-46b6-3ac9-174d-537287ed9523 for Azure\n" - }, - "example": "arn:aws:iam::accountId:role/roleName for AWS\n\"(should be encoded - arn%3Aaws%3Aiam%3A%3AaccountId%3Arole%2FroleName),\n 1f50e22a-46b6-3ac9-174d-537287ed9523 for Azure\n" - }, - { - "name": "output_format", - "in": "query", - "description": "Output format type. One of: JSON / TERRAFORM/ CF", - "required": true, - "schema": { - "type": "string" - }, - "example": "JSON" - }, - { - "name": "lookback_duration_days", - "in": "query", - "description": "Amount of days to look back for used actions", - "required": true, - "schema": { - "type": "integer", - "format": "int32" - }, - "example": 90 - } - ], - "responses": { - "400": { - "description": "Bad request", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", - "schema": { - "type": "integer" - } - } - } - }, - "404": { - "description": "Not found", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "401": { - "description": "Unauthorized", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExistingLeastPrivilegedAccessResponseDto" - } - } - } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v1/resources/{resourceId}/custom-least-privileged-access": { - "get": { - "tags": [ - "IAM" - ], - "summary": "Generates custom (new) Least Privilege Access suggestion for asset V1", - "description": "Generate a custom least privileged access configuration for the resource. Applying this configuration will minimize the number of policies/roles used while preserving all the actions used in the last specified X days", - "operationId": "custom-least-privilege-access-by-resource-v1", - "parameters": [ - { - "name": "resourceId", - "in": "path", - "description": "the resource ID", - "required": true, - "schema": { - "type": "string", - "description": "the resource ID", - "example": "arn:aws:iam::accountId:role/roleName for AWS\n\"(should be encoded - arn%3Aaws%3Aiam%3A%3AaccountId%3Arole%2FroleName),\n 1f50e22a-46b6-3ac9-174d-537287ed9523 for Azure\n" - }, - "example": "arn:aws:iam::accountId:role/roleName for AWS\n\"(should be encoded - arn%3Aaws%3Aiam%3A%3AaccountId%3Arole%2FroleName),\n 1f50e22a-46b6-3ac9-174d-537287ed9523 for Azure\n" - }, - { - "name": "output_format", - "in": "query", - "description": "Output format type. One of: JSON / TERRAFORM/ CF", - "required": true, - "schema": { - "type": "string" - }, - "example": "JSON" - }, - { - "name": "lookback_duration_days", - "in": "query", - "description": "Amount of days to look back for used actions", - "required": true, - "schema": { - "type": "integer", - "format": "int32" - }, - "example": 90 - } - ], - "responses": { - "400": { - "description": "Bad request", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", - "schema": { - "type": "integer" - } - } - } - }, - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CustomLeastPrivilegedAccessResponseDto" - } - } - } - }, - "404": { - "description": "Not found", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "401": { - "description": "Unauthorized", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v1/assets/{assetId}/over-permissive-metadata": { - "get": { - "tags": [ - "IAM" - ], - "summary": "Get Least Privilege Access metadata for asset V1", - "description": "Return a metadata and info about the improvement potential for an assert of Least Privilege Access", - "operationId": "least-privilege-access-metadata-by-uai-v1", - "parameters": [ - { - "name": "assetId", - "in": "path", - "description": "the UAI asset Id", - "required": true, - "schema": { - "type": "string", - "description": "the UAI asset Id", - "example": "681390424b288d835f5cd03e7bfb0993" - }, - "example": "681390424b288d835f5cd03e7bfb0993" - } - ], - "responses": { - "400": { - "description": "Bad request", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", - "schema": { - "type": "integer" - } - } - } - }, - "404": { - "description": "Not found", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/OverPermissiveMetadataResponseDto" - } - } - } - }, - "401": { - "description": "Unauthorized", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v1/assets/{assetId}/existing-least-privileged-access": { - "get": { - "tags": [ - "IAM" - ], - "summary": "Generates existing Least Privilege Access suggestion for asset V1", - "description": "Suggest least privileged access from existing resources according to the asset. This configuration will minimize the amount of policies/roles used while preserve all the actions used in the last specified last X days", - "operationId": "existing-least-privilege-access-by-uai-v1", - "parameters": [ - { - "name": "assetId", - "in": "path", - "description": "the UAI asset Id", - "required": true, - "schema": { - "type": "string", - "description": "the UAI asset Id", - "example": "681390424b288d835f5cd03e7bfb0993" - }, - "example": "681390424b288d835f5cd03e7bfb0993" - }, - { - "name": "output_format", - "in": "query", - "description": "Output format type. One of: JSON / TERRAFORM/ CF", - "required": true, - "schema": { - "type": "string" - }, - "example": "JSON" - }, - { - "name": "lookback_duration_days", - "in": "query", - "description": "Amount of days to look back for used actions", - "required": true, - "schema": { - "type": "integer", - "format": "int32" - }, - "example": 90 - } - ], - "responses": { - "400": { - "description": "Bad request", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", - "schema": { - "type": "integer" - } - } - } - }, - "404": { - "description": "Not found", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "401": { - "description": "Unauthorized", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExistingLeastPrivilegedAccessResponseDto" - } - } - } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/iam/api/v1/assets/{assetId}/custom-least-privileged-access": { - "get": { - "tags": [ - "IAM" - ], - "summary": "Generates custom (new) Least Privilege Access suggestion for asset V1", - "description": "Generate Custom least privileged access configuration for the asset. Applying this configuration will minimize the amount of policies/roles used while preserve all the actions used in the last specified last X days", - "operationId": "custom-least-privilege-access-by-uai-v1", - "parameters": [ - { - "name": "assetId", - "in": "path", - "description": "the UAI asset Id", - "required": true, - "schema": { - "type": "string", - "description": "the UAI asset Id", - "example": "681390424b288d835f5cd03e7bfb0993" - }, - "example": "681390424b288d835f5cd03e7bfb0993" - }, - { - "name": "output_format", - "in": "query", - "description": "Output format type. One of: JSON / TERRAFORM/ CF", - "required": true, - "schema": { - "type": "string" - }, - "example": "JSON" - }, - { - "name": "lookback_duration_days", - "in": "query", - "description": "Amount of days to look back for used actions", - "required": true, - "schema": { - "type": "integer", - "format": "int32" - }, - "example": 90 - } - ], - "responses": { - "400": { - "description": "Bad request", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "429": { - "description": "Throttled", - "headers": { - "X-RateLimit-Remaining": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Requested-Tokens": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Burst-Capacity": { - "style": "simple", - "schema": { - "type": "integer" - } - }, - "X-RateLimit-Replenish-Rate": { - "style": "simple", - "schema": { - "type": "integer" - } - } - } - }, - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CustomLeastPrivilegedAccessResponseDto" - } - } - } - }, - "404": { - "description": "Not found", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "401": { - "description": "Unauthorized", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponseDto" - } - } - } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/api/v1/permission/raw/{permissionId}": { - "get": { - "tags": [ - "IAM" - ], - "summary": "Get permissions role/policy definition V1", - "description": "Returns the raw config (policy/role definition) which the permission was calculated from", - "operationId": "permission-raw-config-definition-v1", - "parameters": [ - { - "name": "permissionId", - "in": "path", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "string" - } - } - } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/api/v1/permission/alert/search": { - "get": { - "tags": [ - "IAM" - ], - "summary": "Investigate alert V1", - "description": "Returns the query associated with an alert instance", - "operationId": "investigate-alert-v1", - "parameters": [ - { - "name": "alertId", - "in": "query", - "description": "Alert id", - "required": true, - "schema": { - "type": "string" - }, - "example": "I-983167" - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/RqlResponseDto" - } - } - } - } - }, - "x-microservice": "true", - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - } - }, - "components": { - "schemas": { - "ApiErrorResponseBodyDto": { - "required": [ - "code", - "message" - ], - "type": "object", - "properties": { - "code": { - "type": "string" - }, - "message": { - "type": "string" - }, - "target": { - "type": "string" - }, - "details": { - "type": "array", - "items": { - "type": "string" - } - }, - "innerError": { - "$ref": "#/components/schemas/ApiErrorResponseDto" - } - } - }, - "ApiErrorResponseDto": { - "type": "object", - "properties": { - "error": { - "$ref": "#/components/schemas/ApiErrorResponseBodyDto" - } - } - }, - "PermissionSearchV4RequestDto": { - "required": [ - "query" - ], - "type": "object", - "properties": { - "query": { - "type": "string", - "description": "RQL query (default: empty string)", - "example": "config from iam where dest.cloud.type='AWS'" - }, - "searchId": { - "type": "string", - "description": "Saved search id", - "example": "ff4fcb80-03f6-41dd-8bd8-6179fd46b3a4" - }, - "nextPageToken": { - "type": "string", - "description": "Page Token", - "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" - }, - "groupByFields": { - "uniqueItems": true, - "type": "array", - "description": "Fields to group results by. Empty or missing array is considered the same as an array with all possible fields", - "example": [ - "source", - "sourceCloudAccount", - "grantedByEntity", - "entityCloudAccount", - "grantedByPolicy", - "policyCloudAccount", - "grantedByLevel", - "action", - "destination", - "destCloudAccount", - "lastAccess" - ], - "items": { - "type": "string", - "description": "Fields to group results by. Empty or missing array is considered the same as an array with all possible fields", - "example": "[\"source\",\"sourceCloudAccount\",\"grantedByEntity\",\"entityCloudAccount\",\"grantedByPolicy\",\"policyCloudAccount\",\"grantedByLevel\",\"action\",\"destination\",\"destCloudAccount\",\"lastAccess\"]", - "enum": [ - "source", - "sourceCloudAccount", - "grantedByEntity", - "entityCloudAccount", - "grantedByPolicy", - "policyCloudAccount", - "grantedByLevel", - "action", - "destination", - "destCloudAccount", - "lastAccess" - ] - } - } - } - }, - "ErrorResponseDto": { - "type": "object", - "properties": { - "code": { - "type": "string", - "description": "HTTP response code", - "example": "Not found" - }, - "message": { - "type": "string", - "description": "Error message", - "example": "Reason" - } - } - }, - "ExceptionResponseDto": { - "type": "object", - "properties": { - "error": { - "$ref": "#/components/schemas/ErrorResponseDto" - } - } - }, - "AbsoluteTimeRangeDto": { - "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/TimeRangeDto" - }, - { - "type": "object", - "properties": { - "value": { - "$ref": "#/components/schemas/Value" - } - } - } - ] - }, - "PermissionExceptionDto": { - "type": "object", - "properties": { - "messageCode": { - "type": "string", - "description": "Message code", - "example": "LIMITED_BY_DENY_STATEMENT" - } - }, - "description": "Permission exception list" - }, - "PermissionSearchV4ResponseDataDto": { - "type": "object", - "properties": { - "items": { - "type": "array", - "description": "items list", - "items": { - "$ref": "#/components/schemas/PermissionV4DataItemDto" - } - }, - "nextPageToken": { - "type": "string", - "description": "Next page token", - "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" - }, - "totalRows": { - "type": "integer", - "description": "Total rows count", - "format": "int64", - "example": 1243 - }, - "searchedDestCloudResourceNames": { - "uniqueItems": true, - "type": "array", - "description": "Searched destination cloud resource names", - "example": [], - "items": { - "type": "string", - "description": "Searched destination cloud resource names", - "example": "[]" - } - } - } - }, - "PermissionSearchV4ResponseDto": { - "type": "object", - "properties": { - "data": { - "$ref": "#/components/schemas/PermissionSearchV4ResponseDataDto" - }, - "query": { - "type": "string", - "description": "Query string", - "example": "config from iam where ..." - }, - "id": { - "type": "string", - "description": "Request user Id", - "example": "111111" - }, - "saved": { - "type": "boolean", - "description": "Is search saved", - "example": true - }, - "name": { - "type": "string", - "description": "Search name", - "example": "search-name" - }, - "timeRange": { - "$ref": "#/components/schemas/TimeRangeDto" - }, - "searchType": { - "type": "string", - "description": "Search type", - "example": "search-type" - }, - "description": { - "type": "string", - "description": "Search description", - "example": "search-description" - }, - "cloudType": { - "type": "string", - "description": "Cloud Type", - "example": "aws" - } - } - }, - "PermissionV4DataItemDto": { - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "Message id", - "example": "13" - }, - "sourcePublic": { - "type": "boolean", - "description": "Is source public", - "example": false - }, - "sourceCloudType": { - "type": "string", - "description": "Source cloud type", - "example": "AWS" - }, - "sourceCloudAccount": { - "type": "string", - "description": "Source cloud account", - "example": "123456789" - }, - "sourceCloudRegion": { - "type": "string", - "description": "Source cloud region", - "example": "AWS London" - }, - "sourceCloudServiceName": { - "type": "string", - "description": "Source cloud service name", - "example": "iam" - }, - "sourceResourceName": { - "type": "string", - "description": "Source cloud resource name", - "example": "john" - }, - "sourceResourceType": { - "type": "string", - "description": "Source cloud resource type", - "example": "user" - }, - "sourceResourceId": { - "type": "string", - "description": "Source cloud resource id", - "example": "arn:aws:iam::111111:user/john" - }, - "sourceCloudResourceUai": { - "type": "string", - "description": "Source cloud resource UAI", - "example": "681390624b288d835f4cd03e7bfb0994" - }, - "sourceIdpService": { - "type": "string", - "description": "Source IDP service", - "example": "AWS Identity Center" - }, - "sourceIdpDomain": { - "type": "string", - "description": "Source IDP domain", - "example": "idp.com" - }, - "sourceIdpEmail": { - "type": "string", - "description": "Source IDP email", - "example": "idp@email.com" - }, - "sourceIdpUserId": { - "type": "string", - "description": "Source IDP user id", - "example": "123456789" - }, - "sourceIdpUsername": { - "type": "string", - "description": "Source IDP user name", - "example": "idp-user" - }, - "sourceIdpGroup": { - "type": "string", - "description": "Source IDP group", - "example": "IdpGroup" - }, - "sourceIdpUai": { - "type": "string", - "description": "Source idp UAI", - "example": "681390424b288d835f5cd03e7bfb0993" - }, - "destCloudType": { - "type": "string", - "description": "Destination cloud type", - "example": "AWS" - }, - "destCloudAccount": { - "type": "string", - "description": "Destination cloud account", - "example": "123456789" - }, - "destCloudRegion": { - "type": "string", - "description": "Destination cloud region", - "example": "AWS London" - }, - "destCloudServiceName": { - "type": "string", - "description": "Destination cloud service name", - "example": "iam" - }, - "destResourceName": { - "type": "string", - "description": "Destination cloud resource name", - "example": "john" - }, - "destResourceType": { - "type": "string", - "description": "Destination cloud resource type", - "example": "user" - }, - "destResourceId": { - "type": "string", - "description": "Destination cloud resource id", - "example": "arn:aws:iam::111111:user/john" - }, - "destCloudResourceUai": { - "type": "string", - "description": "Destination cloud resource UAI", - "example": "181390424b298d835f4cd03e7bfb0991" - }, - "grantedByCloudType": { - "type": "string", - "description": "Granted by cloud type", - "example": "AWS" - }, - "grantedByCloudPolicyId": { - "type": "string", - "description": "Granted by cloud policy Id", - "example": "arn:aws:iam::aws:policy/aws-policy" - }, - "grantedByCloudPolicyName": { - "type": "string", - "description": "Granted by cloud policy name", - "example": "my-policy" - }, - "grantedByCloudPolicyType": { - "type": "string", - "description": "Granted by cloud policy type", - "example": "Customer Managed Policy" - }, - "grantedByCloudPolicyUai": { - "type": "string", - "description": "Granted by cloud policy UAI", - "example": "771390424b298d835f4cd03e7bfb0232" - }, - "grantedByCloudPolicyAccount": { - "type": "string", - "description": "Granted by cloud policy account", - "example": "123456789" - }, - "grantedByCloudEntityId": { - "type": "string", - "description": "Granted by cloud entity id", - "example": "arn:aws:iam:::role/my-role" - }, - "grantedByCloudEntityName": { - "type": "string", - "description": "Granted by cloud entity name", - "example": "my-role" - }, - "grantedByCloudEntityType": { - "type": "string", - "description": "Granted by cloud entity type", - "example": "user" - }, - "grantedByCloudEntityAccount": { - "type": "string", - "description": "Granted by cloud entity account", - "example": "123456789" - }, - "grantedByCloudEntityUai": { - "type": "string", - "description": "Granted by cloud entity UAI", - "example": "223390424b298d835f4cd03e7bfb0111" - }, - "grantedByLevelType": { - "type": "string", - "description": "Granted by level type", - "example": "GCP Folder" - }, - "grantedByLevelId": { - "type": "string", - "description": "Granted by level id", - "example": "level_id" - }, - "grantedByLevelName": { - "type": "string", - "description": "Granted by level name", - "example": "level_name" - }, - "grantedByLevelUai": { - "type": "string", - "description": "Granted by level UAI", - "example": "123390424cb99d835f4cd03e7bfb0991" - }, - "lastAccessDate": { - "type": "string", - "description": "Last accessed data", - "example": "2024-01-02" - }, - "lastAccessStatus": { - "type": "string", - "description": "Last accessed status", - "example": "ACCESSED", - "enum": [ - "NOT_AVAILABLE", - "NOT_ACCESSED_IN_TRACKING_PERIOD", - "ACCESSED" - ] - }, - "accessedResourcesCount": { - "type": "integer", - "description": "Accessed resource count", - "format": "int64", - "example": 12 - }, - "effectiveActionName": { - "type": "string", - "description": "Effective action name", - "example": "sso:ListApplications" - }, - "exceptions": { - "type": "array", - "description": "Permission exception list", - "example": [ - { - "messageCode": "LIMITED_BY_DENY_STATEMENT" - } - ], - "items": { - "$ref": "#/components/schemas/PermissionExceptionDto" - } - }, - "nonNullValues": { - "type": "array", - "items": { - "type": "string" - } - }, - "wildCardDestCloudResourceName": { - "type": "boolean" - } - }, - "description": "items list" - }, - "RelativeTimeRangeDto": { - "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/TimeRangeDto" - }, - { - "type": "object", - "properties": { - "value": { - "$ref": "#/components/schemas/Value" - } - } - } - ] - }, - "TimeRangeDto": { - "required": [ - "type" - ], - "type": "object", - "properties": { - "type": { + "target": { "type": "string" - } - }, - "description": "The time range which the query run at to generate the alert", - "example": "{''type': 'relative', 'value': {'unit': 'day', 'amount': 7} }", - "discriminator": { - "propertyName": "type" - } - }, - "ToNowTimeRangeDto": { - "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/TimeRangeDto" }, - { - "type": "object", - "properties": { - "value": { - "type": "string", - "description": "Time range value", - "example": "epoch" - } + "details": { + "type": "array", + "items": { + "type": "string" } + }, + "innerError": { + "$ref": "#/components/schemas/ApiErrorResponseDto" } - ] + } }, - "Value": { + "ApiErrorResponseDto": { "type": "object", "properties": { - "unit": { - "type": "string" - }, - "amount": { - "type": "integer", - "format": "int32" + "error": { + "$ref": "#/components/schemas/ApiErrorResponseBodyDto" } - }, - "description": "Unit and amount", - "example": { - "unit": "day", - "amount": 7 } }, "PermissionSearchRequestDtoV3": { + "required": [ + "query" + ], "type": "object", "properties": { "query": { "type": "string", - "description": "Query body (default: empty string)", - "example": "config from iam where ..." + "description": "RQL query", + "example": "config from iam where source.cloud.type = 'AWS'" }, "id": { "type": "string", - "description": "Requested search id", - "example": "123456" + "description": "An optional saved search id. If not provided, a new saved search will be created.", + "example": "445f6ec2-0a47-4d60-a80c-b0c47e5616f1" }, "nextPageToken": { "type": "string", @@ -3612,272 +2044,55 @@ "description": "Granted by level type", "example": "GCP Folder" }, - "grantedByLevelId": { - "type": "string", - "description": "Granted by level id", - "example": "level_id" - }, - "grantedByLevelName": { - "type": "string", - "description": "Granted by level name", - "example": "level_name" - }, - "grantedByLevelRrn": { - "type": "string", - "description": "Granted by level rrn", - "example": "level_rrn" - }, - "grantedByLevelUai": { - "type": "string", - "description": "Granted by level UAI", - "example": "123390424cb99d835f4cd03e7bfb0991" - } - }, - "description": "items list" - }, - "PermissionSearchResponseDtoV3": { - "type": "object", - "properties": { - "data": { - "$ref": "#/components/schemas/PermissionSearchResultDataDtoV3" - }, - "query": { - "type": "string", - "description": "Query string", - "example": "config from iam where ..." - }, - "id": { - "type": "string", - "description": "Request user Id", - "example": "111111" - }, - "saved": { - "type": "boolean", - "description": "Is search saved", - "example": true - }, - "name": { - "type": "string", - "description": "Search name", - "example": "search-name" - }, - "timeRange": { - "$ref": "#/components/schemas/TimeRangeDto" - }, - "searchType": { - "type": "string", - "description": "Search type", - "example": "search-type" - }, - "description": { - "type": "string", - "description": "Search description", - "example": "search-description" - }, - "cloudType": { - "type": "string", - "description": "Cloud Type", - "example": "aws" - } - } - }, - "PermissionSearchResultDataDtoV3": { - "type": "object", - "properties": { - "items": { - "type": "array", - "description": "items list", - "items": { - "$ref": "#/components/schemas/PermissionDto" - } - }, - "nextPageToken": { - "type": "string", - "description": "Next page token", - "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" - }, - "totalRows": { - "type": "integer", - "description": "Total rows count", - "format": "int64", - "example": 1243 - }, - "searchedDestCloudResourceNames": { - "uniqueItems": true, - "type": "array", - "description": "Searched destination cloud resource names", - "example": [], - "items": { - "type": "string", - "description": "Searched destination cloud resource names", - "example": "[]" - } - } - } - }, - "PermissionAccessRequestDtoV3": { - "required": [ - "query" - ], - "type": "object", - "properties": { - "query": { - "type": "string", - "description": "Query string", - "example": "config from iam where ..." - }, - "nextPageToken": { - "type": "string", - "description": "Page Token", - "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" - } - } - }, - "PermissionAccessResponseDtoV3": { - "type": "object", - "properties": { - "data": { - "$ref": "#/components/schemas/PermissionAccessResultDataDtoV3" - } - } - }, - "PermissionAccessResultDataDtoV3": { - "type": "object", - "properties": { - "items": { - "type": "array", - "description": "items list", - "items": { - "$ref": "#/components/schemas/PermissionLastAccessDto" - } - }, - "nextPageToken": { - "type": "string", - "description": "Next page token", - "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" - }, - "totalRows": { - "type": "integer", - "description": "Total rows count", - "format": "int64", - "example": 1243 - } - }, - "description": "Permissions last access list", - "readOnly": true - }, - "PermissionLastAccessDto": { - "type": "object", - "properties": { - "destCloudResourceName": { - "type": "string", - "description": "Destination cloud resource name", - "example": "my-function" - }, - "lastAccessDate": { - "type": "string", - "description": "Action last access date in the format of a unix timestamp", - "example": "1593691785" - }, - "destCloudRegion": { - "type": "string", - "description": "Action last access region", - "example": "AWS Virginia" - }, - "destCloudAccount": { - "type": "string", - "description": "Action last access account name", - "example": "account_name" - } - }, - "description": "items list" - }, - "SuggestRequestDto": { - "required": [ - "query" - ], - "type": "object", - "properties": { - "query": { - "type": "string", - "description": "Query to validate", - "example": "config from iam where dest.cloud.type='AWS'" - } - } - }, - "SuggestResponseDto": { - "type": "object", - "properties": { - "valid": { - "type": "boolean", - "description": "Is query valid", - "readOnly": true, - "example": true - }, - "suggestions": { - "uniqueItems": true, - "type": "array", - "description": "Suggestion list", - "readOnly": true, - "example": [ - "AND" - ], - "items": { - "type": "string", - "description": "Suggestion list", - "readOnly": true, - "example": "[\"AND\"]" - } - }, - "translate": { - "type": "boolean", - "description": "Should translate", - "readOnly": true, - "example": false + "grantedByLevelId": { + "type": "string", + "description": "Granted by level id", + "example": "level_id" }, - "needsOffsetUpdate": { - "type": "boolean", - "description": "Should add offset from the query beginning", - "readOnly": true, - "example": true + "grantedByLevelName": { + "type": "string", + "description": "Granted by level name", + "example": "level_name" }, - "offset": { - "type": "integer", - "description": "The number of characters of offset from the query beginning", - "format": "int32", - "readOnly": true, - "example": 43 + "grantedByLevelRrn": { + "type": "string", + "description": "Granted by level rrn", + "example": "level_rrn" + }, + "grantedByLevelUai": { + "type": "string", + "description": "Granted by level UAI", + "example": "123390424cb99d835f4cd03e7bfb0991" } - } + }, + "description": "items list" }, - "PermissionSearchRequestDtoV2": { - "required": [ - "query" - ], + "PermissionExceptionDto": { "type": "object", "properties": { - "query": { - "type": "string", - "description": "Query body", - "example": "config from iam where source.cloud.type = 'aws'" - }, - "id": { + "messageCode": { "type": "string", - "description": "Saved search id", - "example": "b75169aa-650a-4f03-b748-76cb7e66e383" + "description": "Message code", + "example": "LIMITED_BY_DENY_STATEMENT" } - } + }, + "description": "Permission exception list", + "example": [ + { + "messageCode": "LIMITED_BY_DENY_STATEMENT" + } + ] }, - "PermissionSearchResponseDtoV2": { + "PermissionSearchResponseDtoV3": { "type": "object", "properties": { "data": { - "$ref": "#/components/schemas/PermissionSearchResultDataDtoV2" + "$ref": "#/components/schemas/PermissionSearchResultDataDtoV3" }, "query": { "type": "string", "description": "Query string", - "example": "config from iam where source.cloud.type = 'aws'" + "example": "config from iam where ..." }, "id": { "type": "string", @@ -3914,7 +2129,7 @@ } } }, - "PermissionSearchResultDataDtoV2": { + "PermissionSearchResultDataDtoV3": { "type": "object", "properties": { "items": { @@ -3924,9 +2139,9 @@ "$ref": "#/components/schemas/PermissionDto" } }, - "nextPage": { + "nextPageToken": { "type": "string", - "description": "Next page url with the token", + "description": "Next page token", "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" }, "totalRows": { @@ -3948,199 +2163,23 @@ } } }, - "PermissionRawDataRequestDto": { - "type": "object", - "properties": { - "permissionId": { - "type": "string", - "description": "PermissionId to get the raw config for", - "example": "06c3cb4403ac276ff59679139b8e6afca2afe93100c8b39014f033ca0339ff0f" - } - } - }, - "PermissionRawDataResponseDto": { - "type": "object", - "properties": { - "raw": { - "type": "string", - "description": "raw iam config (role/policy) which the permission was calculated from" - } - } - }, - "PermissionGraphRequestDtoV2": { - "type": "object", - "properties": { - "query": { - "type": "string", - "description": "RQL query", - "example": "config from iam where source.cloud.type = 'aws'" - } - } - }, - "SourceToGranterPermissionResponseDtoV2": { - "type": "object", - "properties": { - "data": { - "$ref": "#/components/schemas/SourceToGranterPermissionResultDtoV2" - } - } - }, - "SourceToGranterPermissionResultDtoV2": { - "type": "object", - "properties": { - "items": { - "type": "array", - "description": "items list", - "items": { - "$ref": "#/components/schemas/SourceToGranterPermissionResultItemDtoV2" - } - } - } - }, - "SourceToGranterPermissionResultItemDtoV2": { + "TimeRangeDto": { + "required": [ + "type" + ], "type": "object", "properties": { - "sourceCloudType": { - "type": "string", - "example": "AWS", - "enum": [ - "UNKNOWN", - "ALL", - "AWS", - "AZURE", - "GCP", - "ALIBABA_CLOUD", - "OCI", - "IBM" - ] - }, - "sourceIsPublic": { - "type": "boolean" - }, - "sourceCloudAccountId": { - "type": "string", - "example": "123456789" - }, - "sourceCloudServiceName": { - "type": "string", - "example": "iam" - }, - "sourceCloudResourceName": { - "type": "string", - "example": "john" - }, - "sourceIdpService": { - "type": "string", - "example": "OKTA", - "enum": [ - "UNKNOWN", - "OKTA", - "AZURE_AD", - "AWS_IC" - ] - }, - "sourceIdpGroup": { - "type": "string" - }, - "sourceIdpUsername": { + "type": { "type": "string" - }, - "grantedByCloudType": { - "type": "string", - "example": "AWS", - "enum": [ - "UNKNOWN", - "ALL", - "AWS", - "AZURE", - "GCP", - "ALIBABA_CLOUD", - "OCI", - "IBM" - ] - }, - "grantedByEntityType": { - "type": "string", - "example": "user" - }, - "grantedByEntityName": { - "type": "string", - "example": "my-role" } }, - "description": "items list" - }, - "GranterToDestPermissionResponseDtoV2": { - "type": "object", - "properties": { - "data": { - "$ref": "#/components/schemas/GranterToDestPermissionResultDtoV2" - } - } - }, - "GranterToDestPermissionResultDtoV2": { - "type": "object", - "properties": { - "items": { - "type": "array", - "description": "items list", - "items": { - "$ref": "#/components/schemas/GranterToDestPermissionResultItemDtoV2" - } - } + "description": "The time range which the query run at to generate the alert", + "example": "{''type': 'relative', 'value': {'unit': 'day', 'amount': 7} }", + "discriminator": { + "propertyName": "type" } }, - "GranterToDestPermissionResultItemDtoV2": { - "type": "object", - "properties": { - "grantedByCloudType": { - "type": "string", - "example": "AWS", - "enum": [ - "UNKNOWN", - "ALL", - "AWS", - "AZURE", - "GCP", - "ALIBABA_CLOUD", - "OCI", - "IBM" - ] - }, - "grantedByEntityType": { - "type": "string", - "example": "user" - }, - "grantedByEntityName": { - "type": "string", - "example": "my-role" - }, - "destCloudType": { - "type": "string", - "example": "AWS", - "enum": [ - "UNKNOWN", - "ALL", - "AWS", - "AZURE", - "GCP", - "ALIBABA_CLOUD", - "OCI", - "IBM" - ] - }, - "destCloudServiceName": { - "type": "string", - "example": "iam" - }, - "destCloudResourceName": { - "type": "string", - "example": "john" - } - }, - "description": "items list" - }, - "PolicyValidationRequestDtoV2": { + "PermissionAccessRequestDtoV3": { "required": [ "query" ], @@ -4148,47 +2187,25 @@ "properties": { "query": { "type": "string", - "description": "Query body", - "example": "config from iam where source.cloud.type = 'aws'" - } - } - }, - "PolicyValidationResponseDtoV2": { - "type": "object", - "properties": { - "valid": { - "type": "boolean", - "description": "Is policy RQL valid", - "example": true + "description": "Query string", + "example": "config from iam where source.cloud.type = 'AWS'" }, - "error": { - "type": "string", - "description": "Error description in case of a failure" - } - } - }, - "PermissionAccessRequestDtoV2": { - "required": [ - "query" - ], - "type": "object", - "properties": { - "query": { + "nextPageToken": { "type": "string", - "description": "Query string", - "example": "config from iam where source.cloud.type = 'aws'" + "description": "Page Token", + "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" } } }, - "PermissionAccessResponseDtoV2": { + "PermissionAccessResponseDtoV3": { "type": "object", "properties": { "data": { - "$ref": "#/components/schemas/PermissionAccessResultDataDtoV2" + "$ref": "#/components/schemas/PermissionAccessResultDataDtoV3" } } }, - "PermissionAccessResultDataDtoV2": { + "PermissionAccessResultDataDtoV3": { "type": "object", "properties": { "items": { @@ -4198,169 +2215,148 @@ "$ref": "#/components/schemas/PermissionLastAccessDto" } }, - "nextPage": { + "nextPageToken": { "type": "string", - "description": "Next page url with the token", + "description": "Next page token", "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" }, "totalRows": { "type": "integer", "description": "Total rows count", - "format": "int64", - "example": 1243 - } - }, - "description": "Permissions last access list", - "readOnly": true - }, - "CloudAssetRelatedAssetsRequestDto": { - "type": "object", - "properties": { - "relationshipType": { - "type": "string", - "description": "Relationship Type", - "example": "aws_policy_role", - "enum": [ - "aws_role_policy", - "aws_role_trusted", - "aws_group_user", - "aws_group_policy", - "aws_policy_group", - "aws_policy_role", - "aws_policy_resource", - "aws_ec2_role", - "azure_userAssigned_serviceApp", - "azure_userAssigned_roleDefinition", - "azure_roleDefinition_userAssigned", - "azure_roleDefinition_user", - "azure_group_members", - "azure_group_roleDefinition", - "azure_roleDefinition_group", - "azure_servicePrincipal_appRegistration", - "azure_servicePrincipal_roleDefinition", - "azure_roleDefinition_servicePrincipal" - ] - }, - "lastAccessFromTime": { - "type": "integer", - "description": "Last accessed From epoch (epoch)", - "format": "int64", - "example": 1678785157 - }, - "lastAccessToTime": { - "type": "integer", - "description": "Last accessed To epoch (epoch)", - "format": "int64", - "example": 1678785157 - }, - "nextPageToken": { - "type": "string", - "description": "Page Token", - "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" + "format": "int64", + "example": 1243 } - } + }, + "description": "Permissions last access list", + "readOnly": true }, - "CloudAssetRelatedAssetDto": { + "PermissionLastAccessDto": { "type": "object", "properties": { - "targetAssetId": { - "type": "string", - "description": "Target Asset Id (unifiedAssetId)", - "example": "1593691785" - }, - "targetCloudResourceId": { - "type": "string", - "description": "Target Asset Cloud Resource Id", - "example": "1593691785" - }, - "targetDisplayName": { - "type": "string", - "description": "Target DisplayName" - }, - "targetResourceType": { + "destCloudResourceName": { "type": "string", - "description": "Target resource type" + "description": "Destination cloud resource name", + "example": "my-function" }, "lastAccessDate": { "type": "string", "description": "Action last access date in the format of a unix timestamp", "example": "1593691785" }, - "lastAccessStatus": { + "destCloudRegion": { "type": "string", - "description": "Last accessed status" + "description": "Action last access region", + "example": "AWS Virginia" }, - "grantedByLevelType": { + "destCloudAccount": { "type": "string", - "description": "Granted by level type" + "description": "Action last access account name", + "example": "account_name" } }, "description": "items list" }, - "CloudAssetRelatedAssetsResponseDto": { + "SuggestRequestDto": { "type": "object", "properties": { - "value": { - "type": "array", - "description": "items list", - "items": { - "$ref": "#/components/schemas/CloudAssetRelatedAssetDto" - } - }, - "nextPageToken": { + "query": { "type": "string", - "description": "Next page token", - "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" - }, - "totalRows": { - "type": "integer", - "description": "Total rows count", - "format": "int64", - "example": 1243 + "description": "Query to validate", + "example": "config from iam where dest.cloud.type = 'AWS'" } } }, - "CloudAssetRelationshipSearchRequestDto": { - "required": [ - "targetApiIds" - ], + "SuggestResponseDto": { "type": "object", "properties": { - "sourceApiIds": { - "type": "array", - "description": "Prisma Api Ids of the source assets. Can't be supplied together with sourceAssetIds.", - "example": [ - 1 - ], - "items": { - "type": "integer", - "description": "Prisma Api Ids of the source assets. Can't be supplied together with sourceAssetIds.", - "format": "int32" - } + "valid": { + "type": "boolean", + "description": "Is query valid", + "readOnly": true, + "example": true }, - "sourceAssetIds": { + "suggestions": { + "uniqueItems": true, "type": "array", - "description": "Asset ids of the source asset (request for its relationships). Can't be supplied together with sourceApiIds.", + "description": "Suggestion list", + "readOnly": true, "example": [ - "assetId1" + "AND" ], "items": { "type": "string", - "description": "Asset ids of the source asset (request for its relationships). Can't be supplied together with sourceApiIds.", - "example": "[\"assetId1\"]" + "description": "Suggestion list", + "readOnly": true, + "example": "[\"AND\"]" } }, - "targetApiIds": { - "type": "array", - "description": "Prisma Api Ids of the target assets", - "example": [ - 2 - ], - "items": { - "type": "integer", - "description": "Prisma Api Ids of the target assets", - "format": "int32" - } + "translate": { + "type": "boolean", + "description": "Should translate", + "readOnly": true, + "example": false + }, + "needsOffsetUpdate": { + "type": "boolean", + "description": "Should add offset from the query beginning", + "readOnly": true, + "example": true + }, + "offset": { + "type": "integer", + "description": "The number of characters of offset from the query beginning", + "format": "int32", + "readOnly": true, + "example": 43 + } + } + }, + "PermissionRawDataRequestDto": { + "type": "object", + "properties": { + "permissionId": { + "type": "string", + "description": "PermissionId to get the raw config for. Can be obtain form calling search/permission API", + "example": "06c3cb4403ac276ff59679139b8e6afca2afe93100c8b39014f033ca0339ff0f" + } + } + }, + "PermissionRawDataResponseDto": { + "type": "object", + "properties": { + "raw": { + "type": "string", + "description": "raw iam config (rolw/policy) which the permission was calculated from" + } + } + }, + "CloudAssetRelatedAssetsRequestDto": { + "type": "object", + "properties": { + "relationshipType": { + "type": "string", + "description": "Relationship Type", + "example": "aws_policy_role", + "enum": [ + "AWS_ROLE_POLICY", + "AWS_ROLE_TRUSTED", + "AWS_GROUP_USER", + "AWS_GROUP_POLICY", + "AWS_POLICY_GROUP", + "AWS_POLICY_ROLE", + "AWS_POLICY_RESOURCE", + "AWS_EC2_ROLE", + "AZURE_USERASSIGNED_SERVICEAPP", + "AZURE_USERASSIGNED_ROLEDEFINITION", + "AZURE_ROLEDEFINITION_USERASSIGNED", + "AZURE_ROLEDEFINITION_USER", + "AZURE_GROUP_MEMBERS", + "AZURE_GROUP_ROLEDEFINITION", + "AZURE_ROLEDEFINITION_GROUP", + "AZURE_SERVICEPRINCIPAL_APPREGISTRATION", + "AZURE_SERVICEPRINCIPAL_ROLEDEFINITION", + "AZURE_ROLEDEFINITION_SERVICEPRINCIPAL" + ] }, "lastAccessFromTime": { "type": "integer", @@ -4370,25 +2366,10 @@ }, "lastAccessToTime": { "type": "integer", - "description": "Last accessed To time (epoch)", + "description": "Last accessed To epoch (epoch)", "format": "int64", "example": 1678785157 }, - "cloudProviderType": { - "type": "string", - "description": "Prisma Cloud Provider Type from this query", - "example": "AWS", - "enum": [ - "UNKNOWN", - "ALL", - "AWS", - "AZURE", - "GCP", - "ALIBABA_CLOUD", - "OCI", - "IBM" - ] - }, "nextPageToken": { "type": "string", "description": "Page Token", @@ -4396,7 +2377,7 @@ } } }, - "CloudAssetRelationshipDto": { + "CloudAssetRelatedAssetDto": { "type": "object", "properties": { "targetAssetId": { @@ -4429,35 +2410,18 @@ "grantedByLevelType": { "type": "string", "description": "Granted by level type" - }, - "sourceAssetId": { - "type": "string", - "description": "Source Asset Id (unifiedAssetId)" - }, - "sourceCloudResourceId": { - "type": "string", - "description": "Source Asset Cloud Resource Id", - "example": "1593691785" - }, - "sourceDisplayName": { - "type": "string", - "description": "Source Display Name" - }, - "sourceResourceType": { - "type": "string", - "description": "Source Resource type" } }, "description": "items list" }, - "CloudAssetRelationshipResponseDto": { + "CloudAssetRelatedAssetsResponseDto": { "type": "object", "properties": { - "value": { + "items": { "type": "array", "description": "items list", "items": { - "$ref": "#/components/schemas/CloudAssetRelationshipDto" + "$ref": "#/components/schemas/CloudAssetRelatedAssetDto" } }, "nextPageToken": { @@ -4473,238 +2437,97 @@ } } }, - "PolicyFindingSearchRequestDto": { - "type": "object", - "properties": { - "uaiIds": { - "uniqueItems": true, - "type": "array", - "description": "Set of UAIs", - "example": "[681390624b288d835f4cd03e7bfb0994]", - "items": { - "type": "string", - "description": "Set of UAIs", - "example": "[681390624b288d835f4cd03e7bfb0994]" - } - }, - "distinctFields": { - "uniqueItems": true, - "type": "array", - "description": "Set of fields to distinct by", - "example": "[grantedByCloudType, grantedByEntityType, grantedByEntityName, destCloudType, destCloudServiceName, destCloudResourceName, grantedByEntityTypeId, destResourceTypeId, grantedByEntityAssetId, destResourceAssetId ]", - "items": { - "type": "string", - "description": "Set of fields to distinct by", - "example": "[grantedByCloudType, grantedByEntityType, grantedByEntityName, destCloudType, destCloudServiceName, destCloudResourceName, grantedByEntityTypeId, destResourceTypeId, grantedByEntityAssetId, destResourceAssetId ]", - "enum": [ - "grantedByCloudType", - "grantedByEntityType", - "grantedByEntityName", - "destCloudType", - "destCloudServiceName", - "destCloudResourceName", - "grantedByEntityTypeId", - "destResourceTypeId", - "grantedByEntityAssetId", - "destResourceAssetId" - ] - } - } - } - }, - "PrismaApiCollectionResponseDto": { + "RemediationResponseDtoV2": { "type": "object", "properties": { - "items": { - "type": "array", - "description": "items list", - "items": { - "type": "object", - "description": "items list" - } + "cliCommand": { + "type": "string", + "description": "Relevant cli command for remediation", + "example": "cli command" }, - "nextPageToken": { + "cliDescription": { "type": "string", - "description": "Next page token to be used to fetch the next page", - "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" + "description": "Cli Description", + "example": "The following are CLI command is required for remediation. Successful execution will limit the relevant permissions of the violating resource." } } }, - "AdminIdentitiesRequestDto": { + "RqlResponseDtoV2": { "type": "object", "properties": { - "accountNamesFilter": { - "type": "array", - "description": "Account names to filter with", - "example": "account1,account2", - "items": { - "type": "string", - "description": "Account names to filter with", - "example": "account1,account2" - } + "timeRange": { + "$ref": "#/components/schemas/TimeRangeDto" }, - "accountGroupNamesFilter": { - "type": "array", - "description": "Account groups names to filter with", - "example": "account_group1,account_group2", - "items": { - "type": "string", - "description": "Account groups names to filter with", - "example": "account_group1,account_group2" - } + "query": { + "type": "string", + "example": "config from iam where source.cloud.type = 'AWS'" } } }, - "AdminIdentitiesCloudProviderResponseDto": { + "OverPermissiveMetadataResponseDto": { "type": "object", "properties": { - "levels": { - "type": "array", - "description": "Number of admin identities per level", - "items": { - "$ref": "#/components/schemas/AdminLevelDto" - } - }, - "allIdentitiesCount": { - "type": "integer", - "description": "All identities count", - "format": "int64", - "example": 100 - }, - "adminIdentitiesCount": { + "totalIamResourceCount": { "type": "integer", - "description": "Admin identities count", - "format": "int64", - "example": 50 - } - }, - "description": "All admin identities of AZURE by granted level" - }, - "AdminIdentitiesResponseDto": { - "type": "object", - "properties": { - "aws": { - "$ref": "#/components/schemas/AdminIdentitiesCloudProviderResponseDto" - }, - "gcp": { - "$ref": "#/components/schemas/AdminIdentitiesCloudProviderResponseDto" - }, - "azure": { - "$ref": "#/components/schemas/AdminIdentitiesCloudProviderResponseDto" - } - } - }, - "AdminLevelDto": { - "type": "object", - "properties": { - "levelType": { - "type": "string", - "description": "Granted Admin level type", - "example": "GCP_ORGANIZATION", - "enum": [ - "UNKNOWN", - "AWS_ORGANIZATION", - "AWS_ACCOUNT", - "GCP_ORGANIZATION", - "GCP_FOLDER", - "GCP_PROJECT", - "GCP_SERVICE", - "AZURE_RESOURCE", - "AZURE_MANAGEMENT_GROUP", - "AZURE_SUBSCRIPTION" - ] + "description": "The total number of iam resources attached to the asset", + "format": "int32", + "example": 15 }, - "count": { - "type": "integer", - "description": "Number of admin identities in this specific level", - "format": "int64", - "example": 10 - } - }, - "description": "Number of admin identities per level" - }, - "PermissionSearchRequestDto": { - "required": [ - "limit", - "query" - ], - "type": "object", - "properties": { - "limit": { + "overPermissiveCount": { "type": "integer", - "description": "Query records limit", + "description": "The number of over permissive iam resources attached to the asset", "format": "int32", - "example": 5 + "example": 10 }, - "query": { - "type": "string", - "description": "Query body", - "example": "config from iam where source.cloud.type = 'aws'" + "isCustomLeastPrivilegedSupported": { + "type": "boolean", + "description": "Is custom least privileged access supported for asset", + "example": true + }, + "isExistingLeastPrivilegedSupported": { + "type": "boolean", + "description": "Is existing least privileged access supported for asset", + "example": true }, - "id": { + "iamResourceType": { "type": "string", - "description": "Saved search id", - "example": "b75169aa-650a-4f03-b748-76cb7e66e383" + "description": "The type of resources attached to the asset", + "example": "AWS IAM Policy" } } }, - "PermissionSearchResponseDto": { + "ExistingLeastPrivilegedAccessDto": { "type": "object", "properties": { - "data": { - "$ref": "#/components/schemas/PermissionSearchResultDataDto" - }, - "query": { - "type": "string", - "description": "Query string", - "example": "config from iam where ..." - }, - "id": { + "iamResourceName": { "type": "string", - "description": "Request user Id", - "example": "111111" - }, - "saved": { - "type": "boolean", - "description": "Is search saved", - "example": true + "description": "The name of the iam resource", + "example": "MyIamResource" }, - "name": { + "iamResourceId": { "type": "string", - "description": "Search name", - "example": "search-name" - }, - "timeRange": { - "oneOf": [ - { - "$ref": "#/components/schemas/AbsoluteTimeRangeDto" - }, - { - "$ref": "#/components/schemas/RelativeTimeRangeDto" - }, - { - "$ref": "#/components/schemas/ToNowTimeRangeDto" - } - ] + "description": "The id of the iam resource", + "example": "rrn:aws:iamRole::123456789012:3fab987adf7c268519219cdfe5a4c4c2d4dc:AROAXHNDH53GWC2HSVKSR" }, - "searchType": { + "iamResourceType": { "type": "string", - "description": "Search type", - "example": "search-type" + "description": "The type of iam resource", + "example": "AWS_POLICY" }, - "description": { + "formatType": { "type": "string", - "description": "Search description", - "example": "search-description" + "description": "Format type of the access policy", + "example": "TERRAFORM" }, - "cloudType": { + "snippet": { "type": "string", - "description": "Cloud Type", - "example": "aws" + "description": "The access policy", + "example": "A Terraform code for creating a policy" } - } + }, + "description": "Least Privileged Access items" }, - "PermissionSearchResultDataDto": { + "ExistingLeastPrivilegedAccessResponseDto": { "type": "object", "properties": { "nextPageToken": { @@ -4712,668 +2535,486 @@ "description": "Next page token", "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" }, - "totalRows": { + "permissionsInAssetCount": { "type": "integer", - "description": "Total rows count", - "format": "int64", - "example": 1243 + "description": "Number of actions in asset", + "format": "int32", + "example": 10 }, - "items": { + "permissionsInLeastPrivilegedCount": { + "type": "integer", + "description": "Number of actions in least privileged access", + "format": "int32", + "example": 10 + }, + "analysis": { "type": "array", - "description": "Requested permissions list", + "description": "Least Privileged result analysis", "items": { - "$ref": "#/components/schemas/PermissionDto" + "$ref": "#/components/schemas/LeastPrivilegedPermissionVerdict" } }, - "searchedDestCloudResourceNames": { - "uniqueItems": true, + "value": { "type": "array", - "description": "Searched destination cloud resource names", - "example": [], + "description": "Least Privileged Access items", "items": { - "type": "string", - "description": "Searched destination cloud resource names", - "example": "[]" + "$ref": "#/components/schemas/ExistingLeastPrivilegedAccessDto" } } } }, - "PolicyValidationRequestDto": { - "required": [ - "query" - ], - "type": "object", - "properties": { - "query": { - "type": "string", - "description": "RQL Query", - "example": "config from iam where source.cloud.type = 'aws'" - } - } - }, - "PermissionSearchPageRequestDto": { + "LeastPrivilegedPermissionVerdict": { "type": "object", "properties": { - "limit": { - "type": "integer", - "format": "int32" + "action": { + "type": "string" }, - "pageToken": { + "configurationName": { "type": "string" + }, + "keep": { + "type": "boolean" } - } + }, + "description": "Least Privileged result analysis" }, - "PermissionGraphRequestDto": { - "required": [ - "query" - ], + "CustomLeastPrivilegedAccessDto": { "type": "object", "properties": { - "query": { + "formatType": { "type": "string", - "description": "RQL Query", - "example": "config from iam where source.cloud.type = 'aws'" + "description": "Format type of the access policy", + "example": "TERRAFORM" + }, + "snippet": { + "type": "string", + "description": "The access policy", + "example": "Terraform code for creating a policy" } - } + }, + "description": "Least Privileged Access items" }, - "RemediationRequestDto": { - "required": [ - "alerts" - ], + "CustomLeastPrivilegedAccessResponseDto": { "type": "object", "properties": { - "alerts": { + "nextPageToken": { + "type": "string", + "description": "Next page token", + "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" + }, + "permissionsInAssetCount": { + "type": "integer", + "description": "Number of actions in asset", + "format": "int32", + "example": 10 + }, + "permissionsInLeastPrivilegedCount": { + "type": "integer", + "description": "Number of actions in least privileged access", + "format": "int32", + "example": 10 + }, + "analysis": { "type": "array", - "description": "List of relevant alerts", - "example": [ - "I-1234", - "I-1235" - ], + "description": "Least Privileged result analysis", "items": { - "type": "string", - "description": "List of relevant alerts", - "example": "[\"I-1234\",\"I-1235\"]" - } - } - } - }, - "RemediationResponseDto": { - "type": "object", - "properties": { - "alertIdVsCliScript": { - "type": "object", - "additionalProperties": { - "type": "string", - "description": "List of relevant remediations", - "readOnly": true, - "example": "{\"I-1234\":\"cli command1\",\"I-1235\":\"cli command2\"}" - }, - "description": "List of relevant remediations", - "readOnly": true, - "example": { - "I-1234": "cli command1", - "I-1235": "cli command2" + "$ref": "#/components/schemas/LeastPrivilegedPermissionVerdict" } }, - "cliDescription": { - "type": "string", - "description": "Cli Description", - "readOnly": true, - "example": "The following are CLI commands required for remediation. Successful execution will limit the relevant permissions of the violating resource.}" + "value": { + "type": "array", + "description": "Least Privileged Access items", + "items": { + "$ref": "#/components/schemas/CustomLeastPrivilegedAccessDto" + } } } }, - "PermissionAccessRequestDto": { + "PermissionSearchV4RequestDto": { "required": [ - "permissionId", "query" ], "type": "object", "properties": { - "permissionId": { + "query": { "type": "string", - "description": "Permission Id", - "example": "111111" - }, - "limit": { - "type": "integer", - "description": "Query records limit (default 0)", - "format": "int32", - "example": 5 + "description": "RQL query", + "example": "config from iam where dest.cloud.type='AWS'" }, - "query": { + "searchId": { "type": "string", - "description": "Query string", - "example": "config from iam where ..." - } - } - }, - "PermissionAccessResponseDto": { - "type": "object", - "properties": { - "data": { - "$ref": "#/components/schemas/PermissionAccessResultDataDto" - } - } - }, - "PermissionAccessResultDataDto": { - "type": "object", - "properties": { + "description": "Saved search id", + "example": "ff4fcb80-03f6-41dd-8bd8-6179fd46b3a4" + }, "nextPageToken": { "type": "string", - "description": "Next page token", - "readOnly": true, + "description": "Page Token", "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" }, - "totalRows": { - "type": "integer", - "description": "Total rows count", - "format": "int64", - "readOnly": true, - "example": 1243 - }, - "items": { + "groupByFields": { + "uniqueItems": true, "type": "array", - "description": "Permissions list", - "readOnly": true, + "description": "Fields to group results by. Empty or missing array is considered the same as an array with all possible fields", + "example": [ + "source", + "sourceCloudAccount", + "grantedByEntity", + "entityCloudAccount", + "grantedByPolicy", + "policyCloudAccount", + "grantedByLevel", + "action", + "destination", + "destCloudAccount", + "lastAccess" + ], "items": { - "$ref": "#/components/schemas/PermissionLastAccessDto" + "type": "string", + "description": "Fields to group results by. Empty or missing array is considered the same as an array with all possible fields", + "example": "[\"source\",\"sourceCloudAccount\",\"grantedByEntity\",\"entityCloudAccount\",\"grantedByPolicy\",\"policyCloudAccount\",\"grantedByLevel\",\"action\",\"destination\",\"destCloudAccount\",\"lastAccess\"]", + "enum": [ + "source", + "sourceCloudAccount", + "grantedByEntity", + "entityCloudAccount", + "grantedByPolicy", + "policyCloudAccount", + "grantedByLevel", + "action", + "destination", + "destCloudAccount", + "lastAccess" + ] } } - }, - "description": "Permissions last access list", - "readOnly": true - }, - "PermissionAccessPageRequestDto": { - "type": "object", - "properties": { - "limit": { - "type": "integer", - "description": "Query records limit (default: 0)", - "format": "int32", - "example": 5 - }, - "pageToken": { - "type": "string", - "description": "Page token (default: empty string)", - "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" - } } }, - "DbAccountAttributesRequestDto": { - "required": [ - "accountIds", - "cloudTypes", - "tenantIds" - ], + "PermissionSearchV4ResponseDataDto": { "type": "object", "properties": { - "tenantIds": { + "items": { "type": "array", - "description": "Tenant id of the accounts. if only one tenant id, update all accounts in the tenant. If [-1], update all accounts in the environment", - "example": 321423423, + "description": "items list", "items": { - "type": "integer", - "description": "Tenant id of the accounts. if only one tenant id, update all accounts in the tenant. If [-1], update all accounts in the environment", - "format": "int32", - "example": 321423423 + "$ref": "#/components/schemas/PermissionV4DataItemDto" } }, - "accountIds": { - "type": "array", - "description": "List of account ids. If [-1], update all accounts of tenant", - "example": "[234234,23q423423]", - "items": { - "type": "string", - "description": "List of account ids. If [-1], update all accounts of tenant", - "example": "[234234,23q423423]" - } + "nextPageToken": { + "type": "string", + "description": "Next page token", + "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" }, - "rootAccountIds": { - "type": "array", - "description": "List of root account ids. If [-1], update all root accounts of tenant", - "example": "[234234,23q423423]", - "items": { - "type": "string", - "description": "List of root account ids. If [-1], update all root accounts of tenant", - "example": "[234234,23q423423]" - } + "totalRows": { + "type": "integer", + "description": "Total rows count", + "format": "int64", + "example": 1243 }, - "cloudTypes": { + "searchedDestCloudResourceNames": { + "uniqueItems": true, "type": "array", - "description": "List of cloud types.", - "example": "AWS", + "description": "Searched destination cloud resource names", + "example": [], "items": { "type": "string", - "description": "List of cloud types.", - "example": "AWS", - "enum": [ - "UNKNOWN", - "ALL", - "AWS", - "AZURE", - "GCP", - "ALIBABA_CLOUD", - "OCI", - "IBM" - ] + "description": "Searched destination cloud resource names", + "example": "[]" } + } + } + }, + "PermissionSearchV4ResponseDto": { + "type": "object", + "properties": { + "data": { + "$ref": "#/components/schemas/PermissionSearchV4ResponseDataDto" }, - "epcCalculationTypeNoUnionOnAdd": { - "type": "boolean", - "description": "Whether or not to change the calculation type to NO_UNION_ON_ADD", - "example": true, - "default": false - }, - "epcCalculationTypeRegular": { - "type": "boolean", - "description": "Whether or not to change the calculation type to REGULAR", - "example": true, - "default": false - }, - "epcRecalcNeeded": { - "type": "boolean", - "description": "Whether or not to perform a epc recalc.", - "example": true, - "default": false + "query": { + "type": "string", + "description": "Query string", + "example": "config from iam where ..." }, - "epcStatusTooManyFailures": { - "type": "boolean", - "description": "Whether or not to set EPC status to TOO_MANY_FAILURES.", - "example": true, - "default": false + "id": { + "type": "string", + "description": "Request user Id", + "example": "111111" }, - "epcWorkerTypeSmall": { + "saved": { "type": "boolean", - "description": "Whether or not to set EPC worker type to SMALL.", - "example": true, - "default": false + "description": "Is search saved", + "example": true }, - "epcWorkerTypeLarge": { - "type": "boolean", - "description": "Whether or not to set EPC worker type to LARGE.", - "example": true, - "default": false + "name": { + "type": "string", + "description": "Search name", + "example": "search-name" }, - "adminIdentitiesRecalcNeeded": { - "type": "boolean", - "description": "Whether or not to perform an admin identities recalc.", - "example": true, - "default": false + "timeRange": { + "$ref": "#/components/schemas/TimeRangeDto" }, - "policyIsAccessiveRecalcNeeded": { - "type": "boolean", - "description": "Whether or not to perform a policy isAccessive recalc.", - "example": true, - "default": false + "searchType": { + "type": "string", + "description": "Search type", + "example": "search-type" }, - "releaseEpcCalculation": { - "type": "boolean", - "description": "Whether or not to release stuck accounts.", - "example": true, - "default": false + "description": { + "type": "string", + "description": "Search description", + "example": "search-description" }, - "rescanNeeded": { - "type": "boolean", - "description": "Whether or not to perform a rescan.", - "example": true, - "default": false - } - }, - "description": "A list of account update requests.", - "example": "{\"data\":[{\"tenantIds\":-9,\"accountIds\":[\"123456789012\"],\"cloudType\":\"AWS\",\"epcCalculationTypeNoUnionOnAdd\":true,\"epcCalculationTypeRegular\":false,\"epcRecalcNeeded\":true,\"rescanNeeded\":true\"epcStatusTooManyFailures\":false,\"epcWorkerTypeSmall\":false,\"epcWorkerTypeLarge\":true,\"adminIdentitiesRecalcNeeded\":true,\"policyIsAccessiveRecalcNeeded\":true,\"releaseEpcCalculation\":true}]}" - }, - "DbAccountEpcAttributesChangeRequestDto": { - "required": [ - "data" - ], - "type": "object", - "properties": { - "data": { - "type": "array", - "description": "A list of account update requests.", - "example": "{\"data\":[{\"tenantIds\":-9,\"accountIds\":[\"123456789012\"],\"cloudType\":\"AWS\",\"epcCalculationTypeNoUnionOnAdd\":true,\"epcCalculationTypeRegular\":false,\"epcRecalcNeeded\":true,\"rescanNeeded\":true\"epcStatusTooManyFailures\":false,\"epcWorkerTypeSmall\":false,\"epcWorkerTypeLarge\":true,\"adminIdentitiesRecalcNeeded\":true,\"policyIsAccessiveRecalcNeeded\":true,\"releaseEpcCalculation\":true}]}", - "items": { - "$ref": "#/components/schemas/DbAccountAttributesRequestDto" - } + "cloudType": { + "type": "string", + "description": "Cloud Type", + "example": "aws" } } }, - "ResourceDtoV2": { + "PermissionV4DataItemDto": { "type": "object", "properties": { - "type": { - "type": "string" - }, "id": { "type": "string", - "example": "a4e1d00b-b835-49c3-a194-16ee8d9aa837" + "description": "Message id", + "example": "13" }, - "name": { + "sourcePublic": { + "type": "boolean", + "description": "Is source public", + "example": false + }, + "sourceCloudType": { "type": "string", - "example": "groups/01baon6m1j3014o" - } - }, - "description": "items list" - }, - "ResourceIdsResponseV2Dto": { - "type": "object", - "properties": { - "data": { - "$ref": "#/components/schemas/ResourceIdsResultDtoV2" - } - } - }, - "ResourceIdsResultDtoV2": { - "type": "object", - "properties": { - "items": { - "type": "array", - "description": "items list", - "items": { - "$ref": "#/components/schemas/ResourceDtoV2" - } + "description": "Source cloud type", + "example": "AWS" }, - "nextPage": { + "sourceCloudAccount": { "type": "string", - "description": "Next page url with the token", - "example": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg" - } - } - }, - "RemediationResponseDtoV2": { - "type": "object", - "properties": { - "cliCommand": { + "description": "Source cloud account", + "example": "123456789" + }, + "sourceCloudRegion": { "type": "string", - "description": "Relevant cli command for remediation", - "example": "cli command" + "description": "Source cloud region", + "example": "AWS London" }, - "cliDescription": { + "sourceCloudServiceName": { "type": "string", - "description": "Cli Description", - "example": "The following are CLI command is required for remediation. Successful execution will limit the relevant permissions of the violating resource.}" - } - } - }, - "RqlResponseDtoV2": { - "type": "object", - "properties": { - "timeRange": { - "$ref": "#/components/schemas/TimeRangeDto" + "description": "Source cloud service name", + "example": "iam" }, - "query": { + "sourceResourceName": { "type": "string", - "example": "config from iam where source.cloud.type = 'AWS'" + "description": "Source cloud resource name", + "example": "john" }, - "data": { - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "ResourceDto": { - "type": "object", - "properties": { - "type": { - "type": "string" + "sourceResourceType": { + "type": "string", + "description": "Source cloud resource type", + "example": "user" }, - "id": { - "type": "string" + "sourceResourceId": { + "type": "string", + "description": "Source cloud resource id", + "example": "arn:aws:iam::111111:user/john" }, - "name": { - "type": "string" - } - }, - "description": "Resource ids and names array", - "example": [ - { - "id": "a4e1d00b-b835-49c3-a194-16ee8d9aa837", - "name": "groups/01baon6m1j3014o" - } - ] - }, - "ResourceIdsResponseDto": { - "type": "object", - "properties": { - "value": { - "type": "array", - "description": "Resource ids and names array", - "example": [ - { - "id": "a4e1d00b-b835-49c3-a194-16ee8d9aa837", - "name": "groups/01baon6m1j3014o" - } - ], - "items": { - "$ref": "#/components/schemas/ResourceDto" - } + "sourceCloudResourceUai": { + "type": "string", + "description": "Source cloud resource UAI", + "example": "681390624b288d835f4cd03e7bfb0994" }, - "nextPage": { + "sourceIdpService": { "type": "string", - "description": "Next page url with the token", - "example": "iam/api/v1/tenants/{prismaCustomerId}/cloud_types/{cloudType}/accounts/{accountId}/resource_types/{resourceType}/resources?pageToken=Q74589g444gg" - } - } - }, - "OverPermissiveMetadataResponseDto": { - "type": "object", - "properties": { - "totalIamResourceCount": { - "type": "integer", - "description": "The total number of iam resources attached to the asset", - "format": "int32", - "example": 15 + "description": "Source IDP service", + "example": "AWS Identity Center" + }, + "sourceIdpDomain": { + "type": "string", + "description": "Source IDP domain", + "example": "idp.com" + }, + "sourceIdpEmail": { + "type": "string", + "description": "Source IDP email", + "example": "idp@email.com" + }, + "sourceIdpUserId": { + "type": "string", + "description": "Source IDP user id", + "example": "123456789" + }, + "sourceIdpUsername": { + "type": "string", + "description": "Source IDP user name", + "example": "idp-user" + }, + "sourceIdpGroup": { + "type": "string", + "description": "Source IDP group", + "example": "IdpGroup" + }, + "sourceIdpUai": { + "type": "string", + "description": "Source idp UAI", + "example": "681390424b288d835f5cd03e7bfb0993" + }, + "destCloudType": { + "type": "string", + "description": "Destination cloud type", + "example": "AWS" + }, + "destCloudAccount": { + "type": "string", + "description": "Destination cloud account", + "example": "123456789" + }, + "destCloudRegion": { + "type": "string", + "description": "Destination cloud region", + "example": "AWS London" }, - "overPermissiveCount": { - "type": "integer", - "description": "The number of over permissive iam resources attached to the asset", - "format": "int32", - "example": 10 + "destCloudServiceName": { + "type": "string", + "description": "Destination cloud service name", + "example": "iam" }, - "isCustomLeastPrivilegedSupported": { - "type": "boolean", - "description": "Is custom least privileged access supported for asset", - "example": true + "destResourceName": { + "type": "string", + "description": "Destination cloud resource name", + "example": "john" }, - "isExistingLeastPrivilegedSupported": { - "type": "boolean", - "description": "Is existing least privileged access supported for asset", - "example": true + "destResourceType": { + "type": "string", + "description": "Destination cloud resource type", + "example": "user" }, - "iamResourceType": { + "destResourceId": { "type": "string", - "description": "The type of resources attached to the asset", - "example": "AWS IAM Policy" - } - } - }, - "ExistingLeastPrivilegedAccessDto": { - "type": "object", - "properties": { - "iamResourceName": { + "description": "Destination cloud resource id", + "example": "arn:aws:iam::111111:user/john" + }, + "destCloudResourceUai": { "type": "string", - "description": "The name of the iam resource", - "example": "MyIamResource" + "description": "Destination cloud resource UAI", + "example": "181390424b298d835f4cd03e7bfb0991" }, - "iamResourceId": { + "grantedByCloudType": { "type": "string", - "description": "The id of the iam resource", - "example": "rrn:aws:iamRole::123456789012:3fab987adf7c268519219cdfe5a4c4c2d4dc:AROAXHNDH53GWC2HSVKSR" + "description": "Granted by cloud type", + "example": "AWS" }, - "iamResourceType": { + "grantedByCloudPolicyId": { "type": "string", - "description": "The type of iam resource", - "example": "AWS_POLICY" + "description": "Granted by cloud policy Id", + "example": "arn:aws:iam::aws:policy/aws-policy" }, - "formatType": { + "grantedByCloudPolicyName": { "type": "string", - "description": "Format type of the access policy", - "example": "TERRAFORM" + "description": "Granted by cloud policy name", + "example": "my-policy" }, - "snippet": { + "grantedByCloudPolicyType": { "type": "string", - "description": "The access policy", - "example": "Terraform code for creating a policy" - } - }, - "description": "Least Privileged Access items" - }, - "ExistingLeastPrivilegedAccessResponseDto": { - "type": "object", - "properties": { - "nextPageToken": { + "description": "Granted by cloud policy type", + "example": "Customer Managed Policy" + }, + "grantedByCloudPolicyUai": { "type": "string", - "description": "Next page token", - "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" + "description": "Granted by cloud policy UAI", + "example": "771390424b298d835f4cd03e7bfb0232" }, - "permissionsInAssetCount": { - "type": "integer", - "description": "Number of actions in asset", - "format": "int32", - "example": 10 + "grantedByCloudPolicyAccount": { + "type": "string", + "description": "Granted by cloud policy account", + "example": "123456789" }, - "permissionsInLeastPrivilegedCount": { - "type": "integer", - "description": "Number of actions in least privileged access", - "format": "int32", - "example": 10 + "grantedByCloudEntityId": { + "type": "string", + "description": "Granted by cloud entity id", + "example": "arn:aws:iam:::role/my-role" }, - "verdicts": { - "type": "array", - "description": "Least Privileged result verdicts", - "items": { - "$ref": "#/components/schemas/LeastPrivilegedPermissionVerdict" - } + "grantedByCloudEntityName": { + "type": "string", + "description": "Granted by cloud entity name", + "example": "my-role" }, - "value": { - "type": "array", - "description": "Least Privileged Access items", - "items": { - "$ref": "#/components/schemas/ExistingLeastPrivilegedAccessDto" - } - } - } - }, - "LeastPrivilegedPermissionVerdict": { - "type": "object", - "properties": { - "action": { - "type": "string" + "grantedByCloudEntityType": { + "type": "string", + "description": "Granted by cloud entity type", + "example": "user" }, - "iamResourceName": { - "type": "string" + "grantedByCloudEntityAccount": { + "type": "string", + "description": "Granted by cloud entity account", + "example": "123456789" }, - "keep": { - "type": "boolean" - } - }, - "description": "Least Privileged result verdicts" - }, - "CustomLeastPrivilegedAccessDto": { - "type": "object", - "properties": { - "formatType": { + "grantedByCloudEntityUai": { "type": "string", - "description": "Format type of the access policy", - "example": "TERRAFORM" + "description": "Granted by cloud entity UAI", + "example": "223390424b298d835f4cd03e7bfb0111" }, - "snippet": { + "grantedByLevelType": { "type": "string", - "description": "The access policy", - "example": "Terraform code for creating a policy" - } - }, - "description": "Least Privileged Access items" - }, - "CustomLeastPrivilegedAccessResponseDto": { - "type": "object", - "properties": { - "nextPageToken": { + "description": "Granted by level type", + "example": "GCP Folder" + }, + "grantedByLevelId": { "type": "string", - "description": "Next page token", - "example": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS" + "description": "Granted by level id", + "example": "level_id" }, - "permissionsInAssetCount": { - "type": "integer", - "description": "Number of actions in asset", - "format": "int32", - "example": 10 + "grantedByLevelName": { + "type": "string", + "description": "Granted by level name", + "example": "level_name" }, - "permissionsInLeastPrivilegedCount": { - "type": "integer", - "description": "Number of actions in least privileged access", - "format": "int32", - "example": 10 + "grantedByLevelUai": { + "type": "string", + "description": "Granted by level UAI", + "example": "123390424cb99d835f4cd03e7bfb0991" }, - "verdicts": { - "type": "array", - "description": "Least Privileged result verdicts", - "items": { - "$ref": "#/components/schemas/LeastPrivilegedPermissionVerdict" - } + "lastAccessDate": { + "type": "string", + "description": "Last accessed data", + "example": "2024-01-02" }, - "value": { - "type": "array", - "description": "Least Privileged Access items", - "items": { - "$ref": "#/components/schemas/CustomLeastPrivilegedAccessDto" - } - } - } - }, - "RqlResponseDto": { - "type": "object", - "properties": { - "timeRange": { - "oneOf": [ - { - "$ref": "#/components/schemas/AbsoluteTimeRangeDto" - }, - { - "$ref": "#/components/schemas/RelativeTimeRangeDto" - }, - { - "$ref": "#/components/schemas/ToNowTimeRangeDto" - } + "lastAccessStatus": { + "type": "string", + "description": "Last accessed status", + "example": "ACCESSED", + "enum": [ + "NOT_AVAILABLE", + "NOT_ACCESSED_IN_TRACKING_PERIOD", + "ACCESSED" ] }, - "query": { + "accessedResourcesCount": { + "type": "integer", + "description": "Accessed resource count", + "format": "int64", + "example": 12 + }, + "effectiveActionName": { "type": "string", - "example": "config from iam where source.cloud.type = 'AWS'" + "description": "Effective action name", + "example": "sso:ListApplications" }, - "data": { - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "AzureGroupIdsResponseDto": { - "type": "object", - "properties": { - "groups": { + "exceptions": { "type": "array", - "description": "Group ids array", + "description": "Permission exception list", "example": [ - "a8eb7d22-a93b-470b-a5dd-cdca638ec4bb", - "b8eb7d22-a93b-470b-a5dd-cdca638ec4dd" + { + "messageCode": "LIMITED_BY_DENY_STATEMENT" + } ], "items": { - "type": "string", - "description": "Group ids array", - "example": "[\"a8eb7d22-a93b-470b-a5dd-cdca638ec4bb\",\"b8eb7d22-a93b-470b-a5dd-cdca638ec4dd\"]" + "$ref": "#/components/schemas/PermissionExceptionDto" } }, - "nextPageToken": { - "type": "string", - "description": "Query string", - "example": "=Q74589g444gg" + "wildCardDestCloudResourceName": { + "type": "boolean" } - } + }, + "description": "items list" } }, "securitySchemes": { From 47fc31818436da1eb869167952878e1a30a6057c Mon Sep 17 00:00:00 2001 From: AbiMano4688 Date: Tue, 17 Sep 2024 12:05:07 +0530 Subject: [PATCH 5/9] Logging Accounts APIs --- .../CloudAccountOnboardingMicroServices.json | 1060 ++++++++++++++--- .../cspm/consolidated_spec/all_endpoints.csv | 20 +- 2 files changed, 885 insertions(+), 195 deletions(-) diff --git a/openapi-specs/cspm/CloudAccountOnboardingMicroServices.json b/openapi-specs/cspm/CloudAccountOnboardingMicroServices.json index 12cebfb94..c5165a6ae 100644 --- a/openapi-specs/cspm/CloudAccountOnboardingMicroServices.json +++ b/openapi-specs/cspm/CloudAccountOnboardingMicroServices.json @@ -13,6 +13,10 @@ "name": "Cloud Accounts (AWS)", "description": "To monitor the resources on your AWS cloud infrastructure, you must first add your AWS accounts to Prisma Cloud. When you add your cloud account to Prisma Cloud, the API integration between AWS and Prisma Cloud is established and you can begin monitoring the resources and identify potential security risks.\n\nThe Cloud Account (AWS) APIs enable you to add and manage AWS accounts on Prisma Cloud. For end to end workflow to onboarding an AWS account using APIs, see [Automate AWS Cloud Account Onboarding](/prisma-cloud/docs/cspm/aws-cloud-account-onboarding/).\n For common operations related to cloud accounts, see [Cloud Accounts (All)](/prisma-cloud/api/cspm/cloud-accounts-all/).\n" }, + { + "name": "AWS Logging Accounts", + "description": "To ingest the VPC flow logs from Amazon S3 buckets to Prisma Cloud, you need an AWS logging account. If you need flow logs ingestion, after onboarding your AWS account, you must onboard the logging account which has the S3 bucket storing VPC flow logs for the monitored account. The APIs in this category can be used to configure and manage these logging accounts." + }, { "name": "Cloud Accounts (All)", "description": "You can use the APIs in this category to perform operations that are nonspecific to cloud account types, such as listing all the cloud accounts, listing supported features, and deleting an account.\n\nFor operations that are specific to the cloud type or cloud provider, see:\n* [Cloud Accounts (AWS)](/prisma-cloud/api/cspm/cloud-accounts-aws/)\n* [Cloud Accounts (Azure)](/prisma-cloud/api/cspm/cloud-accounts-azure/) \n* [Cloud Accounts (GCP)](/prisma-cloud/api/cspm/cloud-accounts-gcp/)\n* [Cloud Accounts (OCI and Alibaba)](/prisma-cloud/api/cspm/cloud-accounts-oci-and-alibaba/)\n" @@ -96,7 +100,7 @@ } ], "requestBody": { - "$ref": "#/components/requestBodies/AwsCloudAccountRequestModel" + "$ref": "#/components/requestBodies/AwsCloudAccountRequestModel2" }, "responses": { "200": { @@ -211,7 +215,7 @@ } ], "requestBody": { - "$ref": "#/components/requestBodies/AwsCloudAccountRequestModel" + "$ref": "#/components/requestBodies/AwsCloudAccountRequestModel2" }, "responses": { "200": { @@ -428,14 +432,18 @@ "summary": "Get Cloud Account Status (AWS)", "description": "Lists status messages of the specified AWS cloud account.", "operationId": "get-aws-cloud-account-status", - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AwsCloudAccountRequestModel" - } + "parameters": [ + { + "name": "automatedFlow", + "in": "query", + "required": false, + "schema": { + "type": "boolean" } } + ], + "requestBody": { + "$ref": "#/components/requestBodies/AwsCloudAccountRequestModel" }, "responses": { "200": { @@ -660,6 +668,14 @@ "schema": { "type": "boolean" } + }, + { + "name": "includePendingAccounts", + "in": "query", + "required": false, + "schema": { + "type": "boolean" + } } ], "responses": { @@ -1027,7 +1043,8 @@ { "x-redlock-auth": [] } - ] + ], + "x-public": "true" } }, "/cloud/name": { @@ -1212,7 +1229,7 @@ "Cloud Accounts (OCI and Alibaba)" ], "summary": "Get Cloud Account Status (OCI and Alibaba)", - "description": "Lists status messages of the specified cloud account. \r\n\r\nThis request performs a cloud account on-boarding trial run. You can use this request to validate your parameters before \n you use [Add Cloud Account](/prisma-cloud/api/cspm/add-cloud-account).\n", + "description": "Lists status messages of the specified cloud account. \\r\\n\\r\\nThis request performs a cloud account on-boarding trial run. You can use this request to validate your parameters before \\n you use [Add Cloud Account](/prisma-cloud/api/cspm/add-cloud-account).\\n", "operationId": "get-cloud-account-status", "parameters": [ { @@ -2100,159 +2117,712 @@ ], "x-public": "true" } - } - }, - "servers": [ - { - "url": "https://api.prismacloud.io" - }, - { - "url": "https://api2.prismacloud.io" - }, - { - "url": "https://api3.prismacloud.io" - }, - { - "url": "https://api4.prismacloud.io" - }, - { - "url": "https://api.anz.prismacloud.io" - }, - { - "url": "https://api.eu.prismacloud.io" - }, - { - "url": "https://api2.eu.prismacloud.io" - }, - { - "url": "https://api.gov.prismacloud.io" - }, - { - "url": "https://api.prismacloud.cn" - }, - { - "url": "https://api.ca.prismacloud.io" - }, - { - "url": "https://api.sg.prismacloud.io" - }, - { - "url": "https://api.uk.prismacloud.io" - }, - { - "url": "https://api.ind.prismacloud.io" - }, - { - "url": "https://api.jp.prismacloud.io" }, - { - "url": "https://api.fr.prismacloud.io" - } - ], - "components": { - "requestBodies": { - "LoggingAccountCFTRequest": { - "content": { - "application/json": { + "/v1/cloudAccounts/awsLoggingAccounts": { + "get": { + "tags": [ + "AWS Logging Accounts" + ], + "summary": "Get all AWS Logging Accounts", + "description": "Get the list of all the AWS Logging accounts and its details.", + "operationId": "getLoggingArchiveAccounts", + "parameters": [ + { + "name": "awsPartition", + "in": "query", + "description": "AWS Partition Name (optional)", + "required": false, "schema": { - "$ref": "#/components/schemas/LoggingAccountCFTRequest" + "type": "string" } } - }, - "description": "Logging Account CFT", - "required": true - }, - "GcpCloudAccountRequestModel": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/GcpCloudAccountRequestModel" + ], + "responses": { + "200": { + "description": "Successfully retrieved list of accounts", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/LoggingArchiveAccountModel" + } + } } + }, + "204": { + "description": "No logging archive accounts exists for customer" + }, + "401": { + "description": "Unauthorized Access" } }, - "description": "Cloud Account", - "required": true + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" }, - "AzureCloudAccountRequestModel": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AzureCloudAccountRequestModel" + "post": { + "tags": [ + "AWS Logging Accounts" + ], + "summary": "Add AWS Logging Account", + "description": "Add new AWS logging account.", + "operationId": "saveLoggingAccount", + "requestBody": { + "$ref": "#/components/requestBodies/LoggingArchiveAccountModel" + }, + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/LoggingArchiveAccountModel" + } + } } + }, + "201": { + "description": "Successfully created account" + }, + "400": { + "description": "Bad Request. Data validation failed." + }, + "401": { + "description": "Unauthorized Access" } }, - "description": "Cloud Account", - "required": true - }, - "BucketModel": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/BucketModel" - } + "security": [ + { + "x-redlock-auth": [] } - } - }, - "AwsCloudAccountRequestModel": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AwsCloudAccountRequestModel" - } + ], + "x-public": "true" + } + }, + "/v1/cloudAccounts/awsLoggingAccounts/cft": { + "post": { + "tags": [ + "AWS Logging Accounts" + ], + "summary": "Generate a New CFT Template", + "description": "Dynamically generate a CFT for the AWS Logging Account.", + "operationId": "generate-log-account-cft", + "requestBody": { + "$ref": "#/components/requestBodies/LoggingAccountCFTRequest" + }, + "responses": { + "200": { + "description": "success" + }, + "400": { + "description": "bad_request" } }, - "description": "Cloud Account", - "required": true - }, - "LoggingArchiveAccountModel": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/LoggingArchiveAccountModel" - } + "security": [ + { + "x-redlock-auth": [] } - } - }, - "get-ancestors-for-given-members-ous-legacyBody": { - "content": { - "application/json": { - "schema": { - "type": "object", - "additionalProperties": { - "type": "object" + ], + "x-public": "true" + } + }, + "/v1/cloudAccounts/awsLoggingAccounts/permissionsStatus": { + "post": { + "tags": [ + "AWS Logging Accounts" + ], + "summary": "Get Logging Account Status", + "description": "Get the status of the AWS logging account based on filter criteria such as, ID, name, RoleRN, and bucket.", + "operationId": "checkLoggingAccountStatus", + "requestBody": { + "$ref": "#/components/requestBodies/LoggingArchiveAccountModel" + }, + "responses": { + "200": { + "description": "Successfully completed status check for logging account", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/CloudAccountStatus" + } } } + }, + "401": { + "description": "Unauthorized Access" } }, - "description": "Cloud Account JSON", - "required": true - }, - "GcpResourceControllerRequestModel": { - "content": { - "application/json": { + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/v1/cloudAccounts/awsLoggingAccounts/{accountId}/buckets/{bucketName}": { + "delete": { + "tags": [ + "AWS Logging Accounts" + ], + "summary": "Delete an S3 bucket", + "description": "Delete an S3 bucket in a logging account.", + "operationId": "deleteBucket", + "parameters": [ + { + "name": "accountId", + "in": "path", + "description": "AWS Logging Account ID", + "required": true, "schema": { - "$ref": "#/components/schemas/GcpResourceControllerRequestModel" + "type": "string" } - } - }, - "description": "The content of the credentials object is the Service Account Key for your Google Cloud service account", - "required": true - }, - "get-cloud-account-statusBody": { - "content": { - "application/json": { + }, + { + "name": "bucketName", + "in": "path", + "description": "AWS S3 Bucket Name", + "required": true, "schema": { - "type": "object", - "additionalProperties": { - "type": "object" - } + "type": "string" } } - } - }, - "add-cloud-accountBody": { - "content": { - "application/json": { + ], + "responses": { + "200": { + "description": "successful operation", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/BucketModel" + } + } + } + }, + "204": { + "description": "Successfully deleted bucket" + }, + "400": { + "description": "Bad Request. Data validation failed." + }, + "401": { + "description": "Unauthorized Access" + }, + "404": { + "description": "Account or bucket not found." + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/v1/cloudAccounts/awsLoggingAccounts/{accountId}/cft": { + "get": { + "tags": [ + "AWS Logging Accounts" + ], + "summary": "Regenerate CFT for an Existing Account", + "description": "Dynamically generate a CFT for an existing Log Account.", + "operationId": "generate-log-account-cft-existing", + "parameters": [ + { + "name": "accountId", + "in": "path", + "description": "Account ID", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "success" + }, + "400": { + "description": "bad_request" + }, + "404": { + "description": "Account or bucket not found." + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/v1/cloudAccounts/awsLoggingAccounts/{accountId}/role/{roleName}/externalId": { + "get": { + "tags": [ + "AWS Logging Accounts" + ], + "summary": "Get External ID of an Account", + "description": "Get external ID of an AWS Logging Accountby account ID and rolename.", + "operationId": "Get External ID ", + "parameters": [ + { + "name": "accountId", + "in": "path", + "description": "AWS AccountId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "roleName", + "in": "path", + "description": "AWS Role Name", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "success", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "type": "string" + } + } + } + }, + "400": { + "description": "bad_request" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}": { + "put": { + "tags": [ + "AWS Logging Accounts" + ], + "summary": "Update Logging Account", + "description": "Update details of the logging account.", + "operationId": "updateLoggingAccount", + "parameters": [ + { + "name": "loggingAccountId", + "in": "path", + "description": "AWS Logging Account ID", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "$ref": "#/components/requestBodies/LoggingArchiveAccountModel" + }, + "responses": { + "204": { + "description": "No content" + }, + "400": { + "description": "Bad Request. Data validation failed." + }, + "401": { + "description": "Unauthorized Access" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}/buckets": { + "get": { + "tags": [ + "AWS Logging Accounts" + ], + "summary": "List S3 Bucket Names", + "description": "Get a list of all the S3 bucket names associated to a logging account.", + "operationId": "getBuckets", + "parameters": [ + { + "name": "loggingAccountId", + "in": "path", + "description": "AWS Logging Account ID", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successfully retrieved buckets", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "type": "array", + "items": { + "type": "object" + } + } + } + } + }, + "400": { + "description": "Bad Request. Data validation failed." + }, + "401": { + "description": "Unauthorized Access" + }, + "404": { + "description": "Account not found" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + }, + "post": { + "tags": [ + "AWS Logging Accounts" + ], + "summary": "Add an S3 bucket", + "description": "Add an S3 bucket to the existing logging account.", + "operationId": "saveBucket", + "parameters": [ + { + "name": "loggingAccountId", + "in": "path", + "description": "AWS Logging Account ID", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "$ref": "#/components/requestBodies/BucketModel" + }, + "responses": { + "200": { + "description": "Successfully saved bucket", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/BucketModel" + } + } + } + }, + "400": { + "description": "Bad Request. Data validation failed." + }, + "401": { + "description": "Unauthorized Access" + }, + "404": { + "description": "Account not found." + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}/buckets/{bucketName}": { + "get": { + "tags": [ + "AWS Logging Accounts" + ], + "summary": "Get all S3 Buckets", + "description": "Get the list of all S3 bucket and its details associated with a logging account.", + "operationId": "getBucketDetails", + "parameters": [ + { + "name": "loggingAccountId", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "bucketName", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successfully retrieved bucket", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/BucketModel" + } + } + } + }, + "401": { + "description": "Unauthorized Access" + }, + "404": { + "description": "Resource not found" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + }, + "put": { + "tags": [ + "AWS Logging Accounts" + ], + "summary": "Update S3 Bucket Details", + "description": "Update details of an S3 bucket associated to a specific logging account.", + "operationId": "updateBucket", + "parameters": [ + { + "name": "loggingAccountId", + "in": "path", + "description": "AWS Logging Account ID", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "bucketName", + "in": "path", + "description": "AWS S3 Bucket Name", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "$ref": "#/components/requestBodies/BucketModel" + }, + "responses": { + "200": { + "description": "Successfully updated bucket", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/BucketModel" + } + } + } + }, + "400": { + "description": "Bad Request. Data validation failed." + }, + "401": { + "description": "Unauthorized Access" + }, + "404": { + "description": "Account or bucket not found." + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + } + }, + "servers": [ + { + "url": "https://api.prismacloud.io" + }, + { + "url": "https://api2.prismacloud.io" + }, + { + "url": "https://api3.prismacloud.io" + }, + { + "url": "https://api4.prismacloud.io" + }, + { + "url": "https://api.anz.prismacloud.io" + }, + { + "url": "https://api.eu.prismacloud.io" + }, + { + "url": "https://api2.eu.prismacloud.io" + }, + { + "url": "https://api.gov.prismacloud.io" + }, + { + "url": "https://api.prismacloud.cn" + }, + { + "url": "https://api.ca.prismacloud.io" + }, + { + "url": "https://api.sg.prismacloud.io" + }, + { + "url": "https://api.uk.prismacloud.io" + }, + { + "url": "https://api.ind.prismacloud.io" + }, + { + "url": "https://api.jp.prismacloud.io" + }, + { + "url": "https://api.fr.prismacloud.io" + } + ], + "components": { + "requestBodies": { + "LoggingAccountCFTRequest": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/LoggingAccountCFTRequest" + } + } + }, + "description": "Logging Account CFT", + "required": true + }, + "GcpCloudAccountRequestModel": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/GcpCloudAccountRequestModel" + } + } + }, + "description": "Cloud Account", + "required": true + }, + "AwsCloudAccountRequestModel": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AwsCloudAccountRequestModel" + } + } + } + }, + "AzureCloudAccountRequestModel": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AzureCloudAccountRequestModel" + } + } + }, + "description": "Cloud Account", + "required": true + }, + "BucketModel": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/BucketModel" + } + } + } + }, + "AwsCloudAccountRequestModel2": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AwsCloudAccountRequestModel" + } + } + }, + "description": "Cloud Account", + "required": true + }, + "LoggingArchiveAccountModel": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/LoggingArchiveAccountModel" + } + } + } + }, + "get-ancestors-for-given-members-ous-legacyBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "additionalProperties": { + "type": "object" + } + } + } + }, + "description": "Cloud Account JSON", + "required": true + }, + "GcpResourceControllerRequestModel": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/GcpResourceControllerRequestModel" + } + } + }, + "description": "The content of the credentials object is the Service Account Key for your Google Cloud service account", + "required": true + }, + "get-cloud-account-statusBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "additionalProperties": { + "type": "object" + } + } + } + } + }, + "add-cloud-accountBody": { + "content": { + "application/json": { "schema": { "type": "object", "additionalProperties": { @@ -2498,7 +3068,7 @@ "type": "array", "description": "*Applicable only for accountType: **organization**.*\n\n Include/Exclude a list of AWS Organization Units (OU), AWS accounts, and AWS Organizations to onboard under this organization.", "items": { - "$ref": "#/components/schemas/HierarchySelection" + "$ref": "#/components/schemas/AwsHierarchySelectionModel" } }, "customMemberRoleNameEnabled": { @@ -2594,6 +3164,35 @@ } ] }, + "AwsHierarchySelectionModel": { + "type": "object", + "properties": { + "resourceId": { + "type": "string", + "example": "root", + "description": "To get the list of resource IDs and its details, Refer [List Children of Parent (AWS)](/prisma-cloud/api/cspm/get-list-of-children-under-parent-aws/) " + }, + "displayName": { + "type": "string", + "example": "Root", + "description": "To get the display name of resource, Refer [List Children of Parent (AWS)](/prisma-cloud/api/cspm/get-list-of-children-under-parent-aws/)" + }, + "nodeType": { + "type": "string", + "description": "Member account node type. Supported values are ORG, OU or ACCOUNT" + }, + "selectionType": { + "type": "string", + "description": "Organization Member accounts Selection type. \n\n**ALL**: Include the resource and all its children \n\n**INCLUDE**: Include the specified resource\n\n**EXCLUDE**: Exclude the specified resource", + "enum": [ + "ALL", + "INCLUDE", + "EXCLUDE" + ] + } + }, + "description": "Model for HierarchySelection for Aws" + }, "AwsListChildrenApiResponseModel": { "type": "object", "properties": { @@ -2885,7 +3484,7 @@ "type": "array", "description": "*Required only for accountType: **tenant**.*\n\n Include or Exclude a list of Azure Management Groups and Azure Subscriptions to onboard under this Tenant.", "items": { - "$ref": "#/components/schemas/HierarchySelection" + "$ref": "#/components/schemas/AzureHierarchySelectionModel" } }, "rootSyncEnabled": { @@ -2970,6 +3569,35 @@ }, "description": "Model for AzureNode in the Tenant Hierarchy" }, + "AzureHierarchySelectionModel": { + "type": "object", + "properties": { + "resourceId": { + "type": "string", + "example": "root", + "description": "To get the list of resource IDs and its details, Refer [List Children of Parent (Azure)](/prisma-cloud/api/cspm/list-children-under-parent/) " + }, + "displayName": { + "type": "string", + "example": "Root", + "description": "To get the display name of resource, Refer [List Children of Parent (Azure)](/prisma-cloud/api/cspm/list-children-under-parent/)" + }, + "nodeType": { + "type": "string", + "description": "Member account node type. Supported values are SUBSCRIPTION, MANAGEMENT_GROUP, or TENANT" + }, + "selectionType": { + "type": "string", + "description": "Organization Member accounts Selection type. \n\n**ALL**: Include the resource and all its children \n\n**INCLUDE**: Include the specified resource\n\n**EXCLUDE**: Exclude the specified resource", + "enum": [ + "ALL", + "INCLUDE", + "EXCLUDE" + ] + } + }, + "description": "Model for HierarchySelection for Azure" + }, "AzureListChildrenRequestModel": { "type": "object", "required": [ @@ -3225,47 +3853,34 @@ "type": "string" } }, - "storageScanEnabled": { - "type": "boolean", - "description": "Storage Scan Enabled" - }, - "deploymentType": { - "type": "string", - "description": "Deployment Type", - "enum": [ - "AZURE", - "AZURE_GOVERNMENT", - "AZURE_CHINA", - "AWS", - "AWS_GOVERNMENT", - "AWS_CHINA", - "OCI", - "OCI_GOVERNMENT", - "OCI_CHINA", - "GCP", - "GCP_GOVERNMENT", - "GCP_CHINA", - "ALIBABA_CLOUD", - "ALIBABA_CLOUD_GOVERNMENT", - "ALIBABA_CLOUD_CHINA", - "ALIBABA_CLOUD_FINANCE" - ] - }, - "accountGroupInfos": { + "features": { "type": "array", - "description": "Account group details of groups associated with this account", + "description": "Features", + "uniqueItems": true, "items": { - "$ref": "#/components/schemas/AccountGroupInfo" + "$ref": "#/components/schemas/Feature" } }, - "autoConsent": { - "type": "string" + "name": { + "type": "string", + "description": "Name" + }, + "enabled": { + "type": "boolean", + "description": "Enabled" }, "associatedAccountGroupsCount": { "type": "integer", "format": "int32", "description": "Associated Account Groups Count with this cloud account" }, + "storageScanEnabled": { + "type": "boolean", + "description": "Storage Scan Enabled" + }, + "autoConsent": { + "type": "string" + }, "storageUUID": { "type": "string", "description": "Storage UUID" @@ -3274,6 +3889,13 @@ "type": "string", "description": "Cloud account owner" }, + "accountGroupInfos": { + "type": "array", + "description": "Account group details of groups associated with this account", + "items": { + "$ref": "#/components/schemas/AccountGroupInfo" + } + }, "cloudAccountOwnerCount": { "type": "integer", "format": "int32", @@ -3283,21 +3905,27 @@ "parentAccountId": { "type": "string" }, - "features": { - "type": "array", - "description": "Features", - "uniqueItems": true, - "items": { - "$ref": "#/components/schemas/Feature" - } - }, - "name": { + "deploymentType": { "type": "string", - "description": "Name" - }, - "enabled": { - "type": "boolean", - "description": "Enabled" + "description": "Deployment Type", + "enum": [ + "AZURE", + "AZURE_GOVERNMENT", + "AZURE_CHINA", + "AWS", + "AWS_GOVERNMENT", + "AWS_CHINA", + "OCI", + "OCI_GOVERNMENT", + "OCI_CHINA", + "GCP", + "GCP_GOVERNMENT", + "GCP_CHINA", + "ALIBABA_CLOUD", + "ALIBABA_CLOUD_GOVERNMENT", + "ALIBABA_CLOUD_CHINA", + "ALIBABA_CLOUD_FINANCE" + ] }, "accountId": { "type": "string", @@ -3559,6 +4187,27 @@ }, "description": "The content of the credentials object is the Service Account Key for your Google Cloud service account" }, + "CustomTimeRangeConfigModel": { + "allOf": [ + { + "$ref": "#/components/schemas/TimeRangeConfigModel" + }, + { + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "integer", + "format": "int64", + "description": "Time range object" + } + }, + "description": "Model for CustomTimeRangeConfig" + } + ] + }, "Feature": { "type": "object", "properties": { @@ -3637,16 +4286,16 @@ "type": "string", "readOnly": true }, - "authenticationType": { - "type": "string", - "readOnly": true - }, "cloudAccount": { "$ref": "#/components/schemas/GcpAccountViewModel" }, "clientEmail": { "type": "string", "readOnly": true + }, + "authenticationType": { + "type": "string", + "readOnly": true } } }, @@ -3848,7 +4497,7 @@ "type": "array", "description": "Applicable only if `accountType` is **organization**. \n\nInclude/Exclude a list of GCP folders, GCP projects under the organization.", "items": { - "$ref": "#/components/schemas/HierarchySelection" + "$ref": "#/components/schemas/GcpHierarchySelectionModel" } }, "organizationName": { @@ -3931,6 +4580,35 @@ } ] }, + "GcpHierarchySelectionModel": { + "type": "object", + "properties": { + "resourceId": { + "type": "string", + "example": "root", + "description": "To get the list of resource IDs and its details, Refer [List Children of Parent (GCP)](/prisma-cloud/api/cspm/get-list-of-children-under-parent/) " + }, + "displayName": { + "type": "string", + "example": "Root", + "description": "To get the display name of resource, Refer [List Children of Parent (GCP)](/prisma-cloud/api/cspm/get-list-of-children-under-parent/). Display name is the organization name if `nodeType` is **ORG**" + }, + "nodeType": { + "type": "string", + "description": "Member account node type. Supported values are ORG, FOLDER, or PROJECT" + }, + "selectionType": { + "type": "string", + "description": "Organization Member accounts Selection type. \n\n**ALL**: Include the resource and all its children \n\n**INCLUDE**: Include the specified resource\n\n**EXCLUDE**: Exclude the specified resource", + "enum": [ + "ALL", + "INCLUDE", + "EXCLUDE" + ] + } + }, + "description": "Model for HierarchySelection for GCP" + }, "GcpNodeModel": { "type": "object", "properties": { diff --git a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv index d8e02342f..d69a11473 100644 --- a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv +++ b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv @@ -118,7 +118,7 @@ "get","/asm/api/v1/asset/vulnerability","Get Impacted Distros for a Vulnerability","vulnerability","Discovery and Exposure Management","CDEMMicroServices.json" "get","/asm/api/v1/asset/snoozed-regex","Get Snooze Regex Pattern","list-snoozed-pattern","Discovery and Exposure Management","CDEMMicroServices.json" "get","/asm/api/v1/asset/filters","Get Asset Filters","get-asset-filters","Discovery and Exposure Management","CDEMMicroServices.json" -"get","/account/{accountId}/config/status","List Account Status Details","list-cloud-account-status-details","Cloud Accounts (All)","CloudAccountOnboardingMicroServices.json" +"get","/account/{accountId}/config/status","Get Account Status","list-cloud-account-status-details","Cloud Accounts (All)","CloudAccountOnboardingMicroServices.json" "post","/cas/v1/aws_account","Add Cloud Account (AWS)","add-aws-cloud-account","Cloud Accounts (AWS)","CloudAccountOnboardingMicroServices.json" "post","/cas/v1/aws_account/{account_id}/ancestors","List Ancestors (AWS)","get-ancestors-for-given-members-ous","Cloud Accounts (AWS)","CloudAccountOnboardingMicroServices.json" "put","/cas/v1/aws_account/{id}","Update Cloud Account (AWS)","update-aws-cloud-account","Cloud Accounts (AWS)","CloudAccountOnboardingMicroServices.json" @@ -130,7 +130,7 @@ "post","/cas/v1/cloud_account/status/gcp","Get Cloud Account Status (GCP)","get-gcp-cloud-account-status","Cloud Accounts (GCP)","CloudAccountOnboardingMicroServices.json" "post","/cas/v1/gcp_account","Add Cloud Account (GCP)","add-gcp-cloud-account","Cloud Accounts (GCP)","CloudAccountOnboardingMicroServices.json" "put","/cas/v1/gcp_account/{id}","Update Cloud Account (GCP)","update-gcp-cloud-account","Cloud Accounts (GCP)","CloudAccountOnboardingMicroServices.json" -"get","/cloud","List Cloud Accounts","get-cloud-accounts","Cloud Accounts (All)","CloudAccountOnboardingMicroServices.json" +"get","/cloud","Get all Cloud Accounts","get-cloud-accounts","Cloud Accounts (All)","CloudAccountOnboardingMicroServices.json" "post","/cloud-accounts-manager/v1/cloudAccounts/awsAccounts/{account_id}/ancestors","List Ancestors (AWS) - Legacy","get-ancestors-for-given-members-ous-legacy","Cloud Accounts (AWS)","CloudAccountOnboardingMicroServices.json" "post","/cloud-accounts-manager/v1/cloudAccounts/awsAccounts/{parent_id}/children","List Children of Parent (AWS) - Legacy","get-list-of-children-under-parent-aws-legacy","Cloud Accounts (AWS)","CloudAccountOnboardingMicroServices.json" "post","/cloud-accounts-manager/v1/cloudAccounts/azureAccounts/{account_id}/ancestors","List Ancestors (Azure)","get-ancestors-for-given-subscriptions-and-management-groups","Cloud Accounts (Azure)","CloudAccountOnboardingMicroServices.json" @@ -149,10 +149,22 @@ "get","/cloud/{cloud_type}/{id}","Get Cloud Account Details","get-cloud-account","Cloud Accounts (All)","CloudAccountOnboardingMicroServices.json" "put","/cloud/{cloud_type}/{id}","Update Cloud Account (OCI and Alibaba)","update-cloud-account","Cloud Accounts (OCI and Alibaba)","CloudAccountOnboardingMicroServices.json" "delete","/cloud/{cloud_type}/{id}","Delete Cloud Account","delete-cloud-account","Cloud Accounts (All)","CloudAccountOnboardingMicroServices.json" -"patch","/cloud/{cloud_type}/{id}","Patch Cloud Account","patch-cloud-account","Cloud Accounts (All)","CloudAccountOnboardingMicroServices.json" -"get","/cloud/{cloud_type}/{id}/project","List Cloud Org Accounts","get-cloud-org-accounts","Cloud Accounts (All)","CloudAccountOnboardingMicroServices.json" +"patch","/cloud/{cloud_type}/{id}","Update Cloud Account Details","patch-cloud-account","Cloud Accounts (All)","CloudAccountOnboardingMicroServices.json" +"get","/cloud/{cloud_type}/{id}/project","Get Cloud Org Accounts","get-cloud-org-accounts","Cloud Accounts (All)","CloudAccountOnboardingMicroServices.json" "get","/cloud/{id}/owners","List Cloud Account Owners","get-cloud-account-owners","Cloud Accounts (All)","CloudAccountOnboardingMicroServices.json" "patch","/cloud/{id}/status/{enabled}","Update Cloud Account Status","update-cloud-account-status","Cloud Accounts (All)","CloudAccountOnboardingMicroServices.json" +"get","/v1/cloudAccounts/awsLoggingAccounts","Get all AWS Logging Accounts","getLoggingArchiveAccounts","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" +"post","/v1/cloudAccounts/awsLoggingAccounts","Add AWS Logging Account","saveLoggingAccount","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" +"post","/v1/cloudAccounts/awsLoggingAccounts/cft","Generate a New CFT Template","generate-log-account-cft","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" +"post","/v1/cloudAccounts/awsLoggingAccounts/permissionsStatus","Get Logging Account Status","checkLoggingAccountStatus","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" +"delete","/v1/cloudAccounts/awsLoggingAccounts/{accountId}/buckets/{bucketName}","Delete an S3 bucket","deleteBucket","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" +"get","/v1/cloudAccounts/awsLoggingAccounts/{accountId}/cft","Regenerate CFT for an Existing Account","generate-log-account-cft-existing","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" +"get","/v1/cloudAccounts/awsLoggingAccounts/{accountId}/role/{roleName}/externalId","Get External ID of an Account","Get External ID ","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" +"put","/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}","Update Logging Account","updateLoggingAccount","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" +"get","/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}/buckets","List S3 Bucket Names","getBuckets","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" +"post","/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}/buckets","Add an S3 bucket","saveBucket","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" +"get","/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}/buckets/{bucketName}","Get all S3 Buckets","getBucketDetails","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" +"put","/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}/buckets/{bucketName}","Update S3 Bucket Details","updateBucket","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" "post","/dlp/api/v1/config/awsorg/status","Check Data Security Preconditions (AWS Org)","get-status-for-org","Cloud Accounts (AWS)","Monolith" "post","/dlp/api/config/v2","Add Data Security Config (AWS Org)","onboard-aws-org-scan","Cloud Accounts (AWS)","Monolith" "put","/dlp/api/config/v2","Update Data Security Config (AWS Org)","update-aws-org-scan-config","Cloud Accounts (AWS)","Monolith" From 6627ff65e7127df78b40becee765df862ac77ef5 Mon Sep 17 00:00:00 2001 From: AbiMano4688 Date: Tue, 17 Sep 2024 15:40:14 +0530 Subject: [PATCH 6/9] new UVE POST APIs --- .../cspm/UVEDashboardMicroService.json | 3787 ++++++++++------- .../cspm/consolidated_spec/all_endpoints.csv | 30 +- 2 files changed, 2377 insertions(+), 1440 deletions(-) diff --git a/openapi-specs/cspm/UVEDashboardMicroService.json b/openapi-specs/cspm/UVEDashboardMicroService.json index cc4f760ec..bdaed5b49 100644 --- a/openapi-specs/cspm/UVEDashboardMicroService.json +++ b/openapi-specs/cspm/UVEDashboardMicroService.json @@ -1,73 +1,42 @@ { "openapi": "3.0.0", "info": { - "title": "Vulnerability Dashboard API", - "version": "1.0.0" + "description": "UVE Dashboard Widgets", + "version": "1.0", + "title": "UVE Doc" }, - "tags": [ - { - "name": "Vulnerabilities Dashboard", - "description": "Vulnerabilities Dashboard(UVE) gives you a holistic graphical view of all the vulnerabilities across your Code to Cloud environment. The APIs in this section helps you to get the details that are displayed in the Vulnerabilities Dashboard widget based on various filters. You can asses the vulnerabilities and create request to remediate or mitigate the vulnerability. For more information about the Vulnerabilities Dashboard, see [Vulnerabilities Dashboard](https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/dashboards-vulnerabilities). \n>**Note:** You need specific access permission to use the endpoints in this category. For details on the required permissions, see the respective endpoint description. " - } - ], "paths": { - "/uve/api/v1/dashboard/vulnerabilities/overview": { - "get": { - "deprecated": true, - "summary": "Get Vulnerability Overview", - "description": "Returns a summary of the total vulnerabilities in your environment which is further divided into Vulnerabilities by Asset and Vulnerabilities that have already been remediated.\n:::info\n **Replacement  Endpoint: [Get Vulnerability Overview V3](/prisma-cloud/api/cspm/vulnerability-dashboard-overview-v-3/)**\n:::\n\n \n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "/trace/api/v1/asset": { + "post": { "tags": [ "Vulnerabilities Dashboard" ], - "operationId": "vulnerability-dashboard-overview", - "parameters": [ - { - "name": "asset_type", - "in": "query", - "required": true, - "description": "Type of Asset", - "schema": { - "type": "string", - "enum": [ - "iac", - "package", - "deployedImage", - "serverlessFunction", - "host", - "registryImage", - "vmImage" - ] - } - }, - { - "name": "life_cycle", - "in": "query", - "description": "Life Cycle stage", - "required": true, - "schema": { - "type": "string", - "enum": [ - "code", - "build", - "deploy", - "run" - ] + "summary": "Get C2C Trace Asset Graph", + "description": "Returns the relation between the assets from code to cloud stages\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "operationId": "c2c-trace-api", + "parameters": [], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CBDRAssetTraceRequest" + } } } - ], + }, "responses": { "200": { - "description": "Successful response", + "description": "Success", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/OverviewWidget" + "$ref": "#/components/schemas/AssetTraceGraphView" } } } }, "400": { - "description": "Bad Request", + "description": "Bad request", "content": { "application/json": { "schema": { @@ -87,7 +56,7 @@ } }, "403": { - "description": "Forbidden", + "description": "User doesn't have required role", "content": { "application/json": { "schema": { @@ -97,7 +66,7 @@ } }, "429": { - "description": "Too Many Requests", + "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { @@ -107,37 +76,107 @@ } } }, - "x-public": "true", - "x-ga": "24.1.1", "security": [ { "x-redlock-auth": [] } - ] + ], + "x-public": "true" } }, - "/uve/api/v2/dashboard/vulnerabilities/overview": { + "/uve/api/v1/cve-overview": { "get": { - "deprecated": true, - "summary": "Get Vulnerability Overview V2", - "description": "Returns a summary of the total runtime vulnerabilities in your environment which is further divided into runtime Vulnerabilities by Asset and Vulnerabilities that have already been remediated.\n:::info\n **Replacement  Endpoint: [Get Vulnerability Overview V3](/prisma-cloud/api/cspm/vulnerability-dashboard-overview-v-3/)**\n:::\n\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "tags": [ "Vulnerabilities Dashboard" ], - "operationId": "vulnerability-dashboard-overview-v2", + "summary": "Get Cve Overview V2", + "description": "Get the detailed information for a given cve. This endpoint returns additional information, such as EPSS details, CVSS details, exploit details, and environment factors, compared to the [Get CVE Overview](https://pan.dev/prisma-cloud/api/cspm/cve-overview/) endpoint. \\n:::info\\n **Replacement Endpoint: [Get CVE Overview - POST](/prisma-cloud/api/cspm/cve-overview-v-3/)**\\n:::\\n\\n", + "operationId": "cve-overview-v-2", + "parameters": [ + { + "name": "cve_id", + "in": "query", + "description": "CVE ID", + "required": true, + "example": "CVE-2021-44288", + "schema": { + "type": "string" + } + }, + { + "name": "asset_type", + "in": "query", + "description": "Asset Type", + "required": false, + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "package", + "iac", + "deployedImage", + "vmImage", + "registryImage", + "host", + "serverlessFunction" + ] + } + } + }, + { + "name": "life_cycle", + "in": "query", + "description": "Life Cycle", + "required": false, + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "code", + "build", + "deploy", + "run" + ] + } + } + }, + { + "name": "severities", + "in": "query", + "description": "Severity", + "required": false, + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "critical", + "medium", + "high", + "low" + ] + } + } + } + ], "responses": { "200": { - "description": "Successful response", + "description": "Success", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/OverviewWidgetV2" + "$ref": "#/components/schemas/CveOverviewV2" } } } }, "400": { - "description": "Bad Request", + "description": "Bad request", "content": { "application/json": { "schema": { @@ -157,7 +196,7 @@ } }, "403": { - "description": "Forbidden", + "description": "User doesn't have required role", "content": { "application/json": { "schema": { @@ -167,7 +206,7 @@ } }, "429": { - "description": "Too Many Requests", + "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { @@ -177,86 +216,108 @@ } } }, - "x-public": "true", - "x-ga": "24.2.1", "security": [ { "x-redlock-auth": [] } - ] + ], + "deprecated": true, + "x-public": "true" } }, - "/uve/api/v3/dashboard/vulnerabilities/overview": { + "/uve/api/v1/dashboard/vulnerabilities/cve-overview": { "get": { - "summary": "Get Vulnerability Overview V3", - "description": "Returns a summary of the total unique vulnerabilities, the count of vulnerabilities, and the count of remediated vulnerabilities, including a breakdown by severity for each category. The percentage reflects the change between the current data and the data from seven days prior. \n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "tags": [ "Vulnerabilities Dashboard" ], - "operationId": "vulnerability-dashboard-overview-v3", + "summary": "Get Cve Overview", + "description": "Get the overview of the CVE with its CVSS score, the impacted stages, severity, risk factors, the package name, and the distributions affected by this CVE. \\n:::info\\n **Replacement Endpoint: [Get CVE Overview - POST](/prisma-cloud/api/cspm/cve-overview-v-3/)**\\n:::\\n\\n", + "operationId": "cve-overview", "parameters": [ + { + "name": "cve_id", + "in": "query", + "description": "CVE ID", + "required": true, + "example": "CVE-2021-44288", + "schema": { + "type": "string" + } + }, { "name": "asset_type", "in": "query", + "description": "Asset Type", "required": false, - "description": "Type of Asset", + "explode": true, "schema": { - "type": "string", - "enum": [ - "iac", - "package", - "deployedImage", - "serverlessFunction", - "host", - "registryImage", - "vmImage" - ] + "type": "array", + "items": { + "type": "string", + "enum": [ + "package", + "iac", + "deployedImage", + "vmImage", + "registryImage", + "host", + "serverlessFunction" + ] + } } }, { "name": "life_cycle", "in": "query", - "description": "Life Cycle stage", + "description": "Life Cycle", "required": false, + "explode": true, "schema": { - "type": "string", - "enum": [ - "code", - "build", - "deploy", - "run" - ] + "type": "array", + "items": { + "type": "string", + "enum": [ + "code", + "build", + "deploy", + "run" + ] + } } }, { "name": "severities", "in": "query", + "description": "Severity", "required": false, + "explode": true, "schema": { - "type": "string", - "enum": [ - "low", - "medium", - "high", - "critical" - ] - }, - "description": "Severity" + "type": "array", + "items": { + "type": "string", + "enum": [ + "critical", + "medium", + "high", + "low" + ] + } + } } ], "responses": { "200": { - "description": "Successful response", + "description": "Success", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/OverviewWidgetV3" + "$ref": "#/components/schemas/CveOverview" } } } }, "400": { - "description": "Bad Request", + "description": "Bad request", "content": { "application/json": { "schema": { @@ -276,7 +337,7 @@ } }, "403": { - "description": "Forbidden", + "description": "User doesn't have required role", "content": { "application/json": { "schema": { @@ -286,7 +347,7 @@ } }, "429": { - "description": "Too Many Requests", + "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { @@ -296,71 +357,98 @@ } } }, - "x-public": "true", "security": [ { "x-redlock-auth": [] } - ] + ], + "deprecated": true, + "x-public": "true" } }, - "/uve/api/v1/dashboard/vulnerabilities/prioritised": { + "/uve/api/v1/dashboard/vulnerabilities/impact-stage": { "get": { - "deprecated": true, - "summary": "Get Prioritized Vulnerabilities", - "description": "Returns the top-priority vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use. \n:::info\n **Replacement  Endpoint: [Get Prioritized Vulnerabilities V4](/prisma-cloud/api/cspm/prioritised-vulnerability-v-4/)**\n:::\n\n \n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "tags": [ "Vulnerabilities Dashboard" ], - "operationId": "prioritised-vulnerability", + "summary": "Get Vulnerability Impact by Stage", + "description": "Returns a summary of vulnerability across app stages of your application lifecycle. \\n:::info\\n **Replacement Endpoint: [Get Vulnerability Impact by Stage - POST](/prisma-cloud/api/cspm/vulnerability-impact-by-stage-v-2/)**\\n:::\\n\\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "operationId": "vulnerability-impact-by-stage", "parameters": [ { "name": "asset_type", - "description": "Type of Asset", "in": "query", - "required": true, + "description": "Asset Type", + "required": false, + "explode": true, "schema": { - "type": "string", - "enum": [ - "iac", - "package", - "deployedImage", - "serverlessFunction", - "host", - "registryImage", - "vmImage" - ] + "type": "array", + "items": { + "type": "string", + "enum": [ + "package", + "iac", + "deployedImage", + "vmImage", + "registryImage", + "host", + "serverlessFunction" + ] + } } }, { "name": "life_cycle", - "description": "Life Cycle stage", "in": "query", - "required": true, + "description": "Life Cycle", + "required": false, + "explode": true, "schema": { - "type": "string", - "enum": [ - "code", - "build", - "deploy", - "run" - ] + "type": "array", + "items": { + "type": "string", + "enum": [ + "code", + "build", + "deploy", + "run" + ] + } + } + }, + { + "name": "severities", + "in": "query", + "description": "Severity", + "required": false, + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "critical", + "medium", + "high", + "low" + ] + } } } ], "responses": { "200": { - "description": "Successful response", + "description": "Success", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PrioritizedVulnerabilities" + "$ref": "#/components/schemas/ImpactByStageResponse" } } } }, "400": { - "description": "Bad Request", + "description": "Bad request", "content": { "application/json": { "schema": { @@ -380,7 +468,7 @@ } }, "403": { - "description": "Forbidden", + "description": "User doesn't have required role", "content": { "application/json": { "schema": { @@ -390,7 +478,7 @@ } }, "429": { - "description": "Too Many Requests", + "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { @@ -400,72 +488,89 @@ } } }, - "x-public": "true", - "x-ga": "24.1.1", "security": [ { "x-redlock-auth": [] } - ] + ], + "deprecated": true, + "x-public": "true" } }, - "/uve/api/v2/dashboard/vulnerabilities/prioritised": { + "/uve/api/v1/dashboard/vulnerabilities/overview": { "get": { - "deprecated": true, - "summary": "Get Prioritized Vulnerabilities V2", - "description": "Returns the top-priority unique vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use along with the number of assets they occur in.\n:::info\n **Replacement  Endpoint: [Get Prioritized Vulnerabilities V4](/prisma-cloud/api/cspm/prioritised-vulnerability-v-4/)**\n:::\n\n \n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "tags": [ "Vulnerabilities Dashboard" ], - "operationId": "prioritised-vulnerability-v2", + "summary": "Get Vulnerability Overview", + "description": "Returns a summary of the total vulnerabilities in your environment which is further divided into Vulnerabilities by Asset and Vulnerabilities that have already been remediated. \\n:::info\\n **Replacement Endpoint: [Get CVE Overview - POST](/prisma-cloud/api/cspm/vulnerability-dashboard-overview-v-4/)**\\n:::\\n\\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "operationId": "vulnerability-dashboard-overview", "parameters": [ { "name": "asset_type", - "description": "Type of Asset", "in": "query", - "required": true, + "description": "Asset Type", + "required": false, + "explode": true, "schema": { - "type": "string", - "enum": [ - "iac", - "package", - "deployedImage", - "serverlessFunction", - "host", - "registryImage", - "vmImage" - ] + "type": "array", + "items": { + "type": "string", + "enum": [ + "package", + "iac", + "deployedImage", + "vmImage", + "registryImage", + "host", + "serverlessFunction" + ] + } } }, { "name": "life_cycle", - "description": "Life Cycle stage", "in": "query", - "required": true, + "description": "Life Cycle", + "required": false, + "explode": true, "schema": { - "type": "string", - "enum": [ - "code", - "build", - "deploy", - "run" - ] + "type": "array", + "items": { + "type": "string", + "enum": [ + "code", + "build", + "deploy", + "run" + ] + } + } + }, + { + "name": "risk_factors", + "in": "query", + "description": "Risk Factors", + "required": false, + "example": "Critical severity, Package in use", + "schema": { + "type": "ref" } } ], "responses": { "200": { - "description": "Successful response", + "description": "Success", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PrioritizedVulnerabilitiesV2" + "$ref": "#/components/schemas/OverviewWidget" } } } }, "400": { - "description": "Bad Request", + "description": "Bad request", "content": { "application/json": { "schema": { @@ -485,7 +590,7 @@ } }, "403": { - "description": "Forbidden", + "description": "User doesn't have required role", "content": { "application/json": { "schema": { @@ -495,7 +600,7 @@ } }, "429": { - "description": "Too Many Requests", + "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { @@ -505,72 +610,80 @@ } } }, - "x-public": "true", - "x-ga": "24.1.2", "security": [ { "x-redlock-auth": [] } - ] + ], + "deprecated": true, + "x-public": "true" } }, - "/uve/api/v3/dashboard/vulnerabilities/prioritised": { + "/uve/api/v1/dashboard/vulnerabilities/prioritised": { "get": { - "deprecated": true, - "summary": "Get Prioritized Vulnerabilities V3", - "description": "Returns the top-priority unique vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use along with the number of assets they occur in.\n This endpoint also returns vulnerabilities based on internet exposure, in addition to those from [Get Prioritized Vulnerabilities V2](https://pan.dev/prisma-cloud/api/cspm/prioritised-vulnerability-v-2/). \n:::info\n **Replacement  Endpoint: [Get Prioritized Vulnerabilities V4](/prisma-cloud/api/cspm/prioritised-vulnerability-v-4/)**\n:::\n\n \n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled. ", "tags": [ "Vulnerabilities Dashboard" ], - "operationId": "prioritised-vulnerability-v3", + "summary": "Get Prioritized Vulnerabilities V1", + "description": "Returns the count of top-priority vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use. \\n:::info\\n **Replacement Endpoint: [Get Prioritized Vulnerabilities - POST](/prisma-cloud/api/cspm/prioritised-vulnerability-v-5/)**\\n:::\\n\\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "operationId": "prioritised-vulnerability", "parameters": [ { "name": "asset_type", - "description": "Type of Asset", "in": "query", - "required": true, + "description": "Asset Type", + "required": false, + "example": "packages,serverless", + "explode": true, "schema": { - "type": "string", - "enum": [ - "iac", - "package", - "deployedImage", - "serverlessFunction", - "host", - "registryImage", - "vmImage" - ] + "type": "array", + "items": { + "type": "string" + } } }, { "name": "life_cycle", - "description": "Life Cycle stage", "in": "query", - "required": true, + "description": "Life Cycle", + "required": false, + "example": "code,build,deploy,run", + "explode": true, "schema": { - "type": "string", - "enum": [ - "code", - "build", - "deploy", - "run" - ] + "type": "array", + "items": { + "type": "string" + } + } + }, + { + "name": "risk_factors", + "in": "query", + "description": "Risk Factors", + "required": false, + "example": "Critical severity, Package in use", + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "string" + } } } ], "responses": { "200": { - "description": "Successful response", + "description": "Success", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PrioritizedVulnerabilitiesV3" + "$ref": "#/components/schemas/PrioritizedVulnerabilities" } } } }, "400": { - "description": "Bad Request", + "description": "Bad request", "content": { "application/json": { "schema": { @@ -590,7 +703,7 @@ } }, "403": { - "description": "Forbidden", + "description": "User doesn't have required role", "content": { "application/json": { "schema": { @@ -600,7 +713,7 @@ } }, "429": { - "description": "Too Many Requests", + "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { @@ -610,70 +723,64 @@ } } }, - "x-public": "true", "security": [ { "x-redlock-auth": [] } - ] + ], + "deprecated": true, + "x-public": "true" } }, - "/uve/api/v4/dashboard/vulnerabilities/prioritised": { + "/uve/api/v1/dashboard/vulnerabilities/prioritised-vuln": { "get": { - "summary": "Get Prioritized Vulnerabilities V4", - "description": "Returns the top-priority vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use along with the number of assets they occur in. \n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled. ", "tags": [ "Vulnerabilities Dashboard" ], - "operationId": "prioritised-vulnerability-v4", + "summary": "Get Top Impacting Vulnerabilities", + "description": "Returns the CVEs of top critical vulnerabilities in your environment based on the risk score. Each CVE includes risk factors, severity, CVSS, risk factors, and assets impacted.\n:::info\n **Replacement Endpoint: [Get Top Impacting Vulnerabilities - POST](/prisma-cloud/api/cspm/top-prioritised-vulnerability-v-3/)**\n:::\n\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "operationId": "top-prioritised-vulnerability", "parameters": [ { - "name": "asset_type", - "description": "Type of Asset", + "name": "life_cycle", "in": "query", + "description": "Life Cycle", "required": true, + "example": "code,build,deploy,run", + "explode": true, "schema": { - "type": "string", - "enum": [ - "iac", - "package", - "deployedImage", - "serverlessFunction", - "host", - "registryImage", - "vmImage" - ] + "type": "array", + "items": { + "type": "string" + } } }, { - "name": "life_cycle", - "description": "Life Cycle stage", + "name": "topN", "in": "query", - "required": true, + "description": "TopN", + "required": false, + "example": 5, "schema": { - "type": "string", - "enum": [ - "code", - "build", - "deploy", - "run" - ] + "type": "integer", + "format": "int32", + "default": 5 } } ], "responses": { "200": { - "description": "Successful response", + "description": "Success", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PrioritizedVulnerabilitiesV3" + "$ref": "#/components/schemas/TopPrioritizedVulnerabilities" } } } }, "400": { - "description": "Bad Request", + "description": "Bad request", "content": { "application/json": { "schema": { @@ -693,7 +800,7 @@ } }, "403": { - "description": "Forbidden", + "description": "User doesn't have required role", "content": { "application/json": { "schema": { @@ -703,7 +810,7 @@ } }, "429": { - "description": "Too Many Requests", + "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { @@ -713,85 +820,39 @@ } } }, - "x-public": "true", "security": [ { "x-redlock-auth": [] } - ] + ], + "deprecated": true, + "x-public": "true" } }, - "/uve/api/v1/dashboard/vulnerabilities/impact-stage": { - "get": { - "summary": "Get Vulnerability Impact by Stage", - "description": "Returns a summary of vulnerability across app stages of your application lifecycle.\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "/uve/api/v1/dashboard/vulnerabilities/vuln-assets": { + "post": { "tags": [ "Vulnerabilities Dashboard" ], - "operationId": "vulnerability-impact-by-stage", - "parameters": [ - { - "name": "asset_type", - "description": "Type of Asset", - "in": "query", - "required": true, - "schema": { - "type": "string", - "enum": [ - "iac", - "package", - "deployedImage", - "serverlessFunction", - "host", - "registryImage", - "vmImage" - ] - } - }, - { - "name": "life_cycle", - "description": "Life Cycle stage", - "in": "query", - "required": true, - "schema": { - "type": "string", - "enum": [ - "code", - "build", - "deploy", - "run" - ] - } - }, - { - "name": "severities", - "in": "query", - "required": true, - "schema": { - "type": "string", - "enum": [ - "low", - "medium", - "high", - "critical" - ] - }, - "description": "Severity" - } - ], + "summary": "Get Vulnerable Assets by CVE", + "description": "Get the list of all the assets affected by the CVE. \\n:::info\\n **Replacement Endpoint: [Get Vulnerable Assets by CVE V2](/prisma-cloud/api/cspm/list-vulnerable-assets-cve-v-2/)**\\n:::\\n\\n", + "operationId": "list-vulnerable-assets-cve", + "requestBody": { + "$ref": "#/components/requestBodies/AssetsSearchRequest" + }, "responses": { "200": { - "description": "Successful response", + "description": "Success", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ImpactByStageResponse" + "$ref": "#/components/schemas/VulnAssetsSidecarResponse" } } } }, "400": { - "description": "Bad Request", + "description": "Bad request", "content": { "application/json": { "schema": { @@ -811,7 +872,7 @@ } }, "403": { - "description": "Forbidden", + "description": "User doesn't have required role", "content": { "application/json": { "schema": { @@ -821,7 +882,7 @@ } }, "429": { - "description": "Too Many Requests", + "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { @@ -831,165 +892,98 @@ } } }, - "x-public": "true", - "x-ga": "24.1.1", "security": [ { "x-redlock-auth": [] } - ] + ], + "deprecated": true, + "x-public": "true" } }, - "/uve/api/v1/dashboard/vulnerabilities/prioritised-vuln": { + "/uve/api/v1/dashboard/vulnerabilities/vulnerableAsset": { "get": { - "deprecated": true, - "summary": "Get Top Impacting Vulnerabilities", - "description": "Returns the CVEs of top critical vulnerabilities in your environment based on the risk score. Each CVE includes risk factors, severity, CVSS, risk factors, and assets impacted.\n:::info\n **Replacement  Endpoint: [Get Top Impacting Vulnerabilities V2](/prisma-cloud/api/cspm/top-prioritised-vulnerability-v-2/)**\n:::\n\n \n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "tags": [ "Vulnerabilities Dashboard" ], - "operationId": "top-prioritised-vulnerability", + "summary": "Get Vulnerable Assets", + "description": "Returns a summary of vulnerable assets and detailed vulnerability statistics, including the total number of vulnerabilities by severity, registry count, package count, repository count, and more, across different stages of your application lifecycle.\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "operationId": "vulnerable-assets", "parameters": [ { - "name": "life_cycle", - "description": "Life Cycle stage", - "in": "query", - "required": true, - "schema": { - "type": "string", - "enum": [ - "code", - "build", - "deploy", - "run" - ] - } - }, - { - "name": "top", + "name": "asset_type", "in": "query", - "required": true, + "description": "Asset Type", + "required": false, + "explode": true, "schema": { - "type": "integer", - "enum": [ - 5, - 10 - ] - }, - "description": "Number of results to be returned" - } - ], - "responses": { - "200": { - "description": "Successful response", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/TopPrioritizedVulnerabilities" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiErrorResponse" - } - } - } - }, - "401": { - "description": "Unauthorized", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiErrorResponse" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiErrorResponse" - } + "type": "array", + "items": { + "type": "string", + "enum": [ + "package", + "iac", + "deployedImage", + "vmImage", + "registryImage", + "host", + "serverlessFunction" + ] } } }, - "429": { - "description": "Too Many Requests", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ApiErrorResponse" - } - } - } - } - }, - "x-public": "true", - "security": [ - { - "x-redlock-auth": [] - } - ] - } - }, - "/uve/api/v2/dashboard/vulnerabilities/prioritised-vuln": { - "get": { - "summary": "Get Top Impacting Vulnerabilities V2", - "description": "Returns the CVEs of top critical vulnerabilities in your environment based on the risk score. Each CVE includes risk factors, epssScore, severity, CVSS, risk factors, and assets impacted.\n This endpoint returns the epss score details in addition to those from [Get Top Impacting Vulnerabilities](https://pan.dev/prisma-cloud/api/cspm/top-prioritised-vulnerability/). \n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", - "tags": [ - "Vulnerabilities Dashboard" - ], - "operationId": "top-prioritised-vulnerability-v2", - "parameters": [ { "name": "life_cycle", - "description": "Life Cycle stage", "in": "query", - "required": true, + "description": "Life Cycle", + "required": false, + "explode": true, "schema": { - "type": "string", - "enum": [ - "code", - "build", - "deploy", - "run" - ] + "type": "array", + "items": { + "type": "string", + "enum": [ + "code", + "build", + "deploy", + "run" + ] + } } }, { - "name": "top", + "name": "severities", "in": "query", - "required": true, + "description": "Severity", + "required": false, + "explode": true, "schema": { - "type": "integer", - "enum": [ - 5, - 10 - ] - }, - "description": "Number of results to be returned" + "type": "array", + "items": { + "type": "string", + "enum": [ + "critical", + "medium", + "high", + "low" + ] + } + } } ], "responses": { "200": { - "description": "Successful response", + "description": "Success", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/TopPrioritizedVulnerabilitiesV2" + "$ref": "#/components/schemas/VulnerableAsset" } } } }, "400": { - "description": "Bad Request", + "description": "Bad request", "content": { "application/json": { "schema": { @@ -1009,7 +1003,7 @@ } }, "403": { - "description": "Forbidden", + "description": "User doesn't have required role", "content": { "application/json": { "schema": { @@ -1019,7 +1013,7 @@ } }, "429": { - "description": "Too Many Requests", + "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { @@ -1029,48 +1023,39 @@ } } }, - "x-public": "true", "security": [ { "x-redlock-auth": [] } - ] + ], + "deprecated": true, + "x-public": "true" } }, - "/uve/api/v1/dashboard/vulnerabilities/cve-overview": { - "get": { - "deprecated": true, - "summary": "Get CVE Overview", - "description": "Get the overview of the CVE with its CVSS score, the impacted stages, severity, risk factors, the package name, and the distributions affected by this CVE.\n:::info\n **Replacement  Endpoint: [Get CVE Overview V2](/prisma-cloud/api/cspm/cve-overview-v-2/)**\n:::\n\n", + "/uve/api/v1/vuln-assets": { + "post": { "tags": [ "Vulnerabilities Dashboard" ], - "operationId": "cve-overview", - "parameters": [ - { - "name": "cve_id", - "in": "query", - "required": true, - "schema": { - "type": "string", - "example": "CVE-2021-44288" - }, - "description": "CVE ID" - } - ], + "summary": "Get Vulnerable Assets by CVE V2", + "description": "Get the list of all the assets affected by the CVE. This API supports the account group and account Id filters in addition to the filters we have in the [Get Vulnerable Assets by CVE](https://pan.dev/prisma-cloud/api/cspm/list-vulnerable-assets-cve/) endpoint.", + "operationId": "list-vulnerable-assets-cve-v-2", + "requestBody": { + "$ref": "#/components/requestBodies/AssetsSearchRequest" + }, "responses": { "200": { - "description": "Successful response", + "description": "Success", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CveOverview" + "$ref": "#/components/schemas/VulnAssetsSidecarResponse" } } } }, "400": { - "description": "Bad Request", + "description": "Bad request", "content": { "application/json": { "schema": { @@ -1090,7 +1075,7 @@ } }, "403": { - "description": "Forbidden", + "description": "User doesn't have required role", "content": { "application/json": { "schema": { @@ -1100,7 +1085,7 @@ } }, "429": { - "description": "Too Many Requests", + "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { @@ -1110,37 +1095,34 @@ } } }, - "x-public": "true", "security": [ { "x-redlock-auth": [] } - ] + ], + "x-public": "true" } }, - "/uve/api/v1/cve-overview": { - "get": { - "summary": "Get CVE Overview V2", - "description": "Get the detailed information for a given cve. This endpoint returns additional information, such as EPSS details, CVSS details, exploit details, and environment factors, compared to the [Get CVE Overview](https://pan.dev/prisma-cloud/api/cspm/cve-overview/) endpoint.", + "/uve/api/v2/cve-overview": { + "post": { "tags": [ "Vulnerabilities Dashboard" ], - "operationId": "cve-overview-v2", - "parameters": [ - { - "name": "cve_id", - "in": "query", - "required": true, - "schema": { - "type": "string", - "example": "CVE-2021-44288" - }, - "description": "CVE ID" + "summary": "Get CVE Overview - POST", + "description": "Get the detailed information for a given cve. This endpoint returns information, such as EPSS details, CVSS details, exploit details, and environment factors. This API supports the additional filters like accountGroup and accountIds when compared to the [Get CVE Overview V2](https://pan.dev/prisma-cloud/api/cspm/cve-overview-v-2/) endpoint", + "operationId": "cve-overview-v-3", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/WidgetRequestSidecar" + } + } } - ], + }, "responses": { "200": { - "description": "Successful response", + "description": "Success", "content": { "application/json": { "schema": { @@ -1150,7 +1132,7 @@ } }, "400": { - "description": "Bad Request", + "description": "Bad request", "content": { "application/json": { "schema": { @@ -1170,7 +1152,7 @@ } }, "403": { - "description": "Forbidden", + "description": "User doesn't have required role", "content": { "application/json": { "schema": { @@ -1180,7 +1162,7 @@ } }, "429": { - "description": "Too Many Requests", + "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { @@ -1190,48 +1172,48 @@ } } }, - "x-public": "true", "security": [ { "x-redlock-auth": [] } - ] + ], + "x-public": "true" } }, "/uve/api/v2/dashboard/vulnerabilities/burndown": { "get": { - "summary": "Get Vulnerabilities Burndown", - "description": "Get the data for burndown chart.\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "tags": [ "Vulnerabilities Dashboard" ], + "summary": "Get Vulnerabilities Burndown", + "description": "Returns the total count of vulnerabilities and the count of remediated vulnerabilities over the past 30 days.\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "operationId": "get-burndown", "parameters": [ { "name": "asset_type", - "description": "Type of Asset (comma separated values)", "in": "query", - "required": true, + "description": "Asset Type", + "required": false, "schema": { - "type": "string", + "type": "ref", "enum": [ - "iac", "package", + "iac", "deployedImage", - "serverlessFunction", - "host", + "vmImage", "registryImage", - "vmImage" + "host", + "serverlessFunction" ] } }, { "name": "life_cycle", - "description": "Life Cycle stage (comma separated values)", "in": "query", - "required": true, + "description": "Life Cycle", + "required": false, "schema": { - "type": "string", + "type": "ref", "enum": [ "code", "build", @@ -1241,34 +1223,34 @@ } }, { - "name": "severities", + "name": "severity", "in": "query", - "required": true, + "description": "Severity", + "required": false, "schema": { - "type": "string", + "type": "ref", "enum": [ - "low", + "critical", "medium", "high", - "critical" + "low" ] - }, - "description": "Severity (comma separated values)" + } } ], "responses": { "200": { - "description": "Successful response", + "description": "Success", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/BurndownResponse" + "$ref": "#/components/schemas/BurndownTrend" } } } }, "400": { - "description": "Bad Request", + "description": "Bad request", "content": { "application/json": { "schema": { @@ -1288,7 +1270,7 @@ } }, "403": { - "description": "Forbidden", + "description": "User doesn't have required role", "content": { "application/json": { "schema": { @@ -1298,7 +1280,7 @@ } }, "429": { - "description": "Too Many Requests", + "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { @@ -1308,46 +1290,38 @@ } } }, - "x-public": "true", - "x-ga": "24.2.1", "security": [ { "x-redlock-auth": [] } - ] + ], + "x-public": "true" } }, - "/uve/api/v1/dashboard/vulnerabilities/vuln-assets": { + "/uve/api/v2/dashboard/vulnerabilities/impact-stage": { "post": { - "summary": "Get Vulnerable Assets by CVE", - "description": "Get the list of all the assets affected by the CVE.", "tags": [ "Vulnerabilities Dashboard" ], - "operationId": "list-vulnerable-assets-cve", + "summary": "Get Vulnerability Impact by Stage - POST", + "description": "Returns a summary of vulnerability across app stages of your application lifecycle. This API supports the account group and account Id filters in addition to the filters we have in the [Get Vulnerability Impact by Stage](https://pan.dev/prisma-cloud/api/cspm/vulnerability-impact-by-stage/) endpoint.\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "operationId": "vulnerability-impact-by-stage-v-2", "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AssetsSearchRequest" - } - } - } + "$ref": "#/components/requestBodies/WidgetRequest" }, "responses": { "200": { - "description": "Successful response", + "description": "Success", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AssetSideCarResponse" + "$ref": "#/components/schemas/ImpactByStageResponse" } } } }, "400": { - "description": "Bad Request", + "description": "Bad request", "content": { "application/json": { "schema": { @@ -1367,7 +1341,7 @@ } }, "403": { - "description": "Forbidden", + "description": "User doesn't have required role", "content": { "application/json": { "schema": { @@ -1377,7 +1351,7 @@ } }, "429": { - "description": "Too Many Requests", + "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { @@ -1387,82 +1361,161 @@ } } }, - "x-public": "true", "security": [ { "x-redlock-auth": [] } - ] + ], + "x-public": "true" } }, - "/uve/api/v1/dashboard/vulnerabilities/vulnerableAsset": { + "/uve/api/v2/dashboard/vulnerabilities/overview": { "get": { - "summary": "Get Vulnerable Assets", - "description": "Returns a summary of vulnerable assets and detailed vulnerability statistics, including the total number of vulnerabilities by severity, registry count, package count, repository count, and more, across different stages of your application lifecycle. \n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "tags": [ "Vulnerabilities Dashboard" ], - "operationId": "vulnerable-assets", - "parameters": [ + "summary": "Get Vulnerability Overview V2", + "description": "Returns a summary of the total runtime vulnerabilities in your environment which is further divided into runtime Vulnerabilities by Asset and Vulnerabilities that have already been remediated. \\n:::info\\n **Replacement Endpoint: [Get CVE Overview - POST](/prisma-cloud/api/cspm/vulnerability-dashboard-overview-v-4/)**\\n:::\\n\\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "operationId": "vulnerability-dashboard-overview-v-2", + "responses": { + "200": { + "description": "Success", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OverviewWidgetV2" + } + } + } + }, + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "403": { + "description": "User doesn't have required role", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "429": { + "description": "Rate Limit Exceeded", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "deprecated": true, + "x-public": "true" + } + }, + "/uve/api/v2/dashboard/vulnerabilities/prioritised": { + "get": { + "tags": [ + "Vulnerabilities Dashboard" + ], + "summary": "Get Prioritized Vulnerabilities V2", + "description": "Returns the top-priority unique vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use along with the number of assets they occur in. \\n:::info\\n **Replacement Endpoint: [Get Prioritized Vulnerabilities - POST](/prisma-cloud/api/cspm/prioritised-vulnerability-v-5/)**\\n:::\\n\\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "operationId": "prioritised-vulnerability-v-2", + "parameters": [ { "name": "asset_type", - "description": "Type of Asset", "in": "query", + "description": "Asset Type", + "required": false, + "explode": true, "schema": { - "type": "string", - "enum": [ - "iac", - "package", - "deployedImage", - "serverlessFunction", - "host", - "registryImage", - "vmImage" - ] + "type": "array", + "items": { + "type": "string", + "enum": [ + "package", + "iac", + "deployedImage", + "vmImage", + "registryImage", + "host", + "serverlessFunction" + ] + } } }, { "name": "life_cycle", - "description": "Life Cycle stage", "in": "query", + "description": "Life Cycle", + "required": false, + "explode": true, "schema": { - "type": "string", - "enum": [ - "code", - "build", - "deploy", - "run" - ] + "type": "array", + "items": { + "type": "string", + "enum": [ + "code", + "build", + "deploy", + "run" + ] + } } }, { - "name": "severities", + "name": "risk_factors", "in": "query", + "description": "Risk Factors", + "required": false, + "example": "Critical severity, Package in use", + "explode": true, "schema": { - "type": "string", - "enum": [ - "low", - "medium", - "high", - "critical" - ] - }, - "description": "Severity" + "type": "array", + "items": { + "type": "string" + } + } } ], "responses": { "200": { - "description": "Successful response", + "description": "Success", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/VulnerableAssetsResponse" + "$ref": "#/components/schemas/PrioritizedVulnerabilitiesV2" } } } }, "400": { - "description": "Bad Request", + "description": "Bad request", "content": { "application/json": { "schema": { @@ -1482,7 +1535,7 @@ } }, "403": { - "description": "Forbidden", + "description": "User doesn't have required role", "content": { "application/json": { "schema": { @@ -1492,7 +1545,7 @@ } }, "429": { - "description": "Too Many Requests", + "description": "Rate Limit Exceeded", "content": { "application/json": { "schema": { @@ -1502,331 +1555,1099 @@ } } }, - "x-public": "true", "security": [ { "x-redlock-auth": [] } - ] + ], + "deprecated": true, + "x-public": "true" } - } - }, - "components": { - "schemas": { - "RiskFactorsParam": { - "type": "object", - "properties": { - "riskFactors": { - "type": "array", - "items": { - "type": "string" + }, + "/uve/api/v2/dashboard/vulnerabilities/prioritised-vuln": { + "get": { + "tags": [ + "Vulnerabilities Dashboard" + ], + "summary": "Get Top Impacting Vulnerabilities V2", + "description": "Returns the CVEs of top critical vulnerabilities in your environment based on the risk score. Each CVE includes risk factors, epssScore, severity, CVSS, risk factors, and assets impacted. This endpoint returns the epss score details in addition to those from [Get Top Impacting Vulnerabilities](https://pan.dev/prisma-cloud/api/cspm/prioritised-vulnerability-v-2/).\n:::info\n **Replacement Endpoint: [Get Top Impacting Vulnerabilities - POST](/prisma-cloud/api/cspm/top-prioritised-vulnerability-v-3/)**\n:::\n\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "operationId": "top-prioritised-vulnerability-v-2", + "parameters": [ + { + "name": "topN", + "in": "query", + "description": "TopN", + "required": true, + "example": 5, + "schema": { + "type": "integer", + "format": "int32" } - } - } - }, - "SeverityParam": { - "type": "object", - "properties": { - "severity": { - "type": "array", - "items": { - "type": "string" + }, + { + "name": "life_cycle", + "in": "query", + "description": "Life Cycle", + "required": true, + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "code", + "build", + "deploy", + "run" + ] + } } - } - } - }, - "OverviewWidget": { - "type": "object", - "properties": { - "values": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Overview" + }, + { + "name": "asset_type", + "in": "query", + "description": "Asset Type", + "required": false, + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "package", + "iac", + "deployedImage", + "vmImage", + "registryImage", + "host", + "serverlessFunction" + ] + } } } - } - }, - "OverviewWidgetV2": { - "type": "object", - "properties": { - "overviewSummary": { - "$ref": "#/components/schemas/OverviewSummary" + ], + "responses": { + "200": { + "description": "Success", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TopPrioritizedVulnerabilitiesV2" + } + } + } }, - "values": { - "type": "array", - "items": { - "$ref": "#/components/schemas/TrendCount" + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } } - } - } - }, - "OverviewWidgetV3": { - "type": "object", - "properties": { - "overviewSummary": { - "$ref": "#/components/schemas/OverviewSummaryV3" - } - } - }, - "TrendCount": { - "type": "object", - "properties": { - "lastUpdatedDateTime": { - "type": "integer", - "format": "int64" }, - "totalVulnerabilityCount": { - "type": "integer", - "format": "int64" + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } }, - "totalVulnerableAsset": { - "type": "integer", - "format": "int64" + "403": { + "description": "User doesn't have required role", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } }, - "totalRemediationCount": { - "type": "integer", - "format": "int64" + "429": { + "description": "Rate Limit Exceeded", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } } - } - }, - "OverviewSummaryV3": { - "type": "object", - "description": "Provides Summary of the uniqueCVES, vulnerabilities count and remediated vulnerabilities count", - "properties": { - "totalUniqueCves": { - "$ref": "#/components/schemas/VulnerabilityCountBySeverityV3" - }, - "totalVulnerabilities": { - "$ref": "#/components/schemas/VulnerabilityCountBySeverityV3" - }, - "totalRemediated": { - "$ref": "#/components/schemas/VulnerabilityCountBySeverityV3" + }, + "security": [ + { + "x-redlock-auth": [] } - } - }, - "VulnerabilityCountBySeverityV3": { - "type": "object", - "properties": { - "totalCount": { - "type": "integer", - "format": "int64" - }, - "criticalCount": { - "type": "integer", - "format": "int64" + ], + "deprecated": true, + "x-public": "true" + } + }, + "/uve/api/v2/dashboard/vulnerabilities/vulnerableAsset": { + "post": { + "tags": [ + "Vulnerabilities Dashboard" + ], + "summary": "Get Vulnerable Assets Stats - POST", + "description": "Returns overall stats like total vulnerabilities, total assets, vulnerability by severity across the life stage (code, build, deploy and run) per cloud provider. This API supports the account group and account Id filters in addition to the filters we have in the [Get Vulnerable Assets](https://pan.dev/prisma-cloud/api/cspm/vulnerable-assets/) endpoint.\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "operationId": "vulnerable-assets-v-2", + "requestBody": { + "$ref": "#/components/requestBodies/WidgetRequest" + }, + "responses": { + "200": { + "description": "Success", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VulnerableAsset" + } + } + } + }, + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "403": { + "description": "User doesn't have required role", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "429": { + "description": "Rate Limit Exceeded", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/uve/api/v3/dashboard/vulnerabilities/overview": { + "get": { + "tags": [ + "Vulnerabilities Dashboard" + ], + "summary": "Get Vulnerability Overview V3", + "description": "Returns a summary of the total unique vulnerabilities, the count of vulnerabilities, and the count of remediated vulnerabilities, including a breakdown by severity for each category. The percentage reflects the change between the current data and the data from seven days prior. \\n:::info\\n **Replacement Endpoint: [Get CVE Overview - POST](/prisma-cloud/api/cspm/vulnerability-dashboard-overview-v-4/)**\\n:::\\n\\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "operationId": "vulnerability-dashboard-overview-v-3", + "parameters": [ + { + "name": "asset_type", + "in": "query", + "description": "Asset Type", + "required": false, + "example": "packages,serverless", + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "string" + } + } + }, + { + "name": "life_cycle", + "in": "query", + "description": "Life Cycle", + "required": false, + "example": "code,build,deploy,run", + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "string" + } + } + }, + { + "name": "severities", + "in": "query", + "description": "Severity", + "required": false, + "example": "critical,high", + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "string" + } + } + } + ], + "responses": { + "200": { + "description": "Success", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OverviewWidgetV3" + } + } + } + }, + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "403": { + "description": "User doesn't have required role", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "429": { + "description": "Rate Limit Exceeded", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "deprecated": true, + "x-public": "true" + } + }, + "/uve/api/v3/dashboard/vulnerabilities/prioritised": { + "get": { + "tags": [ + "Vulnerabilities Dashboard" + ], + "summary": "Get Prioritized Vulnerabilities V3", + "description": "Returns the top-priority unique vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use along with the number of assets they occur in. This endpoint also returns vulnerabilities based on internet exposure, in addition to those from [Get Prioritized Vulnerabilities V2](https://pan.dev/prisma-cloud/api/cspm/prioritised-vulnerability-v-2/). \\n:::info\\n **Replacement Endpoint: [Get Prioritized Vulnerabilities - POST](/prisma-cloud/api/cspm/prioritised-vulnerability-v-5/)**\\n:::\\n\\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "operationId": "prioritised-vulnerability-v-3", + "parameters": [ + { + "name": "asset_type", + "in": "query", + "description": "Asset Type", + "required": false, + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "package", + "iac", + "deployedImage", + "vmImage", + "registryImage", + "host", + "serverlessFunction" + ] + } + } + }, + { + "name": "life_cycle", + "in": "query", + "description": "Life Cycle", + "required": false, + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "code", + "build", + "deploy", + "run" + ] + } + } + } + ], + "responses": { + "200": { + "description": "Success", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PrioritizedVulnerabilitiesV3" + } + } + } + }, + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "403": { + "description": "User doesn't have required role", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "429": { + "description": "Rate Limit Exceeded", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "deprecated": true, + "x-public": "true" + } + }, + "/uve/api/v3/dashboard/vulnerabilities/prioritised-vuln": { + "post": { + "tags": [ + "Vulnerabilities Dashboard" + ], + "summary": "Get Top Impacting Vulnerabilities - POST", + "description": "Returns the CVEs of top critical vulnerabilities in your environment based on the risk score. Each CVE includes risk factors, epssScore, severity, CVSS, EPSS, risk factors, and assets impacted. This API supports the account group and account Id filters in addition to the filters we have in the [Get Top Impacting Vulnerabilities V2](https://pan.dev/prisma-cloud/api/cspm/top-prioritised-vulnerability-v-2/) endpoint.\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "operationId": "top-prioritised-vulnerability-v-3", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/WidgetRequestTopN" + } + } + } + }, + "responses": { + "200": { + "description": "Success", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PrioritizedVulnerabilitiesV3" + } + } + } + }, + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "403": { + "description": "User doesn't have required role", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "429": { + "description": "Rate Limit Exceeded", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/uve/api/v4/dashboard/vulnerabilities/overview": { + "post": { + "tags": [ + "Vulnerabilities Dashboard" + ], + "summary": "Get Vulnerability Overview - POST", + "description": "Returns a summary of the total unique vulnerabilities, the count of vulnerabilities, and the count of remediated vulnerabilities, including a breakdown by severity for each category. The percentage reflects the change between the current data and the data from seven days prior. This API supports the account group and account Id filters in addition to the filters we have in the [Get Vulnerability Overview V3](https://pan.dev/prisma-cloud/api/cspm/vulnerability-dashboard-overview-v-3/) endpoint.\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "operationId": "vulnerability-dashboard-overview-v-4", + "requestBody": { + "$ref": "#/components/requestBodies/WidgetRequest" + }, + "responses": { + "200": { + "description": "Success", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OverviewWidgetV3" + } + } + } + }, + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "403": { + "description": "User doesn't have required role", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "429": { + "description": "Rate Limit Exceeded", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/uve/api/v4/dashboard/vulnerabilities/prioritised": { + "get": { + "tags": [ + "Vulnerabilities Dashboard" + ], + "summary": "Get Prioritized Vulnerabilities V4", + "description": "Returns the top-priority vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, internet exposed and vulnerable packages in use along with the number of assets they occur in. \\n:::info\\n **Replacement Endpoint: [Get Prioritized Vulnerabilities - POST](/prisma-cloud/api/cspm/prioritised-vulnerability-v-5/)**\\n:::\\n\\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "operationId": "prioritised-vulnerability-v-4", + "parameters": [ + { + "name": "asset_type", + "in": "query", + "description": "Asset Type", + "required": false, + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "package", + "iac", + "deployedImage", + "vmImage", + "registryImage", + "host", + "serverlessFunction" + ] + } + } + }, + { + "name": "life_cycle", + "in": "query", + "description": "Life Cycle", + "required": false, + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "code", + "build", + "deploy", + "run" + ] + } + } + } + ], + "responses": { + "200": { + "description": "Success", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PrioritizedVulnerabilitiesV3" + } + } + } + }, + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "403": { + "description": "User doesn't have required role", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + }, + "429": { + "description": "Rate Limit Exceeded", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "deprecated": true, + "x-public": "true" + } + }, + "/uve/api/v5/dashboard/vulnerabilities/prioritised": { + "post": { + "tags": [ + "Vulnerabilities Dashboard" + ], + "summary": "Get Prioritized Vulnerabilities - POST", + "description": "Returns the top-priority vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, internet exposed and vulnerable packages in use along with the number of assets they occur in. This API supports the account group and account Id filters in addition to the filters we have in the [Get Prioritized Vulnerabilities V4](https://pan.dev/prisma-cloud/api/cspm/prioritised-vulnerability-v-4/) endpoint.\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "operationId": "prioritised-vulnerability-v-5", + "requestBody": { + "$ref": "#/components/requestBodies/WidgetRequest" + }, + "responses": { + "200": { + "description": "Success", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PrioritizedVulnerabilitiesV3" + } + } + } }, - "highCount": { - "type": "integer", - "format": "int64" + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } }, - "mediumCount": { - "type": "integer", - "format": "int64" + "401": { + "description": "Unauthorized", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } }, - "lowCount": { - "type": "integer", - "format": "int64" + "403": { + "description": "User doesn't have required role", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } }, - "percentageChange": { - "type": "integer", - "format": "int64" + "429": { + "description": "Rate Limit Exceeded", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApiErrorResponse" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + } + }, + "components": { + "requestBodies": { + "AssetsSearchRequest": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AssetsSearchRequest" + } } } }, - "OverviewSummary": { + "WidgetRequest": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/WidgetRequest" + } + } + } + } + }, + "schemas": { + "Action": { "type": "object", - "description": "Provides Summary of the vulnerability, remediated and asset counts in Runtime", "properties": { - "totalVulnerableRuntimeAssets": { - "$ref": "#/components/schemas/VulnerableAssetByType" + "action": { + "type": "string" }, - "totalVulnerabilitiesinRuntime": { - "$ref": "#/components/schemas/VulnerabilityCountBySeverity" + "status": { + "type": "string" }, - "totalRemediatedinRuntime": { - "$ref": "#/components/schemas/VulnerabilityCountBySeverity" + "actionResult": { + "type": "string" + }, + "message": { + "type": "string" } } }, - "VulnerableAssetByType": { + "AdditionalLinks": { "type": "object", "properties": { - "totalCount": { - "type": "integer", - "format": "int64" + "vendorLinks": { + "type": "array", + "items": { + "type": "string" + } }, - "deployedImageCount": { - "type": "integer", - "format": "int64" + "nvdlinks": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "ApiErrorResponse": { + "type": "object", + "properties": { + "code": { + "type": "string" }, - "serverlessFunctionCount": { - "type": "integer", - "format": "int64" + "message": { + "type": "string" }, - "hostCount": { - "type": "integer", - "format": "int64" + "target": { + "type": "string" } } }, - "VulnerabilityCountBySeverity": { + "AssetData": { "type": "object", "properties": { - "totalCount": { - "type": "integer", - "format": "int64" + "cveId": { + "type": "string" }, - "criticalCount": { - "type": "integer", - "format": "int64" + "severity": { + "type": "array", + "items": { + "type": "string" + } }, - "highCount": { - "type": "integer", - "format": "int64" + "cbdrStage": { + "type": "array", + "items": { + "type": "string" + } }, - "mediumCount": { - "type": "integer", - "format": "int64" + "riskFactors": { + "type": "array", + "items": { + "type": "string" + } }, - "lowCount": { - "type": "integer", - "format": "int64" + "cvssScore": { + "type": "number", + "format": "double" + }, + "packageData": { + "$ref": "#/components/schemas/AssetInfo" + }, + "deployedImages": { + "$ref": "#/components/schemas/AssetInfo" + }, + "iac": { + "$ref": "#/components/schemas/AssetInfo" + }, + "host": { + "$ref": "#/components/schemas/AssetInfo" } } }, - "Overview": { + "AssetInfo": { "type": "object", "properties": { - "lastUpdatedDateTime": { + "count": { "type": "integer", - "format": "int64" + "format": "int32" }, - "totalVulnerabilityCount": { - "type": "integer" + "repositorycount": { + "type": "integer", + "format": "int32" }, - "totalVulnerableAsset": { - "type": "integer" + "fixImpact": { + "$ref": "#/components/schemas/FixImpact" }, - "totalRemediationCount": { - "type": "integer" + "remediationAvailable": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Action" + } } } }, - "PrioritizedVulnerabilities": { + "AssetTraceGraphView": { "type": "object", "properties": { - "lastUpdatedDateTime": { + "nodes": { + "type": "object", + "additionalProperties": { + "$ref": "#/components/schemas/TraceNode" + } + }, + "edges": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Edge" + } + } + } + }, + "AssetsImpacted": { + "type": "object", + "properties": { + "codeCount": { "type": "integer", "format": "int64" }, - "totalVulnerabilities": { - "type": "integer" - }, - "urgent": { - "type": "integer" - }, - "patchable": { - "type": "integer" + "buildCount": { + "type": "integer", + "format": "int64" }, - "exploitable": { - "type": "integer" + "deployCount": { + "type": "integer", + "format": "int64" }, - "packageInUse": { - "type": "integer" + "runtimeCount": { + "type": "integer", + "format": "int64" } } }, - "PrioritizedVulnerabilitiesV2": { + "AssetsSearchRequest": { "type": "object", "properties": { - "lastUpdatedDateTime": { + "query": { + "type": "string" + }, + "cve_id": { + "type": "string", + "description": "cveId" + }, + "risk_factors": { + "type": "array", + "description": "List of Risk Factors", + "items": { + "type": "string" + } + }, + "sort_by": { + "type": "string", + "description": "Assets Order" + }, + "asset_type": { + "type": "string", + "example": "package,serverlessFunction,iac,deployedImage,vmImage,registryImage,host", + "description": "List of Asset Types", + "enum": [ + "package", + "serverlessFunction", + "iac", + "deployedImage", + "vmImage", + "registryImage", + "host" + ] + }, + "page_offset": { "type": "integer", - "format": "int64" + "format": "int32", + "description": "Page offset" }, - "totalVulnerabilities": { - "type": "integer" + "page_size": { + "type": "integer", + "format": "int32", + "description": "Page Size" }, - "urgent": { - "$ref": "#/components/schemas/VulnerabilityInfo" + "filter_suppressed": { + "type": "boolean", + "description": "Filter Suppressed" }, - "patchable": { - "$ref": "#/components/schemas/VulnerabilityInfo" + "severity": { + "type": "array", + "example": "critical,high,low,medium,informational", + "description": "List of Severities", + "items": { + "type": "string" + } + }, + "life_cycle": { + "type": "array", + "example": "code,build,deploy,run", + "description": "List of Life Cycles", + "items": { + "type": "string" + } + }, + "account_groups": { + "type": "array", + "description": "List of Account Groups", + "items": { + "type": "string" + } + }, + "account_ids": { + "type": "array", + "description": "List of Account Ids", + "items": { + "type": "string" + } + }, + "account_names": { + "type": "array", + "description": "List of Account Names", + "items": { + "type": "string" + } }, - "exploitable": { - "$ref": "#/components/schemas/VulnerabilityInfo" + "clusters": { + "type": "array", + "description": "List of Account Ids", + "items": { + "type": "string" + } }, - "packageInUse": { - "$ref": "#/components/schemas/VulnerabilityInfo" + "cluster_namespaces": { + "type": "array", + "description": "List of Namespaces", + "items": { + "type": "string" + } } - } + }, + "description": "Request Model for Dashboard Widgets" }, - "PrioritizedVulnerabilitiesV3": { + "Build": { + "type": "object" + }, + "BurndownTrend": { "type": "object", "properties": { - "lastUpdatedDateTime": { + "dayNum": { "type": "integer", "format": "int64" }, - "totalVulnerabilities": { - "type": "integer" - }, - "urgent": { - "$ref": "#/components/schemas/VulnerabilityInfo" - }, - "patchable": { - "$ref": "#/components/schemas/VulnerabilityInfo" - }, - "exploitable": { - "$ref": "#/components/schemas/VulnerabilityInfo" - }, - "internetExposed": { - "$ref": "#/components/schemas/VulnerabilityInfo" + "totalCount": { + "type": "integer", + "format": "int64" }, - "packageInUse": { - "$ref": "#/components/schemas/VulnerabilityInfo" - } - } - }, - "VulnerabilityInfo": { - "type": "object", - "properties": { - "vulnerabilityCount": { + "remediatedCount": { "type": "integer", "format": "int64" }, - "assetCount": { + "epochTimestamp": { "type": "integer", "format": "int64" } } }, - "TopPrioritizedVulnerabilities": { + "CBDRAssetTraceRequest": { "type": "object", + "required": [ + "nextPageToken", + "source", + "traceStages" + ], "properties": { - "lastUpdatedDateTime": { - "type": "integer", - "format": "int64" + "nextPageToken": { + "type": "string", + "description": "Next Page Token" }, - "cve": { + "source": { + "$ref": "#/components/schemas/Source" + }, + "traceStages": { "type": "array", + "description": "List of trace stage data", "items": { - "$ref": "#/components/schemas/Cve" + "$ref": "#/components/schemas/TraceStage" } } } }, - "TopPrioritizedVulnerabilitiesV2": { + "Code": { "type": "object", "properties": { - "lastUpdatedDateTime": { + "packageCount": { "type": "integer", - "format": "int64" + "format": "int32" }, - "cve": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Cve2" - } + "iac": { + "type": "integer", + "format": "int32" } } }, @@ -1851,6 +2672,7 @@ }, "riskFactors": { "type": "array", + "uniqueItems": true, "items": { "type": "string" } @@ -1871,22 +2693,23 @@ "format": "double" }, "epssScore": { - "type": "number", - "format": "integer" + "type": "integer", + "format": "int64" + }, + "epssScorePrevious": { + "type": "integer", + "format": "int64" }, "completeEpssScore": { "type": "number", "format": "double" }, - "epssScorePrevious": { - "type": "number", - "format": "integer" - }, "severity": { "type": "string" }, "riskFactors": { "type": "array", + "uniqueItems": true, "items": { "type": "string" } @@ -1895,37 +2718,8 @@ "$ref": "#/components/schemas/AssetsImpacted" }, "assetsAtRisk": { - "type": "number", - "format": "long" - } - } - }, - "AssetsImpacted": { - "type": "object", - "properties": { - "codeCount": { - "type": "integer" - }, - "buildCount": { - "type": "integer" - }, - "deployCount": { - "type": "integer" - }, - "runtimeCount": { - "type": "integer" - } - } - }, - "Trend": { - "type": "object", - "properties": { - "reportedDate": { "type": "integer", "format": "int64" - }, - "assetsWithCveCount": { - "type": "integer" } } }, @@ -1942,18 +2736,6 @@ "type": "number", "format": "double" }, - "epssScore": { - "type": "number", - "format": "integer" - }, - "completeEpssScore": { - "type": "number", - "format": "double" - }, - "epssScorePrevious": { - "type": "number", - "format": "integer" - }, "packageName": { "type": "string" }, @@ -1990,6 +2772,18 @@ "items": { "$ref": "#/components/schemas/ImpactedDistros" } + }, + "epssScore": { + "type": "integer", + "format": "int64" + }, + "epssScorePrevious": { + "type": "integer", + "format": "int64" + }, + "completeEpssScore": { + "type": "number", + "format": "double" } } }, @@ -2009,64 +2803,247 @@ "type": "string" } }, - "riskFactors": { - "type": "array", - "items": { - "type": "string" - } + "riskFactors": { + "type": "array", + "items": { + "type": "string" + } + }, + "severity": { + "type": "string" + }, + "impactedDistrosList": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ImpactedDistros" + } + }, + "impactedAssetsCount": { + "type": "integer", + "format": "int32" + }, + "impactedAssetsRuntimeCount": { + "type": "integer", + "format": "int32" + }, + "description": { + "type": "string" + }, + "firstSeen": { + "type": "integer", + "format": "int64" + }, + "lastSeen": { + "type": "integer", + "format": "int64" + }, + "packageType": { + "type": "array", + "items": { + "type": "string" + } + }, + "impactedPackages": { + "type": "array", + "items": { + "type": "string" + } + }, + "cvssDetails": { + "$ref": "#/components/schemas/CvssDetails" + }, + "environmentFactors": { + "$ref": "#/components/schemas/EnvironmentFactors" + }, + "epssDetails": { + "$ref": "#/components/schemas/EpssDetails" + }, + "exploitDetails": { + "$ref": "#/components/schemas/ExploitDetails" + }, + "additionalLinks": { + "$ref": "#/components/schemas/AdditionalLinks" + } + } + }, + "CvssDetails": { + "type": "object", + "properties": { + "publishedDate": { + "type": "integer", + "format": "int64" + }, + "lastModifiedDate": { + "type": "integer", + "format": "int64" + }, + "attackVector": { + "type": "string" + }, + "privilegesRequired": { + "type": "string" + }, + "confidentiality": { + "type": "string" + }, + "attackComplexity": { + "type": "string" + }, + "userInteractionRequired": { + "type": "string" + }, + "integrity": { + "type": "string" + }, + "patchable": { + "type": "boolean" + }, + "exploitable": { + "type": "boolean" + } + } + }, + "Deploy": { + "type": "object", + "properties": { + "registryImage": { + "type": "integer", + "format": "int32" + } + } + }, + "DistroDetails": { + "type": "object", + "properties": { + "cvss": { + "type": "number", + "format": "double" + }, + "packageName": { + "type": "string" + }, + "release": { + "type": "string" + }, + "severity": { + "type": "string" + }, + "affectedVersion": { + "type": "string" + }, + "fixedTime": { + "type": "integer", + "format": "int64" + }, + "publishedDate": { + "type": "integer", + "format": "int64" + }, + "modifiedDate": { + "type": "integer", + "format": "int64" + } + } + }, + "Edge": { + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "label": { + "type": "string" }, - "severity": { + "source": { "type": "string" }, - "impactedAssetsCount": { - "type": "integer" + "target": { + "type": "string" }, - "impactedAssetsRuntimeCount": { - "type": "integer" + "directed": { + "type": "boolean" }, - "description": { + "relation": { "type": "string" }, - "firstSeen": { + "metadata": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "relationshipTypeId": { "type": "integer", - "format": "int64" + "format": "int32" + } + } + }, + "EnvironmentFactors": { + "type": "object", + "properties": { + "internetExposed": { + "type": "boolean" }, - "lastSeen": { + "packageInUse": { + "type": "boolean" + } + } + }, + "EpssDetails": { + "type": "object", + "properties": { + "epss": { "type": "integer", "format": "int64" }, - "packageType": { - "type": "array", - "items": { - "type": "string" - } - }, - "impactedPackages": { - "type": "array", - "items": { - "type": "string" - } + "epss_previous": { + "type": "integer", + "format": "int64" }, - "cvssDetails": { - "$ref": "#/components/schemas/CvssDetails" + "probabilityScore": { + "type": "number", + "format": "double" + } + } + }, + "ExploitDetails": { + "type": "object", + "properties": { + "cisaLink": { + "type": "string" }, - "environmentFactors": { - "$ref": "#/components/schemas/EnvironmentFactors" + "cisaKind": { + "type": "string" + } + } + }, + "FixImpact": { + "type": "object", + "properties": { + "percentageVulns": { + "type": "number", + "format": "float" }, - "exploitDetails": { - "$ref": "#/components/schemas/ExploitDetails" + "across": { + "type": "integer", + "format": "int64" + } + } + }, + "ImpactByStageResponse": { + "type": "object", + "properties": { + "code": { + "$ref": "#/components/schemas/Code" }, - "epssDetails": { - "$ref": "#/components/schemas/EpssDetails" + "build": { + "$ref": "#/components/schemas/Build" }, - "additionalDetails": { - "$ref": "#/components/schemas/AdditionalDetails" + "run": { + "$ref": "#/components/schemas/Run" }, - "impactedDistrosList": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ImpactedDistros" - } + "deploy": { + "$ref": "#/components/schemas/Deploy" } } }, @@ -2077,10 +3054,12 @@ "type": "string" }, "impactCount": { - "type": "integer" + "type": "integer", + "format": "int32" }, "highestCVSS": { - "type": "integer" + "type": "number", + "format": "double" }, "highestSeverity": { "type": "string" @@ -2101,709 +3080,503 @@ } } }, - "DistroDetails": { + "Overview": { "type": "object", "properties": { - "cvss": { - "type": "number", - "format": "double" + "lastUpdatedDateTime": { + "type": "integer", + "format": "int64" }, - "packageName": { - "type": "string" + "totalVulnerabilityCount": { + "type": "integer", + "format": "int64" }, - "release": { - "type": "string" + "totalVulnerableAsset": { + "type": "integer", + "format": "int64" }, - "severity": { - "type": "string" + "totalRemediationCount": { + "type": "integer", + "format": "int64" + } + } + }, + "OverviewAssetStats": { + "type": "object", + "properties": { + "totalCount": { + "type": "integer", + "format": "int64" }, - "affectedVersion": { - "type": "string" + "deployedImageCount": { + "type": "integer", + "format": "int64" }, - "fixedTime": { + "serverlessFunctionCount": { "type": "integer", "format": "int64" }, - "publishedDate": { + "hostCount": { + "type": "integer", + "format": "int64" + } + } + }, + "OverviewStats": { + "type": "object", + "properties": { + "totalCount": { "type": "integer", "format": "int64" }, - "modifiedDate": { + "criticalCount": { + "type": "integer", + "format": "int64" + }, + "highCount": { + "type": "integer", + "format": "int64" + }, + "mediumCount": { + "type": "integer", + "format": "int64" + }, + "lowCount": { "type": "integer", "format": "int64" } } }, - "AssetsSearchRequest": { + "OverviewStatsV3": { "type": "object", "properties": { - "query": { - "type": "string" + "totalCount": { + "type": "integer", + "format": "int64" }, - "cve_id": { - "type": "string" + "criticalCount": { + "type": "integer", + "format": "int64" }, - "risk_factors": { - "type": "array", - "items": { - "type": "string" - } + "highCount": { + "type": "integer", + "format": "int64" }, - "sort_by": { - "type": "string" + "mediumCount": { + "type": "integer", + "format": "int64" }, - "asset_type": { - "type": "string" + "lowCount": { + "type": "integer", + "format": "int64" }, - "page_offset": { - "type": "integer" + "percentageChange": { + "type": "integer", + "format": "int64" + } + } + }, + "OverviewSummary": { + "type": "object", + "properties": { + "totalVulnerableRuntimeAssets": { + "$ref": "#/components/schemas/OverviewAssetStats" }, - "page_size": { - "type": "integer" + "totalVulnerabilitiesinRuntime": { + "$ref": "#/components/schemas/OverviewStats" }, - "filter_suppressed": { - "type": "boolean" + "totalRemediatedinRuntime": { + "$ref": "#/components/schemas/OverviewStats" } } }, - "ApiErrorResponse": { + "OverviewSummaryV3": { "type": "object", "properties": { - "code": { - "type": "string", - "description": "Error code" + "totalUniqueCves": { + "$ref": "#/components/schemas/OverviewStatsV3" }, - "message": { - "type": "string", - "description": "Error message" + "totalVulnerabilities": { + "$ref": "#/components/schemas/OverviewStatsV3" }, - "target": { - "type": "string", - "description": "Error target" + "totalRemediated": { + "$ref": "#/components/schemas/OverviewStatsV3" + } + } + }, + "OverviewWidget": { + "type": "object", + "properties": { + "values": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Overview" + } + } + } + }, + "OverviewWidgetV2": { + "type": "object", + "properties": { + "overviewSummary": { + "$ref": "#/components/schemas/OverviewSummary" + }, + "values": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Overview" + } + } + } + }, + "OverviewWidgetV3": { + "type": "object", + "properties": { + "overviewSummary": { + "$ref": "#/components/schemas/OverviewSummaryV3" } } }, - "Action": { + "PrioritizedVulnerabilities": { "type": "object", "properties": { - "action": { - "type": "string" + "lastUpdatedDateTime": { + "type": "integer", + "format": "int64" }, - "status": { - "type": "string" + "totalVulnerabilities": { + "type": "integer", + "format": "int64" }, - "actionResult": { - "type": "string" + "urgent": { + "type": "integer", + "format": "int64" }, - "message": { - "type": "string" + "patchable": { + "type": "integer", + "format": "int64" + }, + "exploitable": { + "type": "integer", + "format": "int64" + }, + "packageInUse": { + "type": "integer", + "format": "int64" } } }, - "AssetDetails": { + "PrioritizedVulnerabilitiesV2": { "type": "object", "properties": { - "assetName": { - "type": "string" - }, - "resourceName": { - "type": "string" - }, - "packageName": { - "type": "string" - }, - "packageVersion": { - "type": "string" + "lastUpdatedDateTime": { + "type": "integer", + "format": "int64" }, - "fixVersion": { - "type": "string" + "totalVulnerabilities": { + "type": "integer", + "format": "int64" }, - "severity": { - "type": "string" + "urgent": { + "$ref": "#/components/schemas/VulnerabilityInfo" }, - "discoveredTime": { - "type": "string" + "patchable": { + "$ref": "#/components/schemas/VulnerabilityInfo" }, - "remediationAvailable": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Action" - } + "exploitable": { + "$ref": "#/components/schemas/VulnerabilityInfo" }, - "age": { - "type": "integer" + "packageInUse": { + "$ref": "#/components/schemas/VulnerabilityInfo" } } }, - "AssetSideCarResponse": { + "PrioritizedVulnerabilitiesV3": { "type": "object", "properties": { - "value": { - "type": "object", - "properties": { - "assets": { - "type": "array", - "items": { - "$ref": "#/components/schemas/AssetDetails" - } - } - } + "lastUpdatedDateTime": { + "type": "integer", + "format": "int64" }, - "cve_id": { - "type": "string" + "totalVulnerabilities": { + "type": "integer", + "format": "int64" }, - "page_offset": { - "type": "integer" + "urgent": { + "$ref": "#/components/schemas/VulnerabilityInfo" }, - "page_size": { - "type": "integer" - } - } - }, - "BurndownResponse": { - "type": "array", - "items": { - "type": "object", - "properties": { - "dayNum": { - "type": "number", - "description": "Count down of the day backwards from present day" - }, - "totalCount": { - "type": "number", - "description": "Number of vulnerabilities in the given day" - }, - "remediatedCount": { - "type": "number", - "description": "Number of vulnerabilities remediated for the given day" - }, - "epochTimestamp": { - "type": "number", - "description": "Time upto which the entry was recorded" - } + "patchable": { + "$ref": "#/components/schemas/VulnerabilityInfo" + }, + "exploitable": { + "$ref": "#/components/schemas/VulnerabilityInfo" + }, + "internetExposed": { + "$ref": "#/components/schemas/VulnerabilityInfo" + }, + "packageInUse": { + "$ref": "#/components/schemas/VulnerabilityInfo" } } }, - "ImpactByStageResponse": { + "Run": { "type": "object", "properties": { - "value": { - "type": "object", - "properties": { - "code": { - "type": "object", - "properties": { - "package": { - "type": "integer" - }, - "iac": { - "type": "integer" - } - } - }, - "build": { - "type": "object" - }, - "run": { - "type": "object", - "properties": { - "serverlessFunction": { - "type": "integer" - }, - "host": { - "type": "integer" - }, - "deployedImage": { - "type": "integer" - } - } - }, - "deploy": { - "type": "object", - "properties": { - "registryImage": { - "type": "integer" - }, - "vmImage": { - "type": "integer" - } - } - } - } + "serverlessFunction": { + "type": "integer", + "format": "int32" + }, + "host": { + "type": "integer", + "format": "int32" + }, + "deployedImage": { + "type": "integer", + "format": "int32" } } }, - "TraceStage": { + "Source": { "type": "object", - "description": "A ordered collection of subsequent trace stages", + "required": [ + "stage", + "unifiedAssetId" + ], "properties": { - "name": { + "unifiedAssetId": { + "type": "string", + "description": "Unified Asset Identifier" + }, + "stage": { "type": "string", - "description": "A unique name of the trace stage", + "description": "The stage of the source asset", "enum": [ "CODE", "BUILD", "DEPLOY", "RUN" ] - }, - "apiIds": { - "type": "array", - "description": "A collection of api-ids for this stage. If none are provided, then we utilize what the collection of ides that are default to this stage", - "items": { - "type": "string" - } - }, - "cveId": { - "type": "string", - "description": "CVE Identifier" - }, - "repoId": { - "type": "string", - "description": "Repo Identifier" } - }, - "required": [ - "cveId", - "repoId" - ] + } }, - "AssetTraceRequest": { + "StatsByProvider": { "type": "object", - "description": "Asset Trace request", "properties": { - "source": { - "type": "object", - "description": "The source from which the trace originates", - "properties": { - "unifiedAssetIds": { - "type": "array", - "items": { - "type": "string" - }, - "description": "Set of unified asset identifiers" - }, - "stage": { - "type": "string", - "enum": [ - "CODE", - "BUILD", - "DEPLOY", - "RUN" - ], - "description": "The stage of the source Assets" - } - }, - "required": [ - "unifiedAssetIds" - ] + "provider": { + "type": "string" }, - "traceStages": { - "type": "array", - "items": { - "$ref": "#/components/schemas/TraceStage" - } + "repositories": { + "type": "integer", + "format": "int64" }, - "nextPageToken": { + "registries": { "type": "integer", - "description": "The optional next page token" - } - } - }, - "AssetTraceGraphResponse": { - "type": "object", - "properties": { - "graph": { - "$ref": "#/components/schemas/AssetTraceGraph" + "format": "int64" + }, + "packages": { + "type": "integer", + "format": "int64" + }, + "assets": { + "type": "integer", + "format": "int64" + }, + "users": { + "type": "integer", + "format": "int64" + }, + "cloudAccounts": { + "type": "integer", + "format": "int64" + }, + "vulnerabilities": { + "$ref": "#/components/schemas/VulnerabilitiesBySeverity" } } }, - "AssetTraceGraph": { + "TopPrioritizedVulnerabilities": { "type": "object", "properties": { - "nodes": { - "type": "object", - "additionalProperties": { - "anyOf": [ - { - "$ref": "#/components/schemas/PrimaryAssetStageNode" - }, - { - "$ref": "#/components/schemas/AssetStageNode" - } - ] - } + "lastUpdatedDateTime": { + "type": "integer", + "format": "int64" }, - "edges": { + "cve": { "type": "array", "items": { - "$ref": "#/components/schemas/Edge" - } - } - } - }, - "PrimaryAssetStageNode": { - "type": "object", - "description": "A dictionary of the trace node identifier and the associated node", - "additionalProperties": { - "type": "object", - "description": "", - "properties": { - "label": { - "type": "string", - "description": "Label representing the asset name" - }, - "type": { - "type": "string", - "default": "PrimaryAsset", - "description": "Type of Node" - }, - "metadata": { - "$ref": "#/components/schemas/AssetStageNodeMetadata" - } - } - } - }, - "AssetStageNode": { - "type": "object", - "description": "A dictionary of the trace node identifier and the associated node", - "additionalProperties": { - "type": "object", - "description": "", - "properties": { - "label": { - "type": "string", - "description": "Label representing the asset name" - }, - "type": { - "type": "string", - "default": "Asset", - "description": "Type of Node" - }, - "metadata": { - "$ref": "#/components/schemas/AssetStageNodeMetadata" - } - } - } - }, - "AssetStageNodeMetadata": { - "type": "object", - "description": "Metadata associated with the AssetNode", - "additionalProperties": { - "type": "object", - "properties": { - "stage": { - "type": "string", - "description": "Stage of the Asset", - "enum": [ - "CODE", - "BUILD", - "DEPLOY", - "RUN" - ] - }, - "unifiedAssetId": { - "type": "string", - "description": "Unified Asset Identifier" - }, - "assetName": { - "type": "string", - "description": "Asset Name" - }, - "count": { - "type": "integer", - "description": "Count of the nodes in a stage" - }, - "attributes": { - "additionalProperties": { - "type": "object", - "properties": { - "packageManagerFileName": { - "type": "string", - "description": "File location in the Repo" - }, - "dockerFileName": { - "description": "Docker file name", - "type": "string" - }, - "pipelineName": { - "type": "string", - "description": "Name of the pipeline" - }, - "pipelineType": { - "type": "string", - "description": "Pipeline Type" - }, - "jobInstanceName": { - "type": "string", - "description": "Job Instance Name" - }, - "filePath": { - "type": "string", - "description": "The path of the file in the repo" - }, - "fileName": { - "type": "string", - "description": "The name of the file" - }, - "repoName": { - "type": "string", - "description": "The name of the repo" - }, - "repoOwner": { - "type": "string", - "description": "The owner of the repo" - }, - "packageName": { - "type": "string", - "description": "The package name of the CVE" - }, - "version": { - "type": "string", - "description": "The package version of the CVE" - }, - "subType": { - "type": "string", - "description": "Asset Sub Type", - "enum": [ - "File", - "Package" - ] - } - } - } + "$ref": "#/components/schemas/Cve" } } } }, - "Edge": { + "TopPrioritizedVulnerabilitiesV2": { "type": "object", - "description": "The edges of the C2C Tracing graph", "properties": { - "label": { - "type": "string", - "description": "Edge label" - }, - "source": { - "type": "string", - "description": "Identifier of the source asset" - }, - "target": { - "type": "string", - "description": "Identifier of the target asset" - }, - "directed": { - "type": "boolean", - "description": "Boolean value representing whether the edge is directed" - }, - "relation": { - "type": "string", - "enum": [ - "Deployed From", - "Built By", - "Contains", - "Is Contained In", - "Triggered By", - "Deployed As", - "Built", - "Triggered" - ], - "description": "Relation between the source and target nodes" - }, - "relationshipTypeId": { + "lastUpdatedDateTime": { "type": "integer", - "description": "Relationship Type ID between the edges" + "format": "int64" }, - "metadata": { - "type": "object", - "additionalProperties": { - "type": "string" + "cve": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Cve2" } } - }, - "required": [ - "source", - "target" - ] + } }, - "AssetNode": { + "TraceNode": { "type": "object", - "description": "", "properties": { - "label": { - "type": "string", - "description": "Label representing the asset name" - }, "type": { - "type": "string", - "enum": [ - "PrimaryAssetNode", - "AssetNode" - ], - "description": "Type of Node" + "type": "string" }, - "metadata": { - "type": "object", - "description": "Metadata associated with the AssetNode", - "additionalProperties": { - "type": "object", - "properties": {} - } + "label": { + "type": "string" } } }, - "Summary": { + "TraceStage": { "type": "object", + "required": [ + "cveId", + "name" + ], "properties": { - "description": { - "type": "string" - }, - "firstSeen": { - "type": "integer", - "format": "int64" + "name": { + "type": "string", + "description": "Stage Name" }, - "lastSeen": { - "type": "integer", - "format": "int64" + "cveId": { + "type": "string", + "description": "CveId" }, - "packageType": { - "type": "array", - "items": { - "type": "string" - } + "repoId": { + "type": "string", + "description": "RepoId" }, - "impactedPackages": { + "apiIds": { "type": "array", + "description": "ApiIds", "items": { - "type": "string" + "type": "integer", + "format": "int32" } } } }, - "CvssDetails": { + "Trend": { "type": "object", "properties": { - "publishedDate": { + "reportedDate": { "type": "integer", "format": "int64" }, - "lastModifiedDate": { + "assetsWithCveCount": { "type": "integer", "format": "int64" - }, - "attackVector": { - "type": "string" - }, - "exploitAvailability": { - "type": "string" - }, - "confidentiality": { + } + } + }, + "UaiSeverityMapping": { + "type": "object", + "properties": { + "prisma_id": { "type": "string" }, - "attackComplexity": { + "unified_asset_id": { "type": "string" }, - "userInteractionRequired": { - "type": "string" + "low": { + "type": "number", + "format": "double" }, - "integrity": { - "type": "string" + "medium": { + "type": "number", + "format": "double" }, - "exploitable": { - "type": "boolean" + "high": { + "type": "number", + "format": "double" }, - "patchable": { - "type": "boolean" + "critical": { + "type": "number", + "format": "double" } } }, - "EnvironmentFactors": { + "VulnAssetsSidecarResponse": { "type": "object", "properties": { - "internetExposed": { - "type": "boolean" - }, - "packageInUse": { - "type": "boolean" + "value": { + "$ref": "#/components/schemas/AssetData" } } }, - "ExploitDetails": { + "VulnerabilitiesBySeverity": { "type": "object", "properties": { - "cisaLink": { - "type": "string" + "criticalCount": { + "type": "integer", + "format": "int64" }, - "cisaKind": { - "type": "string" - } - } - }, - "EpssDetails": { - "type": "object", - "properties": { - "epss": { + "highCount": { "type": "integer", "format": "int64" }, - "epss_previous": { + "mediumCount": { "type": "integer", "format": "int64" }, - "probabilityScore": { + "lowCount": { "type": "integer", "format": "int64" } } }, - "AdditionalDetails": { + "VulnerabilityInfo": { "type": "object", "properties": { - "nvdLinks": { - "type": "array", - "items": { - "type": "string" - } + "vulnerability_count": { + "type": "integer", + "format": "int64" }, - "vendorLinks": { - "type": "array", - "items": { - "type": "string" - } + "asset_count": { + "type": "integer", + "format": "int64" + }, + "cve_count": { + "type": "integer", + "format": "int64" } } }, - "VulnerableAssetsResponse": { + "VulnerableAsset": { "type": "object", - "description": "Vulnerable Assets by Stage stats", "properties": { "value": { "type": "array", "items": { - "$ref": "#/components/schemas/VulnerableAssetByStage" + "$ref": "#/components/schemas/VulnerableAssetStat" } } } }, - "VulnerableAssetByStage": { + "VulnerableAssetStat": { "type": "object", - "description": "Vulnerable assets across all stages", "properties": { "stage": { - "type": "string", - "description": "Life Cycle Stage" + "type": "string" }, "totalVulnerabilities": { "type": "integer", - "description": "Total Vulnerabilities" + "format": "int64" }, "assetType": { - "type": "string", - "description": "Asset Type" + "type": "string" }, "totalAssets": { "type": "integer", - "description": "Total number of Assets" + "format": "int64" }, "stats": { "type": "array", @@ -2813,57 +3586,213 @@ } } }, - "StatsByProvider": { + "WidgetRequest": { "type": "object", - "description": "Stats grouped by provider", "properties": { - "provider": { + "assetTypes": { + "type": "array", + "example": "package,serverlessFunction,iac,deployedImage,vmImage,registryImage,host", + "description": "List of Asset Types", + "items": { + "type": "string" + } + }, + "lifeCycle": { + "type": "array", + "example": "code,build,deploy,run", + "description": "List of Asset Life Cycles", + "items": { + "type": "string" + } + }, + "severities": { + "type": "array", + "example": "critical,high,low,medium,informational", + "description": "List of Severities", + "items": { + "type": "string" + } + }, + "accountGroups": { + "type": "array", + "description": "List of Cloud Account Groups", + "items": { + "type": "string" + } + }, + "accountIds": { + "type": "array", + "description": "List of Cloud Account IDs", + "items": { + "type": "string" + } + }, + "clusters": { + "type": "array", + "description": "List of Clusters", + "items": { + "type": "string" + } + }, + "clusterNamespaces": { + "type": "array", + "description": "List of Namespaces", + "items": { + "type": "string" + } + }, + "accountNames": { + "type": "array", + "description": "List of Account Names", + "items": { + "type": "string" + } + } + }, + "description": "Request Model for Dashboard Widgets" + }, + "WidgetRequestSidecar": { + "type": "object", + "required": [ + "cveId" + ], + "properties": { + "assetTypes": { + "type": "array", + "example": "package,serverlessFunction,iac,deployedImage,vmImage,registryImage,host", + "description": "List of Asset Types", + "items": { + "type": "string" + } + }, + "lifeCycle": { + "type": "array", + "example": "code,build,deploy,run", + "description": "List of Asset Life Cycles", + "items": { + "type": "string" + } + }, + "severities": { + "type": "array", + "example": "critical,high,low,medium,informational", + "description": "List of Severities", + "items": { + "type": "string" + } + }, + "accountGroups": { + "type": "array", + "description": "List of Cloud Account Groups", + "items": { + "type": "string" + } + }, + "accountIds": { + "type": "array", + "description": "List of Cloud Account IDs", + "items": { + "type": "string" + } + }, + "clusters": { + "type": "array", + "description": "List of Clusters", + "items": { + "type": "string" + } + }, + "clusterNamespaces": { + "type": "array", + "description": "List of Namespaces", + "items": { + "type": "string" + } + }, + "accountNames": { + "type": "array", + "description": "List of Account Names", + "items": { + "type": "string" + } + }, + "cveId": { "type": "string", - "description": "Providers" + "description": "CVE ID" + } + }, + "description": "Request Model for Dashboard Widgets" + }, + "WidgetRequestTopN": { + "type": "object", + "properties": { + "assetTypes": { + "type": "array", + "example": "package,serverlessFunction,iac,deployedImage,vmImage,registryImage,host", + "description": "List of Asset Types", + "items": { + "type": "string" + } }, - "repositories": { - "type": "integer", - "description": "Respository count" + "lifeCycle": { + "type": "array", + "example": "code,build,deploy,run", + "description": "List of Asset Life Cycles", + "items": { + "type": "string" + } }, - "registries": { - "type": "integer", - "description": "Registry count" + "severities": { + "type": "array", + "example": "critical,high,low,medium,informational", + "description": "List of Severities", + "items": { + "type": "string" + } }, - "packages": { - "type": "integer", - "description": "Packages count" + "accountGroups": { + "type": "array", + "description": "List of Cloud Account Groups", + "items": { + "type": "string" + } }, - "assets": { - "type": "integer", - "description": "Total Assets" + "accountIds": { + "type": "array", + "description": "List of Cloud Account IDs", + "items": { + "type": "string" + } }, - "users": { - "type": "integer", - "description": "Total Users" + "clusters": { + "type": "array", + "description": "List of Clusters", + "items": { + "type": "string" + } }, - "vulnerabilities": { - "type": "object", - "description": "Vulnerability Split by Severity", - "properties": { - "criticalCount": { - "type": "integer", - "description": "Total Critical severity Vulnerability count" - }, - "highCount": { - "type": "integer", - "description": "Total High severity Vulnerability count" - }, - "mediumCount": { - "type": "integer", - "description": "Total Medium severity Vulnerability count" - }, - "lowCount": { - "type": "integer", - "description": "Total low severity Vulnerability count" - } + "clusterNamespaces": { + "type": "array", + "description": "List of Namespaces", + "items": { + "type": "string" + } + }, + "accountNames": { + "type": "array", + "description": "List of Account Names", + "items": { + "type": "string" } + }, + "topNValue": { + "type": "integer", + "format": "int32", + "example": "5,10", + "description": "Integer value for TopN Widget" } - } + }, + "description": "Request Model for Dashboard Widgets" } }, "securitySchemes": { diff --git a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv index d69a11473..cfd2f7e75 100644 --- a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv +++ b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv @@ -455,21 +455,29 @@ "get","/settings/enterprise","Enterprise Settings - GET","get-enterprise-settings","Settings","Monolith" "post","/settings/enterprise","Enterprise Settings - POST","update-enterprise-settings","Settings","Monolith" "get","/check","Health Check","health-check","System","Monolith" -"get","/uve/api/v1/dashboard/vulnerabilities/overview","Get Vulnerability Overview","vulnerability-dashboard-overview","Vulnerabilities Dashboard","UVEDashboardMicroService.json" -"get","/uve/api/v2/dashboard/vulnerabilities/overview","Get Vulnerability Overview V2","vulnerability-dashboard-overview-v2","Vulnerabilities Dashboard","UVEDashboardMicroService.json" -"get","/uve/api/v3/dashboard/vulnerabilities/overview","Get Vulnerability Overview V3","vulnerability-dashboard-overview-v3","Vulnerabilities Dashboard","UVEDashboardMicroService.json" -"get","/uve/api/v1/dashboard/vulnerabilities/prioritised","Get Prioritized Vulnerabilities","prioritised-vulnerability","Vulnerabilities Dashboard","UVEDashboardMicroService.json" -"get","/uve/api/v2/dashboard/vulnerabilities/prioritised","Get Prioritized Vulnerabilities V2","prioritised-vulnerability-v2","Vulnerabilities Dashboard","UVEDashboardMicroService.json" -"get","/uve/api/v3/dashboard/vulnerabilities/prioritised","Get Prioritized Vulnerabilities V3","prioritised-vulnerability-v3","Vulnerabilities Dashboard","UVEDashboardMicroService.json" -"get","/uve/api/v4/dashboard/vulnerabilities/prioritised","Get Prioritized Vulnerabilities V4","prioritised-vulnerability-v4","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"post","/trace/api/v1/asset","Get C2C Trace Asset Graph","c2c-trace-api","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"get","/uve/api/v1/cve-overview","Get Cve Overview V2","cve-overview-v-2","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"get","/uve/api/v1/dashboard/vulnerabilities/cve-overview","Get Cve Overview","cve-overview","Vulnerabilities Dashboard","UVEDashboardMicroService.json" "get","/uve/api/v1/dashboard/vulnerabilities/impact-stage","Get Vulnerability Impact by Stage","vulnerability-impact-by-stage","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"get","/uve/api/v1/dashboard/vulnerabilities/overview","Get Vulnerability Overview","vulnerability-dashboard-overview","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"get","/uve/api/v1/dashboard/vulnerabilities/prioritised","Get Prioritized Vulnerabilities V1","prioritised-vulnerability","Vulnerabilities Dashboard","UVEDashboardMicroService.json" "get","/uve/api/v1/dashboard/vulnerabilities/prioritised-vuln","Get Top Impacting Vulnerabilities","top-prioritised-vulnerability","Vulnerabilities Dashboard","UVEDashboardMicroService.json" -"get","/uve/api/v2/dashboard/vulnerabilities/prioritised-vuln","Get Top Impacting Vulnerabilities V2","top-prioritised-vulnerability-v2","Vulnerabilities Dashboard","UVEDashboardMicroService.json" -"get","/uve/api/v1/dashboard/vulnerabilities/cve-overview","Get CVE Overview","cve-overview","Vulnerabilities Dashboard","UVEDashboardMicroService.json" -"get","/uve/api/v1/cve-overview","Get CVE Overview V2","cve-overview-v2","Vulnerabilities Dashboard","UVEDashboardMicroService.json" -"get","/uve/api/v2/dashboard/vulnerabilities/burndown","Get Vulnerabilities Burndown","get-burndown","Vulnerabilities Dashboard","UVEDashboardMicroService.json" "post","/uve/api/v1/dashboard/vulnerabilities/vuln-assets","Get Vulnerable Assets by CVE","list-vulnerable-assets-cve","Vulnerabilities Dashboard","UVEDashboardMicroService.json" "get","/uve/api/v1/dashboard/vulnerabilities/vulnerableAsset","Get Vulnerable Assets","vulnerable-assets","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"post","/uve/api/v1/vuln-assets","Get Vulnerable Assets by CVE V2","list-vulnerable-assets-cve-v-2","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"post","/uve/api/v2/cve-overview","Get CVE Overview - POST","cve-overview-v-3","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"get","/uve/api/v2/dashboard/vulnerabilities/burndown","Get Vulnerabilities Burndown","get-burndown","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"post","/uve/api/v2/dashboard/vulnerabilities/impact-stage","Get Vulnerability Impact by Stage - POST","vulnerability-impact-by-stage-v-2","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"get","/uve/api/v2/dashboard/vulnerabilities/overview","Get Vulnerability Overview V2","vulnerability-dashboard-overview-v-2","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"get","/uve/api/v2/dashboard/vulnerabilities/prioritised","Get Prioritized Vulnerabilities V2","prioritised-vulnerability-v-2","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"get","/uve/api/v2/dashboard/vulnerabilities/prioritised-vuln","Get Top Impacting Vulnerabilities V2","top-prioritised-vulnerability-v-2","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"post","/uve/api/v2/dashboard/vulnerabilities/vulnerableAsset","Get Vulnerable Assets Stats - POST","vulnerable-assets-v-2","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"get","/uve/api/v3/dashboard/vulnerabilities/overview","Get Vulnerability Overview V3","vulnerability-dashboard-overview-v-3","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"get","/uve/api/v3/dashboard/vulnerabilities/prioritised","Get Prioritized Vulnerabilities V3","prioritised-vulnerability-v-3","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"post","/uve/api/v3/dashboard/vulnerabilities/prioritised-vuln","Get Top Impacting Vulnerabilities - POST","top-prioritised-vulnerability-v-3","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"post","/uve/api/v4/dashboard/vulnerabilities/overview","Get Vulnerability Overview - POST","vulnerability-dashboard-overview-v-4","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"get","/uve/api/v4/dashboard/vulnerabilities/prioritised","Get Prioritized Vulnerabilities V4","prioritised-vulnerability-v-4","Vulnerabilities Dashboard","UVEDashboardMicroService.json" +"post","/uve/api/v5/dashboard/vulnerabilities/prioritised","Get Prioritized Vulnerabilities - POST","prioritised-vulnerability-v-5","Vulnerabilities Dashboard","UVEDashboardMicroService.json" "post","/uve/api/v1/remediation/vuln-remediation-status","Get Remediation Status","fetch-Remediation-Status","Vulnerabilities Dashboard","Monolith" "post","/uve/api/v1/remediation/vuln-create-remediation","Create Remediation Request","create-Remediation-Request","Vulnerabilities Dashboard","Monolith" "post","/uve/api/v1/vulnerabilities/search","Get Vulnerabilities by RQL","vulnerabilities-search-api","Vulnerabilities Dashboard","UVESearchMicroService.json" From a03d4e0344b4e90bd075289e74df0a0e204f5a6c Mon Sep 17 00:00:00 2001 From: AbiMano4688 Date: Wed, 18 Sep 2024 10:38:25 +0530 Subject: [PATCH 7/9] edits to markdown syntax --- .../cspm/UVEDashboardMicroService.json | 28 +++++++++++-------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/openapi-specs/cspm/UVEDashboardMicroService.json b/openapi-specs/cspm/UVEDashboardMicroService.json index bdaed5b49..838eae1f0 100644 --- a/openapi-specs/cspm/UVEDashboardMicroService.json +++ b/openapi-specs/cspm/UVEDashboardMicroService.json @@ -5,6 +5,12 @@ "version": "1.0", "title": "UVE Doc" }, + "tags": [ + { + "name": "Vulnerabilities Dashboard", + "description": "UVE Dashboard Widgets" + } + ], "paths": { "/trace/api/v1/asset": { "post": { @@ -90,7 +96,7 @@ "Vulnerabilities Dashboard" ], "summary": "Get Cve Overview V2", - "description": "Get the detailed information for a given cve. This endpoint returns additional information, such as EPSS details, CVSS details, exploit details, and environment factors, compared to the [Get CVE Overview](https://pan.dev/prisma-cloud/api/cspm/cve-overview/) endpoint. \\n:::info\\n **Replacement Endpoint: [Get CVE Overview - POST](/prisma-cloud/api/cspm/cve-overview-v-3/)**\\n:::\\n\\n", + "description": "Get the detailed information for a given cve. This endpoint returns additional information, such as EPSS details, CVSS details, exploit details, and environment factors, compared to the [Get CVE Overview](https://pan.dev/prisma-cloud/api/cspm/cve-overview/) endpoint. \n:::info\n **Replacement Endpoint: [Get CVE Overview - POST](/prisma-cloud/api/cspm/cve-overview-v-3/)**\n:::\n\n", "operationId": "cve-overview-v-2", "parameters": [ { @@ -231,7 +237,7 @@ "Vulnerabilities Dashboard" ], "summary": "Get Cve Overview", - "description": "Get the overview of the CVE with its CVSS score, the impacted stages, severity, risk factors, the package name, and the distributions affected by this CVE. \\n:::info\\n **Replacement Endpoint: [Get CVE Overview - POST](/prisma-cloud/api/cspm/cve-overview-v-3/)**\\n:::\\n\\n", + "description": "Get the overview of the CVE with its CVSS score, the impacted stages, severity, risk factors, the package name, and the distributions affected by this CVE. \n:::info\n **Replacement Endpoint: [Get CVE Overview - POST](/prisma-cloud/api/cspm/cve-overview-v-3/)**\n:::\n\n", "operationId": "cve-overview", "parameters": [ { @@ -372,7 +378,7 @@ "Vulnerabilities Dashboard" ], "summary": "Get Vulnerability Impact by Stage", - "description": "Returns a summary of vulnerability across app stages of your application lifecycle. \\n:::info\\n **Replacement Endpoint: [Get Vulnerability Impact by Stage - POST](/prisma-cloud/api/cspm/vulnerability-impact-by-stage-v-2/)**\\n:::\\n\\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "description": "Returns a summary of vulnerability across app stages of your application lifecycle. \n:::info\n **Replacement Endpoint: [Get Vulnerability Impact by Stage - POST](/prisma-cloud/api/cspm/vulnerability-impact-by-stage-v-2/)**\n:::\n\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "operationId": "vulnerability-impact-by-stage", "parameters": [ { @@ -503,7 +509,7 @@ "Vulnerabilities Dashboard" ], "summary": "Get Vulnerability Overview", - "description": "Returns a summary of the total vulnerabilities in your environment which is further divided into Vulnerabilities by Asset and Vulnerabilities that have already been remediated. \\n:::info\\n **Replacement Endpoint: [Get CVE Overview - POST](/prisma-cloud/api/cspm/vulnerability-dashboard-overview-v-4/)**\\n:::\\n\\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "description": "Returns a summary of the total vulnerabilities in your environment which is further divided into Vulnerabilities by Asset and Vulnerabilities that have already been remediated. \n:::info\n **Replacement Endpoint: [Get CVE Overview - POST](/prisma-cloud/api/cspm/vulnerability-dashboard-overview-v-4/)**\n:::\n\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "operationId": "vulnerability-dashboard-overview", "parameters": [ { @@ -625,7 +631,7 @@ "Vulnerabilities Dashboard" ], "summary": "Get Prioritized Vulnerabilities V1", - "description": "Returns the count of top-priority vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use. \\n:::info\\n **Replacement Endpoint: [Get Prioritized Vulnerabilities - POST](/prisma-cloud/api/cspm/prioritised-vulnerability-v-5/)**\\n:::\\n\\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "description": "Returns the count of top-priority vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use. \n:::info\n **Replacement Endpoint: [Get Prioritized Vulnerabilities - POST](/prisma-cloud/api/cspm/prioritised-vulnerability-v-5/)**\n:::\n\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "operationId": "prioritised-vulnerability", "parameters": [ { @@ -835,7 +841,7 @@ "Vulnerabilities Dashboard" ], "summary": "Get Vulnerable Assets by CVE", - "description": "Get the list of all the assets affected by the CVE. \\n:::info\\n **Replacement Endpoint: [Get Vulnerable Assets by CVE V2](/prisma-cloud/api/cspm/list-vulnerable-assets-cve-v-2/)**\\n:::\\n\\n", + "description": "Get the list of all the assets affected by the CVE. \n:::info\n **Replacement Endpoint: [Get Vulnerable Assets by CVE V2](/prisma-cloud/api/cspm/list-vulnerable-assets-cve-v-2/)**\n:::\n\n", "operationId": "list-vulnerable-assets-cve", "requestBody": { "$ref": "#/components/requestBodies/AssetsSearchRequest" @@ -1375,7 +1381,7 @@ "Vulnerabilities Dashboard" ], "summary": "Get Vulnerability Overview V2", - "description": "Returns a summary of the total runtime vulnerabilities in your environment which is further divided into runtime Vulnerabilities by Asset and Vulnerabilities that have already been remediated. \\n:::info\\n **Replacement Endpoint: [Get CVE Overview - POST](/prisma-cloud/api/cspm/vulnerability-dashboard-overview-v-4/)**\\n:::\\n\\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "description": "Returns a summary of the total runtime vulnerabilities in your environment which is further divided into runtime Vulnerabilities by Asset and Vulnerabilities that have already been remediated. \n:::info\n **Replacement Endpoint: [Get CVE Overview - POST](/prisma-cloud/api/cspm/vulnerability-dashboard-overview-v-4/)**\n:::\n\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "operationId": "vulnerability-dashboard-overview-v-2", "responses": { "200": { @@ -1444,7 +1450,7 @@ "Vulnerabilities Dashboard" ], "summary": "Get Prioritized Vulnerabilities V2", - "description": "Returns the top-priority unique vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use along with the number of assets they occur in. \\n:::info\\n **Replacement Endpoint: [Get Prioritized Vulnerabilities - POST](/prisma-cloud/api/cspm/prioritised-vulnerability-v-5/)**\\n:::\\n\\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "description": "Returns the top-priority unique vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use along with the number of assets they occur in. \n:::info\n **Replacement Endpoint: [Get Prioritized Vulnerabilities - POST](/prisma-cloud/api/cspm/prioritised-vulnerability-v-5/)**\n:::\n\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "operationId": "prioritised-vulnerability-v-2", "parameters": [ { @@ -1764,7 +1770,7 @@ "Vulnerabilities Dashboard" ], "summary": "Get Vulnerability Overview V3", - "description": "Returns a summary of the total unique vulnerabilities, the count of vulnerabilities, and the count of remediated vulnerabilities, including a breakdown by severity for each category. The percentage reflects the change between the current data and the data from seven days prior. \\n:::info\\n **Replacement Endpoint: [Get CVE Overview - POST](/prisma-cloud/api/cspm/vulnerability-dashboard-overview-v-4/)**\\n:::\\n\\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "description": "Returns a summary of the total unique vulnerabilities, the count of vulnerabilities, and the count of remediated vulnerabilities, including a breakdown by severity for each category. The percentage reflects the change between the current data and the data from seven days prior. \n:::info\n **Replacement Endpoint: [Get CVE Overview - POST](/prisma-cloud/api/cspm/vulnerability-dashboard-overview-v-4/)**\n:::\n\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "operationId": "vulnerability-dashboard-overview-v-3", "parameters": [ { @@ -1877,7 +1883,7 @@ "Vulnerabilities Dashboard" ], "summary": "Get Prioritized Vulnerabilities V3", - "description": "Returns the top-priority unique vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use along with the number of assets they occur in. This endpoint also returns vulnerabilities based on internet exposure, in addition to those from [Get Prioritized Vulnerabilities V2](https://pan.dev/prisma-cloud/api/cspm/prioritised-vulnerability-v-2/). \\n:::info\\n **Replacement Endpoint: [Get Prioritized Vulnerabilities - POST](/prisma-cloud/api/cspm/prioritised-vulnerability-v-5/)**\\n:::\\n\\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "description": "Returns the top-priority unique vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, and vulnerable packages in use along with the number of assets they occur in. This endpoint also returns vulnerabilities based on internet exposure, in addition to those from [Get Prioritized Vulnerabilities V2](https://pan.dev/prisma-cloud/api/cspm/prioritised-vulnerability-v-2/). \n:::info\n **Replacement Endpoint: [Get Prioritized Vulnerabilities - POST](/prisma-cloud/api/cspm/prioritised-vulnerability-v-5/)**\n:::\n\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "operationId": "prioritised-vulnerability-v-3", "parameters": [ { @@ -2137,7 +2143,7 @@ "Vulnerabilities Dashboard" ], "summary": "Get Prioritized Vulnerabilities V4", - "description": "Returns the top-priority vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, internet exposed and vulnerable packages in use along with the number of assets they occur in. \\n:::info\\n **Replacement Endpoint: [Get Prioritized Vulnerabilities - POST](/prisma-cloud/api/cspm/prioritised-vulnerability-v-5/)**\\n:::\\n\\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", + "description": "Returns the top-priority vulnerabilities which are aggregated based on the most urgent, exploitable, patchable, internet exposed and vulnerable packages in use along with the number of assets they occur in. \n:::info\n **Replacement Endpoint: [Get Prioritized Vulnerabilities - POST](/prisma-cloud/api/cspm/prioritised-vulnerability-v-5/)**\n:::\n\n\n>**Note:** You need `vulnerabilityDashboard` feature with `View` permission to access this endpoint. Verify if your permission group includes this feature using the [Get Permission Group by ID](https://pan.dev/prisma-cloud/api/cspm/get-1/) endpoint. You can also check this in the Prisma Cloud console by ensuring that **Dashboard > Vulnerability** is enabled.", "operationId": "prioritised-vulnerability-v-4", "parameters": [ { From bb3dbf8ac181df7904e4d4ec6f0219c2471573b0 Mon Sep 17 00:00:00 2001 From: AbiMano4688 Date: Wed, 18 Sep 2024 12:22:33 +0530 Subject: [PATCH 8/9] added x-public to all public endpoints --- .../CloudAccountOnboardingMicroServices.json | 327 +++++++++++++++--- .../cspm/consolidated_spec/all_endpoints.csv | 5 + 2 files changed, 280 insertions(+), 52 deletions(-) diff --git a/openapi-specs/cspm/CloudAccountOnboardingMicroServices.json b/openapi-specs/cspm/CloudAccountOnboardingMicroServices.json index c5165a6ae..d6f2405db 100644 --- a/openapi-specs/cspm/CloudAccountOnboardingMicroServices.json +++ b/openapi-specs/cspm/CloudAccountOnboardingMicroServices.json @@ -9,6 +9,10 @@ } }, "tags": [ + { + "name": "AWS Logging Accounts", + "description": "To ingest the VPC flow logs from Amazon S3 buckets to Prisma Cloud, you need an AWS logging account. If you need flow logs ingestion, after onboarding your AWS account, you must onboard the logging account which has the S3 bucket storing VPC flow logs for the monitored account. The APIs in this category can be used to configure and manage these logging accounts." + }, { "name": "Cloud Accounts (AWS)", "description": "To monitor the resources on your AWS cloud infrastructure, you must first add your AWS accounts to Prisma Cloud. When you add your cloud account to Prisma Cloud, the API integration between AWS and Prisma Cloud is established and you can begin monitoring the resources and identify potential security risks.\n\nThe Cloud Account (AWS) APIs enable you to add and manage AWS accounts on Prisma Cloud. For end to end workflow to onboarding an AWS account using APIs, see [Automate AWS Cloud Account Onboarding](/prisma-cloud/docs/cspm/aws-cloud-account-onboarding/).\n For common operations related to cloud accounts, see [Cloud Accounts (All)](/prisma-cloud/api/cspm/cloud-accounts-all/).\n" @@ -2262,6 +2266,53 @@ "x-public": "true" } }, + "/v1/cloudAccounts/awsLoggingAccounts/{accountId}": { + "get": { + "tags": [ + "AWS Logging Accounts" + ], + "summary": "Get Logging Account By ID", + "description": "Get details of a logging account by ID.", + "operationId": "getLoggingArchiveAccount", + "parameters": [ + { + "name": "accountId", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successfully retrieved account", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/LoggingArchiveAccountModel" + } + } + } + }, + "400": { + "description": "Bad Request. Data validation failed." + }, + "401": { + "description": "Unauthorized Access" + }, + "404": { + "description": "Account not found" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, "/v1/cloudAccounts/awsLoggingAccounts/{accountId}/buckets/{bucketName}": { "delete": { "tags": [ @@ -2358,6 +2409,45 @@ } ], "x-public": "true" + }, + "post": { + "tags": [ + "AWS Logging Accounts" + ], + "summary": "Regenerate CFT for New RoleName", + "description": "Regenerate a new CFT for an existing logging account if roleName changes.", + "operationId": "generate-log-account-cft-role", + "parameters": [ + { + "name": "accountId", + "in": "path", + "description": "Account ID", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "$ref": "#/components/requestBodies/LoggingAccountCFTRequest" + }, + "responses": { + "200": { + "description": "success" + }, + "400": { + "description": "bad_request" + }, + "404": { + "description": "Account or bucket not found." + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" } }, "/v1/cloudAccounts/awsLoggingAccounts/{accountId}/role/{roleName}/externalId": { @@ -2450,6 +2540,41 @@ } ], "x-public": "true" + }, + "delete": { + "tags": [ + "AWS Logging Accounts" + ], + "summary": "Delete a Logging Account by ID", + "description": "Delete an AWS logging account based on account ID.", + "operationId": "deleteLoggingAccount", + "parameters": [ + { + "name": "loggingAccountId", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "No content" + }, + "400": { + "description": "Bad Request. Data validation failed." + }, + "401": { + "description": "Unauthorized Access" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" } }, "/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}/buckets": { @@ -2661,6 +2786,104 @@ ], "x-public": "true" } + }, + "/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}/permissionsStatus": { + "get": { + "tags": [ + "AWS Logging Accounts" + ], + "summary": "Get Logging Account Status - GET", + "description": "Get status of a logging account based on ID.", + "operationId": "getLoggingAccountStatus", + "parameters": [ + { + "name": "loggingAccountId", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "List of logging account statuses", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "type": "array", + "items": { + "type": "object" + } + } + } + } + }, + "400": { + "description": "Invalid parameter" + }, + "401": { + "description": "Unauthorized Access" + }, + "404": { + "description": "Account not found" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + }, + "post": { + "tags": [ + "AWS Logging Accounts" + ], + "summary": "Get Logging Account Status - POST", + "description": "Get detailed status of a logging account based on ID, name, roleRN or bucket name. ", + "operationId": "checkLoggingAccountStatusForProvidedAccount", + "parameters": [ + { + "name": "loggingAccountId", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "$ref": "#/components/requestBodies/LoggingArchiveAccountModel" + }, + "responses": { + "200": { + "description": "Successfully completed status check for existing logging account", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/CloudAccountStatus" + } + } + } + }, + "400": { + "description": "Invalid parameter" + }, + "401": { + "description": "Unauthorized Access" + }, + "404": { + "description": "Logging Account doesn't exist" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } } }, "servers": [ @@ -3853,58 +4076,10 @@ "type": "string" } }, - "features": { - "type": "array", - "description": "Features", - "uniqueItems": true, - "items": { - "$ref": "#/components/schemas/Feature" - } - }, - "name": { - "type": "string", - "description": "Name" - }, - "enabled": { - "type": "boolean", - "description": "Enabled" - }, - "associatedAccountGroupsCount": { - "type": "integer", - "format": "int32", - "description": "Associated Account Groups Count with this cloud account" - }, "storageScanEnabled": { "type": "boolean", "description": "Storage Scan Enabled" }, - "autoConsent": { - "type": "string" - }, - "storageUUID": { - "type": "string", - "description": "Storage UUID" - }, - "cloudAccountOwner": { - "type": "string", - "description": "Cloud account owner" - }, - "accountGroupInfos": { - "type": "array", - "description": "Account group details of groups associated with this account", - "items": { - "$ref": "#/components/schemas/AccountGroupInfo" - } - }, - "cloudAccountOwnerCount": { - "type": "integer", - "format": "int32", - "description": "Cloud account owner count", - "readOnly": true - }, - "parentAccountId": { - "type": "string" - }, "deploymentType": { "type": "string", "description": "Deployment Type", @@ -3927,6 +4102,54 @@ "ALIBABA_CLOUD_FINANCE" ] }, + "accountGroupInfos": { + "type": "array", + "description": "Account group details of groups associated with this account", + "items": { + "$ref": "#/components/schemas/AccountGroupInfo" + } + }, + "autoConsent": { + "type": "string" + }, + "cloudAccountOwner": { + "type": "string", + "description": "Cloud account owner" + }, + "cloudAccountOwnerCount": { + "type": "integer", + "format": "int32", + "description": "Cloud account owner count", + "readOnly": true + }, + "storageUUID": { + "type": "string", + "description": "Storage UUID" + }, + "features": { + "type": "array", + "description": "Features", + "uniqueItems": true, + "items": { + "$ref": "#/components/schemas/Feature" + } + }, + "name": { + "type": "string", + "description": "Name" + }, + "enabled": { + "type": "boolean", + "description": "Enabled" + }, + "associatedAccountGroupsCount": { + "type": "integer", + "format": "int32", + "description": "Associated Account Groups Count with this cloud account" + }, + "parentAccountId": { + "type": "string" + }, "accountId": { "type": "string", "description": "Account ID" @@ -4286,16 +4509,16 @@ "type": "string", "readOnly": true }, + "authenticationType": { + "type": "string", + "readOnly": true + }, "cloudAccount": { "$ref": "#/components/schemas/GcpAccountViewModel" }, "clientEmail": { "type": "string", "readOnly": true - }, - "authenticationType": { - "type": "string", - "readOnly": true } } }, diff --git a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv index cfd2f7e75..0083440f1 100644 --- a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv +++ b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv @@ -157,14 +157,19 @@ "post","/v1/cloudAccounts/awsLoggingAccounts","Add AWS Logging Account","saveLoggingAccount","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" "post","/v1/cloudAccounts/awsLoggingAccounts/cft","Generate a New CFT Template","generate-log-account-cft","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" "post","/v1/cloudAccounts/awsLoggingAccounts/permissionsStatus","Get Logging Account Status","checkLoggingAccountStatus","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" +"get","/v1/cloudAccounts/awsLoggingAccounts/{accountId}","Get Logging Account By ID","getLoggingArchiveAccount","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" "delete","/v1/cloudAccounts/awsLoggingAccounts/{accountId}/buckets/{bucketName}","Delete an S3 bucket","deleteBucket","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" "get","/v1/cloudAccounts/awsLoggingAccounts/{accountId}/cft","Regenerate CFT for an Existing Account","generate-log-account-cft-existing","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" +"post","/v1/cloudAccounts/awsLoggingAccounts/{accountId}/cft","Regenerate CFT for New RoleName","generate-log-account-cft-role","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" "get","/v1/cloudAccounts/awsLoggingAccounts/{accountId}/role/{roleName}/externalId","Get External ID of an Account","Get External ID ","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" "put","/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}","Update Logging Account","updateLoggingAccount","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" +"delete","/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}","Delete a Logging Account by ID","deleteLoggingAccount","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" "get","/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}/buckets","List S3 Bucket Names","getBuckets","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" "post","/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}/buckets","Add an S3 bucket","saveBucket","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" "get","/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}/buckets/{bucketName}","Get all S3 Buckets","getBucketDetails","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" "put","/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}/buckets/{bucketName}","Update S3 Bucket Details","updateBucket","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" +"get","/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}/permissionsStatus","Get Logging Account Status - GET","getLoggingAccountStatus","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" +"post","/v1/cloudAccounts/awsLoggingAccounts/{loggingAccountId}/permissionsStatus","Get Logging Account Status - POST","checkLoggingAccountStatusForProvidedAccount","AWS Logging Accounts","CloudAccountOnboardingMicroServices.json" "post","/dlp/api/v1/config/awsorg/status","Check Data Security Preconditions (AWS Org)","get-status-for-org","Cloud Accounts (AWS)","Monolith" "post","/dlp/api/config/v2","Add Data Security Config (AWS Org)","onboard-aws-org-scan","Cloud Accounts (AWS)","Monolith" "put","/dlp/api/config/v2","Update Data Security Config (AWS Org)","update-aws-org-scan-config","Cloud Accounts (AWS)","Monolith" From 9f0d080a05be1715ce541ad6ce9752da2e059ce0 Mon Sep 17 00:00:00 2001 From: jrdevore Date: Thu, 19 Sep 2024 12:01:23 -0700 Subject: [PATCH 9/9] RLP-149246 AssetMicroService - Restore description for Get Asset endpoint, fix duplicate tag description --- openapi-specs/cspm/AssetMicroService.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/openapi-specs/cspm/AssetMicroService.json b/openapi-specs/cspm/AssetMicroService.json index b3464e203..a875a6fff 100644 --- a/openapi-specs/cspm/AssetMicroService.json +++ b/openapi-specs/cspm/AssetMicroService.json @@ -7,7 +7,7 @@ "name": "Platform-Ironman", "url": "" }, - "version": "v1.0" + "version": "V1" }, "servers": [ { @@ -64,11 +64,11 @@ "tags": [ { "name": "Asset Lookup", - "description": "APIs to query data from Unified Asset Inventory (UAI)" + "description": "Asset Loopup APIs to query data from Unified Asset Inventory (UAI)" }, { "name": "Id Translations", - "description": "APIs to query data from Unified Asset Inventory (UAI)" + "description": "Id Translation APIs to query data from Unified Asset Inventory (UAI)" } ], "paths": { @@ -78,7 +78,7 @@ "Asset Explorer" ], "summary": "Get Asset", - "description": "Returns detailed information for the asset with the given id.\n\nThe data field in the response object contains the raw JSON blob as returned by the source cloud service provider API for the given asset.\n\nOnly the rrn parameter in the request body is used for this API. Ignore the timelineItemId and findingType fields.", + "description": "Returns detailed information for the asset with the given id.\n\nThe data field in the response object contains the raw JSON blob as returned by the source cloud service provider API for the given asset.\n\nOnly the rrn parameter in the request body is used for this API. Ignore the timelineItemId and findingType fields.\n\n Ensure to add the required parameters for the asset query parameter with type as follows: \n\n | **Type** | **Conditionally Required Query Parameters** |\n| ------------------------------- | ----------------------------------------------------------------- |\n| external_finding |
  • findingType
  • riskFactors
|\n| alerts | alertIds |\n| attack_path | attackPathIds |\n| package_info |
  • vulnerabilityInfoTypeId
  • filters
|\n| labels | filters |\n| vulnerability_aggregates | filters |\n| process_info | filters |\n| vulnerabilities_group_by_type |
  • vulnerabilityInfoTypeId
  • filters
|\n| asset_cwp_vulns |
  • vulnerabilityInfoTypeId
  • vulnerabilityInfoType
  • filters
|\n\n", "operationId": "get-asset-details-by-id", "parameters": [], "requestBody": { @@ -167,7 +167,7 @@ "minimum": 1, "type": "string", "format": "IdLookup", - "example": "d49d2177f00f7ce4ab24bb86655efad4" + "example": "[d49d2177f00f7ce4ab24bb86655efad4]" } } }, @@ -328,7 +328,7 @@ "minimum": 1, "type": "string", "format": "String", - "example": "rrn:xxx:xx:xx-xx-x:xxx:xxx:x-xxxx" + "example": "[rrn:xxx:xx:xx-xx-x:xxx:xxx:x-xxxx]" } } },