diff --git a/docusaurus.config.ts b/docusaurus.config.ts index 00ba02109..eef9dab4b 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -490,6 +490,11 @@ const config = { label: "Multitenant Interconnect", icon: "api-doc", }, + { + to: "sase/api/sspm", + label: "SaaS Security Posture Management", + icon: "api-doc", + }, { to: "access/api/adem/autonomous-dem-api", label: "Autonomous DEM", @@ -898,6 +903,11 @@ const config = { outputDir: "products/sase/api/mt-interconnect", sidebarOptions: { groupPathsBy: "tag" }, }, + sasesspm: { + specPath: "openapi-specs/sase/sspm", + outputDir: "products/sase/api/sspm", + sidebarOptions: { groupPathsBy: "tag" }, + }, access: { specPath: "openapi-specs/access/prisma-access-config", outputDir: "products/access/api/prisma-access-config", diff --git a/openapi-specs/sase/sspm/consolidated.yaml b/openapi-specs/sase/sspm/consolidated.yaml new file mode 100644 index 000000000..116046926 --- /dev/null +++ b/openapi-specs/sase/sspm/consolidated.yaml @@ -0,0 +1,1110 @@ +components: + schemas: + Application: + description: 'Represents a registered SSPM application with its properties and + status. + + ' + properties: + app_id: + description: Unique identifier for the application. + type: string + app_settings: + additionalProperties: + type: string + description: Custom settings for the application as key-value pairs. + type: object + changed_at: + description: Timestamp of the last change to the application. + format: date-time + type: string + changed_by: + description: Identifier of the user who last modified the application. + type: string + configs: + additionalProperties: + type: string + description: Configuration settings for the application as key-value pairs. + type: object + created_at: + description: Timestamp of when the application was created. + format: date-time + type: string + created_by: + description: Identifier of the user who created the application. + type: string + fawkes_url: + description: URL associated with the Fawkes system for this application. + type: string + features_metadata: + additionalProperties: + additionalProperties: + type: string + type: object + description: Metadata for application features. + type: object + features_state: + additionalProperties: + $ref: '#/components/schemas/FeatureState' + description: Current state of application features. + type: object + health_status: + description: Current health status of the application. + enum: + - Up + - Unhealthy + - Down + - Unknown + - Scanning + type: string + instance_label: + description: Label indicating the type of instance. + enum: + - Default + - Production + - Sandbox + - Internal + - QA + - Dev + type: string + last_scanned_at: + description: Timestamp of the last scan performed on the application. + format: date-time + type: string + last_validated_at: + description: Timestamp of the last validation performed on the application. + format: date-time + type: string + missing_configs: + description: List of configuration items that are missing. + items: + type: string + type: array + name: + description: Display name of the application. + type: string + owner: + $ref: '#/components/schemas/User' + description: User who owns the application. + remediation_enabled: + description: Indicates if automated remediation is enabled for this application. + type: boolean + scan_interval_minutes: + description: Interval between scans in minutes. + format: int32 + type: integer + status: + description: Current operational status of the application. + enum: + - Registered + - Active + - Disabled + type: string + tenant: + description: Identifier for the tenant associated with this application. + type: string + tsg_id: + description: Identifier for the TSG associated with this application. + type: string + type: + description: Type of the application. + type: string + type: object + ApplicationAuthInfo: + description: 'Contains authentication information for an application, including + fields and SSO strategy. + + ' + properties: + fields: + description: List of authentication form elements. + items: + $ref: '#/components/schemas/AuthFormElement' + type: array + sso_fields: + description: List of SSO-specific fields. + items: + $ref: '#/components/schemas/SsoFields' + type: array + strategy: + description: Authentication strategy used by the application. + enum: + - REDIRECT_URL + - PROVIDED_CREDENTIALS + type: string + type: object + ApplicationPage: + description: 'Defines a paginated list of applications with metadata. + + ' + properties: + items: + description: List of application objects. + items: + type: object + type: array + limit: + description: Maximum number of items per page. + format: int32 + type: integer + next_path: + description: Path to retrieve the next page of results. + type: string + prev_path: + description: Path to retrieve the previous page of results. + type: string + total: + description: Total number of items across all pages. + format: int64 + type: integer + type: object + AuthFormElement: + description: 'Represents an element in an authentication form. + + ' + discriminator: + propertyName: kind + properties: + kind: + description: Type of form element (FIELD or DOC) + enum: + - FIELD + - DOC + type: string + type: object + CatalogApplication: + description: 'Describes an application in the SSPM catalog, including features + and metadata. + + ' + properties: + display_name: + description: Name of the application. + type: string + enabled: + description: Indicates if the application is enabled in the catalog. + type: boolean + features: + description: List of features supported by the application. + items: + enum: + - SCAN + - REMEDIATE + - RISKY_ACCOUNTS + - THIRD_PARTY_APPS + - THIRD_PARTY_APPS_USER_REVOKE + - IDENTITY + type: string + type: array + uniqueItems: true + features_metadata: + additionalProperties: + additionalProperties: + type: string + type: object + description: Additional metadata for application features. + type: object + lambda: + description: Indicates if the application is a lambda function. + type: boolean + name: + description: Unique identifier for the application in the catalog. + type: string + type: object + CatalogConfig: + description: 'Specifies a configuration setting in the application catalog with + its properties and remediation options. + + ' + properties: + __metadata: + additionalProperties: + type: object + description: Additional metadata for the configuration. + properties: + empty: + type: boolean + type: object + category: + description: Category of the configuration setting. + type: string + common_control: + description: Common control identifier associated with this configuration. + type: string + console_url: + description: URL to the console for managing this configuration. + type: string + description: + description: Detailed description of the configuration setting. + description_url: + description: URL to additional documentation for this configuration. + type: string + enabled: + description: Indicates if this configuration is enabled. + type: boolean + id: + description: Unique identifier for the configuration. + type: string + name: + description: Display name of the configuration. + type: string + native_category: + description: Original category in the native system. + type: string + native_name: + description: Original name in the native system. + type: string + operator: + $ref: '#/components/schemas/CatalogConfigOperator' + description: Operator used for comparing configuration values. + optional: + description: Indicates if this configuration is optional. + type: boolean + remediation: + $ref: '#/components/schemas/RemediationConfig' + description: Remediation steps and options for this configuration. + remediation_steps: + description: Detailed steps for remediating issues with this configuration. + type: string + severity: + description: Severity level of the configuration. + type: string + value: + $ref: '#/components/schemas/ConfigValue' + description: Expected or recommended value for the configuration. + type: object + CatalogConfigOperator: + description: 'Defines an operator for comparing configuration values. + + ' + discriminator: + propertyName: operator + properties: + displayValue: + description: Representation of the operator. + type: string + operator: + description: Type of comparison operator. + enum: + - equal + - not_equal + - substring + - not_substring + - greater + - greater_or_equal + - less + - less_or_equal + - one_of + - not_one_of + - in_range + - not_in_range + type: string + valueType: + description: Data type of the values being compared. + enum: + - int + - double + - string + - bool + type: string + type: object + CommonControlProfiles: + description: 'Lists compliance profiles associated with a common control. + + ' + properties: + id: + description: Unique identifier for the common control. + type: string + name: + description: Display name of the common control. + type: string + profiles: + description: List of compliance profiles associated with this control. + items: + $ref: '#/components/schemas/ComplianceProfile' + type: array + type: object + ComplianceCategory: + description: 'Represents a category of compliance controls. + + ' + properties: + controls: + description: List of compliance controls in this category. + items: + $ref: '#/components/schemas/ComplianceControl' + type: array + name: + description: Name of the compliance category. + type: string + type: object + ComplianceControl: + description: 'Defines a specific compliance control. + + ' + properties: + description: + description: Detailed description of the compliance control. + id: + description: Unique identifier for the compliance control. + type: string + type: object + ComplianceProfile: + description: 'Represents a compliance profile with categories and controls. + + ' + properties: + categories: + description: List of compliance categories in this profile. + items: + $ref: '#/components/schemas/ComplianceCategory' + type: array + id: + description: Unique identifier for the compliance profile. + type: string + name: + description: Display name of the compliance profile. + type: string + type: object + Config: + description: 'Represents a scanned configuration for an application, including + its status and related tickets. + + ' + properties: + app_id: + description: Identifier of the associated application. + type: string + category: + description: Category of the configuration. + type: string + common_control_id: + description: Identifier of the associated common control. + type: string + config_id: + description: Unique identifier for this configuration. + type: string + console_url: + description: URL to the console for managing this configuration. + type: string + current_value: + description: Current value of the configuration. + type: string + description: + description: Detailed description of the configuration. + descriptionUrl: + description: URL to additional documentation for this configuration. + type: string + id: + description: Unique identifier for this configuration instance. + type: string + locked: + description: Indicates if the configuration is locked. + type: boolean + locked_value: + description: Value of the configuration when locked. + type: string + monitored: + description: Indicates if the configuration is being monitored. + type: boolean + monitored_attestation: + description: Attestation for monitored configurations. + type: string + name: + description: Display name of the configuration. + type: string + operator: + description: Operator used for comparing configuration values. + type: string + operator_display_value: + description: Human-readable representation of the operator. + type: string + overridden: + description: Indicates if the configuration has been overridden. + type: boolean + overridden_value: + description: Value of the configuration when overridden. + type: string + recommended_value: + description: Recommended value for the configuration. + type: string + remediation_enabled: + description: Indicates if automated remediation is enabled for this configuration. + type: boolean + remediation_steps: + description: Steps for remediating issues with this configuration. + type: string + status: + description: Current status of the configuration. + type: string + subcategory: + description: Subcategory of the configuration. + type: string + tenant: + description: Identifier of the associated tenant. + type: string + tickets: + description: List of tickets related to this configuration. + items: + $ref: '#/components/schemas/Ticket' + type: array + type: object + ConfigValue: + description: 'Defines the value and type for a configuration setting. + + ' + properties: + choices: + description: Available choices for the configuration value. + type: string + default_value: + description: Default value for the configuration. + type: string + type: + description: Data type of the configuration value. + type: string + type: object + FeatureState: + description: 'Indicates the current state of an application feature, including + scan status and timestamps. + + ' + properties: + last_scanned_at: + description: Timestamp of the last scan for this feature. + format: date-time + type: string + status: + description: Current status of the feature. + enum: + - UNKNOWN + - OK + - UNHEALTHY + - AUTH_REQUIRED + - SCANNING + type: string + status_details: + description: Additional details about the feature's status. + type: string + updated_at: + description: Timestamp of the last update to the feature state. + format: date-time + type: string + type: object + JiraIdentity: + description: 'Represents a user identity in Jira. + + ' + properties: + accountId: + description: Unique identifier for the Jira account. + type: string + displayName: + description: Display name of the Jira user. + type: string + type: object + JiraIssueFields: + description: 'Contains fields for a Jira issue. + + ' + properties: + assignee: + $ref: '#/components/schemas/JiraIdentity' + description: User assigned to the Jira issue. + reporter: + $ref: '#/components/schemas/JiraIdentity' + description: User who reported the Jira issue. + status: + $ref: '#/components/schemas/Status' + description: Current status of the Jira issue. + type: object + JiraIssueResponse: + description: 'Contains details of a Jira issue, including fields like assignee, + reporter, and status. + + ' + properties: + fields: + $ref: '#/components/schemas/JiraIssueFields' + description: Fields of the Jira issue. + type: object + JiraIssueType: + description: 'Represents a type of issue in Jira. + + ' + properties: + id: + description: Unique identifier for the issue type. + type: string + name: + description: Name of the issue type. + type: string + type: object + JiraProjectDetailResponse: + description: 'Provides information about a Jira project, including available + issue types. + + ' + properties: + issueTypes: + description: List of issue types available in the Jira project. + items: + $ref: '#/components/schemas/JiraIssueType' + type: array + type: object + RemediationConfig: + description: 'Defines remediation configuration for a setting. + + ' + properties: + auto_fix: + description: Indicates if automatic fixing is enabled. + type: boolean + guide_footer: + description: Footer text for the remediation guide. + type: string + guide_header: + description: Header text for the remediation guide. + type: string + guide_steps: + description: Step-by-step instructions for remediation. + items: + type: string + type: array + remediation_value: + description: Value to be set during remediation. + type: string + type: object + ScopeConfig: + description: 'Defines a plugin scope configuration for an application. + + ' + properties: + description: + description: Detailed description of the scope configuration. + enabled: + description: Indicates if this scope is enabled. + type: boolean + id: + description: Unique identifier for the scope configuration. + type: string + name: + description: Display name of the scope configuration. + type: string + native_name: + description: Original name in the native system. + type: string + severity: + description: Severity level of the scope configuration. + type: string + type: object + SsoFields: + properties: + fields: + items: + $ref: '#/components/schemas/AuthFormElement' + type: array + sso_provider: + enum: + - NONE + - OKTA + - AZURE + - GOOGLE + type: string + required: + - fields + - sso_provider + type: object + Status: + description: 'Represents the status of an item. + + ' + properties: + name: + description: Name of the status. + type: string + type: object + Ticket: + description: 'Represents a ticket associated with a configuration or issue. + + ' + properties: + createdAt: + description: Timestamp when the ticket was created. + format: date-time + type: string + integrationId: + description: Identifier of the integration associated with this ticket. + type: string + summary: + description: Brief summary of the ticket. + type: string + tenant: + description: Identifier of the tenant associated with this ticket. + type: string + ticketKey: + description: Unique key for the ticket. + type: string + ticketUrl: + description: URL to view the ticket. + type: string + type: + description: Type of ticketing system used. + enum: + - JIRA_TICKETING + - SNOW_TICKETING + type: string + type: object + User: + description: 'Represents a user in the system with basic identification information. + + ' + properties: + email: + description: Email address of the user. + type: string + full_name: + description: Full name of the user. + type: string + user_id: + description: Unique identifier for the user. + type: string + required: + - email + - full_name + - user_id + type: object + securitySchemes: + Bearer: + scheme: bearer + type: http +info: + contact: + email: support@paloaltonetworks.com + description: "This Open API spec file represents the APIs available for [Palo Alto\ + \ Networks SSPM](https://docs.paloaltonetworks.com/saas-security/saas-security-admin/saas-security-sspm).\ + \ \nSaaS Security Posture Management (SSPM) APIs provide tools for continuous\ + \ monitoring, detection of misconfigured SaaS application settings.\nThese APIs\ + \ use the common SASE authentication mechanism and base URL. \nSee the [Prisma\ + \ SASE API Get Started](https://pan.dev/sase/docs/getstarted) guide for more information.\n\ + \nThis Open API spec file was created on January 08, 2025. To check for a more\ + \ recent version of this file, see\n[SaaS Security Posture Management APIs on\ + \ pan.dev](https://pan.dev/sase/api/sspm/).\n\n\xA9 2024 Palo Alto Networks, Inc.\ + \ Palo Alto Networks is a registered trademark of Palo\nAlto Networks. A list\ + \ of our trademarks can be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ + \nAll other marks mentioned herein may be trademarks of their respective companies.\n" + title: SaaS Security Posture Management APIs + version: '1.0' +openapi: 3.0.1 +paths: + /sspm/api/v1/apps: + get: + description: 'Retrieve the list of onboarded SaaS applications. + + ' + operationId: get-sspm-api-v1-apps + parameters: + - description: List of filters + example: filter=type:office365 + in: query + name: filter + schema: + type: string + - description: 'defines sorting of the result.Format: FIELD_NAME:DIRECTION|FIELD_NAME:DIRECTION|... + .' + example: order_by=name:asc|type:desc + in: query + name: order_by + schema: + type: string + - description: applies page_token to get requested page of items + example: page_token=MSM2Iw== + in: query + name: page_token + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationPage' + description: Successful operation + security: + - Bearer: [] + summary: Get registered application + tags: + - Registered Application + /sspm/api/v1/apps/{app_id}: + get: + description: 'Retrieve the basic details of the application by providing app + ID and tenant name. + + ' + operationId: get-sspm-api-v1-apps-app_id + parameters: + - description: application id + example: f1700e7b-e60f-4d5e-bfce-aba3543adf8e + in: path + name: app_id + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Application' + description: Successful operation + '404': + description: Application not registered + security: + - Bearer: [] + summary: Application details + tags: + - Registered Application + /sspm/api/v1/apps/{app_id}/configs: + get: + description: 'Retrieve details on the application configuration by providing + app ID and tenant name. + + ' + operationId: get-sspm-api-v1-apps-app_id-configs + parameters: + - description: Application ID + example: f1700e7b-e60f-4d5e-bfce-aba3543adf8e + in: path + name: app_id + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + items: + $ref: '#/components/schemas/Config' + type: array + description: Successful operation + '404': + description: Application not registered + security: + - Bearer: [] + summary: Application configuration details + tags: + - Registered Application + /sspm/api/v1/apps/{app_id}/settings: + get: + description: "Retrieve details on the settings of the SaaS application by providing\ + \ app ID and tenant name. \n" + operationId: get-sspm-api-v1-apps-app_id-settings + parameters: + - description: Application ID + example: f1700e7b-e60f-4d5e-bfce-aba3543adf8e + in: path + name: app_id + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + items: + $ref: '#/components/schemas/Config' + type: array + description: Successful operation + '404': + description: Application not registered + security: + - Bearer: [] + summary: Application settings details + tags: + - Registered Application + /sspm/api/v1/auth/{app}/info: + get: + description: 'Retrieve details on the application authorization in the catalog. + + ' + operationId: get-sspm-api-v1-auth-app-info + parameters: + - description: application type + example: office365 + in: path + name: app + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationAuthInfo' + description: Successful operation + '404': + description: Application not registered + security: + - Bearer: [] + summary: Authorization information + tags: + - Authorization + /sspm/api/v1/catalog/apps: + get: + description: "Retrieve details on all the supported SSPM applications. \n" + operationId: get-sspm-api-v1-catalog-apps + responses: + '200': + content: + application/json: + schema: + items: + $ref: '#/components/schemas/CatalogApplication' + type: array + description: Successful operation + security: + - Bearer: [] + summary: Catalog of supported SSPM applications + tags: + - Catalog Information + /sspm/api/v1/catalog/apps/{app}: + get: + description: "Retrieve details on the catalog settings for the application by\ + \ providing application type. \n" + operationId: get-sspm-api-v1-catalog-apps-app + parameters: + - description: application name + example: servicenow + in: path + name: app + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CatalogApplication' + description: Successful operation + security: + - Bearer: [] + summary: Catalog setting details + tags: + - Catalog Information + /sspm/api/v1/catalog/apps/{app}/configs: + get: + description: 'Retrieve details on the catalog configuration settings by providing + application type. + + ' + operationId: get-sspm-api-v1-catalog-apps-app-configs + parameters: + - description: application name + example: servicenow + in: path + name: app + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + items: + $ref: '#/components/schemas/CatalogConfig' + type: array + description: Successful operation + security: + - Bearer: [] + summary: Catalog configuration settings details + tags: + - Catalog Information + /sspm/api/v1/catalog/apps/{app}/scopes: + get: + description: "Retrieve plugin scope catalog for the application using application\ + \ type. \n" + operationId: get-sspm-api-v1-catalog-apps-app-scopes + parameters: + - description: Application Name + example: servicenow + in: path + name: app + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + items: + $ref: '#/components/schemas/ScopeConfig' + type: array + description: Successful operation + security: + - Bearer: [] + summary: Plugin scope catalog + tags: + - Catalog Information + /sspm/api/v1/catalog/controls/{common_control_id}: + get: + description: 'Retrieve a compliance profile mappings for common control ID. + + ' + operationId: get-sspm-api-v1-catalog-controls-common_control_id + parameters: + - description: Common Control ID + example: PAN-00000001 + in: path + name: common_control_id + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CommonControlProfiles' + description: Successful operation + security: + - Bearer: [] + summary: Compliance profile mappings + tags: + - Catalog Information + /sspm/api/v1/integration/integrations/:integration_id/JIRA_TICKETING/issue/{key}: + get: + description: Retrieve detailed information about a specific issue using the + issue key. + operationId: get-sspm-api-v1-integration-integrations-:integration_id-jira_ticketing-issue-key + parameters: + - description: integration ID + example: 65dcec42a2f1d37173e6294c + in: path + name: integration_id + required: true + schema: + type: string + - description: Integration type + example: JIRA_TICKETING + in: path + name: integration_type + required: true + schema: + type: string + - description: issue key + example: '10001' + in: path + name: key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/JiraIssueResponse' + description: Successful operation + '404': + description: Jira-ticketing integration not registered. + security: + - Bearer: [] + summary: JIRA ticket issue details + tags: + - JIRA + /sspm/api/v1/integration/integrations/:integration_id/JIRA_TICKETING/project/{key}: + get: + description: Retrieve detailed information about a project. The response includes + issue keys that you can use in the next step. + operationId: get-sspm-api-v1-integration-integrations-:integration_id-jira_ticketing-project-key + parameters: + - description: integration ID + example: 65dcec42a2f1d37173e6294c + in: path + name: integration_id + required: true + schema: + type: string + - description: Integration type + example: JIRA_TICKETING + in: path + name: integration_type + required: true + schema: + type: string + - description: project key + example: TestProject + in: path + name: key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/JiraProjectDetailResponse' + description: Successful operation + '404': + description: The Jira-ticketing integration is not registered. + security: + - Bearer: [] + summary: Project information using issue key + tags: + - JIRA + /sspm/api/v1/integration/integrations/:integration_id/JIRA_TICKETING/projects: + get: + description: Retrieve a list of JIRA tickets. + operationId: get-sspm-api-v1-integration-integrations-:integration_id-jira_ticketing-projects + parameters: + - description: Integration ID + example: 65dcec42a2f1d37173e6294c + in: path + name: integration_id + required: true + schema: + type: string + - description: Integration type + example: JIRA_TICKETING + in: path + name: integration_type + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + type: object + description: Successful operation + '404': + description: The Jira-ticketing integration is not registered. + security: + - Bearer: [] + summary: List JIRA Projects + tags: + - JIRA +servers: +- url: https://api.strata.paloaltonetworks.com +tags: +- description: 'Get registered application + + ' + name: Registered Application +- description: "Get authorization details for the given application. \n" + name: Authorization information +- description: "Get catalog information for the application. \n" + name: Catalog Information +- description: 'Get JIRA issue details. + + ' + name: JIRA Issue diff --git a/products/sase/api/sspm/sspm-api-workflow.md b/products/sase/api/sspm/sspm-api-workflow.md new file mode 100644 index 000000000..01013c52c --- /dev/null +++ b/products/sase/api/sspm/sspm-api-workflow.md @@ -0,0 +1,146 @@ +--- +id: sspm-api-workflow +title: API Workflow +sidebar_label: SaaS Security Posture Management API workflow +keywords: + - SASE + - Reference + - API +--- +SaaS Security Posture Management(SSPM) APIs enable you to manage onboarded SaaS applications, retrieve configuration details, and handle integrations efficiently. + +## Summary +This guide provides a structured workflow to: +- Retrieve onboarded and cataloged applications. +- Access detailed app configurations and settings. +- Manage common controls for enhanced security. +- Handle integration projects and resolve issues. + +### 1. Retrieve the list of onboarded applications +Use the [List of Applications](/sase/api/sspm/get-sspm-api-v-1-apps/) API to fetch all onboarded SaaS applications. Each application includes an `app_id`, which you will use in subsequent API calls. Refer to the [SaaS Onboarding Guide](https://docs.paloaltonetworks.com/saas-security/saas-security-admin/saas-security-sspm/onboard-saas-apps-supported-by-sspm/onboarding-overview-for-supported-saas-apps) for onboarding details. + +#### Request Example +```bash +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/apps' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +### 2. Fetch details for an onboarded application +Use the `app_id` from the previous step to access detailed information about a specific onboarded application. + +#### Fetch basic details +Use the [Application Details](/sase/api/sspm/get-sspm-api-v-1-apps-app-id/) API to retrieve the application's basic details. + +#### Request Example +```bash +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/apps/:app_id' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +#### Retrieve configuration details +Call [Application Configuration](/sase/api/sspm/get-sspm-api-v-1-apps-app-id-configs/) to fetch configuration details. + +#### Request Example +```bash +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/apps/:app_id/configs' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +#### Access application settings +Use the [Application Settings](/sase/api/sspm/get-sspm-api-v-1-apps-app-id-settings/) API to access specific settings. + +#### Request Example +```bash +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/apps/:app_id/settings' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +### 3. Retrieve the catalog of supported SSPM applications +Use the [Supported SSPM Application Catalog](/sase/api/sspm/get-sspm-api-v-1-catalog-apps/) API to fetch a list of all supported applications. Each catalog entry includes an app name for further API calls. + +#### Request Example +```bash +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/catalog/apps' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +#### Fetch catalog application details +Retrieve detailed information about a specific app using the app name. + +#### Request Example +```bash +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +#### Fetch configuration details +Call the [Configuration Details](/sase/api/sspm/get-sspm-api-v-1-catalog-apps-app-configs/) API to retrieve configuration settings. + +#### Request Example +```bash +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app/configs' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +#### Retrieve application catalog scope information +Use the [Application Catalog Scope](/sase/api/sspm/get-sspm-api-v-1-catalog-apps-app-scopes/) API to access scope details. + +#### Request Example +```bash +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app/scopes' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +#### Fetch authentication details +Call [Application Authorization](/sase/api/sspm/get-sspm-api-v-1-auth-app-info/) to retrieve authentication details. + +#### Request Example +```bash +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/auth/:app/info' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +### 4. Retrieve common control details +Find `common_control` or `common_control_id` values in the responses from: +- `/sspm/api/v1/apps/{app_id}/configs` +- `/sspm/api/v1/catalog/apps/{app}/configs` + +Then, call the `/sspm/api/v1/catalog/controls/{common_control_id}` API to retrieve detailed information about the common control. + +### 5. Retrieve integration projects +Call [JIRA Ticket Details](/sase/api/sspm/get-sspm-api-v-1-integration-integrations-integration-id-integration-type-projects/) to get a list of integration projects for a specific `integration_id`. The response includes project keys for further actions. + +#### Request Example +```bash +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/integration/integrations/:integration_id/:JIRA_TICKETING/projects' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +#### Fetch specific project details +Use [Specific Project Details](/sase/api/sspm/get-sspm-api-v-1-integration-integrations-integration-id-integration-type-project-key/) to retrieve details about a project. The response includes issue keys for further steps. + +#### Request Example +```bash +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/integration/integrations/:integration_id/:JIRA_TICKETING/project/:key' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +### 6. Fetch details for a specific issue +Call [Specific Issue Details](/sase/api/sspm/get-sspm-api-v-1-integration-integrations-integration-id-integration-type-issue-key/) to retrieve information about a specific issue using the issue key. + +#### Request Example +```bash +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/integration/integrations/:integration_id/:JIRA_TICKETING/issue/:key' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' diff --git a/products/sase/api/sspm/sspm-introduction.md b/products/sase/api/sspm/sspm-introduction.md new file mode 100644 index 000000000..057893e33 --- /dev/null +++ b/products/sase/api/sspm/sspm-introduction.md @@ -0,0 +1,37 @@ +--- +id: sspm-introduction +title: SaaS Security Posture Management APIs +sidebar_label: Security Posture Management APIs +slug: /sase/api/sspm +keywords: + - SASE + - Reference + - API +--- + +SaaS Security Posture Management (SSPM) APIs provide tools for continuous monitoring, detection of misconfigured SaaS application settings. + +### Why Use SSPM APIs? +Integrate SSPM APIs to: +- Monitor and manage security configurations. +- Ensure compliance with security best practices. + +### Key Features +- Misconfiguration detection and prioritization. +- **Monitor SSPM Service and SaaS Integrations**: Track the health and status of the SSPM service and integrated SaaS applications, with real-time feature state monitoring and automated scans. + +### How SSPM Works +1. **Discover SaaS Applications**: Onboard and monitor SaaS application. +2. **Analyze Configurations**: Fetch assessments and detect misconfigurations. +3. **Remediate Issues**: Resolve misconfigurations programmatically. +4. **Monitor Continuously**: Keep apps secure through automated monitoring. + +### Prerequisites +- Access to SSPM. +- API token for authentication. + +For more information about SSPM, see +[SaaS Security Posture Management](https://docs.paloaltonetworks.com/saas-security/saas-security-admin/saas-security-sspm/get-started-with-sspm/whats-sspm) + +These APIs use the [common SASE authentication](/sase/docs/getstarted) for service access and authorization. + diff --git a/products/sase/sidebars.ts b/products/sase/sidebars.ts index b784534ff..d9547b789 100644 --- a/products/sase/sidebars.ts +++ b/products/sase/sidebars.ts @@ -303,6 +303,11 @@ module.exports = { "sase/api/mt-interconnect/mt-interconnect", require("./api/mt-interconnect/sidebar"), ], + securityposture: [ + "sase/api/sspm/sspm-introduction", + "sase/api/sspm/sspm-api-workflow", + require("./api/sspm/sidebar"), + ], sasesubscription: [ "sase/api/subscription/subscription-api", require("./api/subscription/sidebar"),